Method and system for implementing security devices in a network

US 20020184532A1
Filed: 05/31/2002
Published: 12/05/2002
Est. Priority Date: 05/31/2001
Status: Active Grant

First Claim

Patent Images

1. A method for communicating among a plurality of security modules for providing security for a computing network comprising:

coupling a first security module and a second security module to an interface module;

identifying the first security module and the second security module with the interface module;

extracting a message identifier from a first definition corresponding to the first security module and extracting the same message identifier from a second definition corresponding to the second security module;

storing the message identifier in the interface module;

creating a message using the message identifier in the interface module and the first security module;

placing the message in a shared memory;

receiving a subscription request at the interface module from the second security module for the message identifier; and

using the message identifier and the subscription request at the interface module to notify the second security module of the message in the shared memory.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Supporting the implementation and collaboration of a variety of security modules in a distributed computing network. A security interface provides a universal platform for coupling security modules to the network. The various security modules are linked to and provide identifying information to the security interface. The security interface also receives subscription requests used to coordinate which security modules will communicate. When a security event occurs, a message can be generated by the relevant security module. The security interface shares the message with those security modules that have subscribed to the relevant security module. The sharing of security information enables better performance by the entire network security system.

Citations

57 Claims

1. A method for communicating among a plurality of security modules for providing security for a computing network comprising:
- coupling a first security module and a second security module to an interface module;
  
  identifying the first security module and the second security module with the interface module;
  
  extracting a message identifier from a first definition corresponding to the first security module and extracting the same message identifier from a second definition corresponding to the second security module;
  
  storing the message identifier in the interface module;
  
  creating a message using the message identifier in the interface module and the first security module;
  
  placing the message in a shared memory;
  
  receiving a subscription request at the interface module from the second security module for the message identifier; and
  
  using the message identifier and the subscription request at the interface module to notify the second security module of the message in the shared memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 27, 28, 29, 30, 31, 32, 33, 34, 36, 37, 38, 39, 40, 41)
- - 2. The method of claim 1, further comprising the step of reviewing the message in the shared memory by the second security module.
  - 3. The method of claim 1, further comprising the step of filtering the message in the shared memory.
  - 4. The method of claim 1, further comprising the step of identifying a processor within the second security module for processing the message in the shared memory.
  - 5. The method of claim 1, wherein the step of creating a message is performed in response to an event received at the first security module.
  - 6. The method of claim 1, wherein the step of creating a message further comprises:
    - receiving an event at the first security module; and
      
      evaluating the event to determine whether a message should be created.
  - 7. The method of claim 1, further comprising the step of receiving a subscription request at the interface module from a third security module for the message identifier.
  - 8. The method of claim 1, further comprising the step of running a configuration check on the first security module and the second security module.
  - 9. The method of claim 1, wherein the message identifier comprises a name and a message format.
  - 10. The method of claim 1, wherein the interface is connected to the computing network for which security is being provided.
  - 11. A computer-.readable medium having computer-executable instructions for performing the steps recited in claim 1.
  - 13. The method of claim 12, wherein the first definition and the second definition are stored in a file distinct from the first security module and the second security module.
  - 14. The method of claim 12, wherein the first definition is stored in the first security module and the second definition is stored in the second security module.
  - 15. The method of claim 12, further comprising the step of creating a first message using the first security module, the message identifier, and the interface module.
  - 16. The method of claim 15, further comprising the step of storing the first message in the interface module.
  - 17. The method of claim 16, further comprising the step of sharing the first message with the second security module in response to the subscription request.
  - 18. The method of claim 17, further comprising the step of creating a second message in response to the first message using the second security module, the message identifier, and the interface module.
  - 19. The method of claim 12, further comprising the step of creating a message and extracting the definition of the message from the first definition associated with the first security module.
  - 20. The method of claim 12, further comprising the step of creating a message and extracting the definition of the message from a second definition associated with the second security module.
  - 21. The method of claim 12, wherein the subscription request from the second security module is for particular messages from the first security module.
  - 22. The method of claim 15, wherein the step of creating a first message is performed in response to all event received at the first security module.
  - 23. The method of claim 15, wherein a third security module subscribes to and receives the first message.
  - 24. The method of claim 15, wherein a third security module can send a response message using the message identifier.
  - 25. A computer-readable medium having computer-executable instructions for performing the steps recited in claim 12.
  - 27. The method of claim 26, further comprising the step of sharing the first message with the second security module.
  - 28. The method of claim 26, further comprising the step of filtering the first message.
  - 29. The method of claim 26, further comprising the step of identifying a processor associated with the second security module for processing the first message.
  - 30. The method of claim 26, further comprising the step of the first security module storing state data associated with the first message in a common memory.
  - 31. The method of claim 26, further comprising the step of building a second message using the second security module and the interface module.
  - 32. The method of claim 31, further comprising step of storing the second message in the interface module.
  - 33. The method of claim 31, further comprising the step of sharing the second message with a third security module in response to a subscription request received from the third security module.
  - 34. A computer-readable medium having computer-readable instructions for performing the steps recited in claim 26.
  - 36. The system of claim 35, wherein the first security module and the second security module are coupled to the computing network through the interface module.
  - 37. The system of claim 35, wherein the first security module comprises a first definition comprising formatting and processing data.
  - 38. The system of claim 35, wherein the interface module further comprises a shared memory operable for storing a message received from the first security module.
  - 39. The system of claim 38, wherein the second security module comprises a second queue for receiving notification of the message stored in the shared memory.
  - 40. The system of claim 35, wherein the first security module is further coupled to a first common memory for storing data associated with a message.
  - 41. The system of claim 35, wherein the interface module is further coupled to an administration system for providing security policy instructions.

12. A method for integrating a plurality of security modules comprising like or different security technologies to provide enhanced security for a computing network comprising:
- identifying a first security module and a second security module with an interface module;
  
  extracting a message identifier from a first definition associated with the first security module and extracting the same message identifier from a second definition associated with the second security module;
  
  storing the message identifier in the interface module;
  
  receiving a subscription request at the interface module from the second security module for the message identifier.

26. A method for communicating between a plurality of security modules in a computing network comprising the steps of:
- detecting a security event at a first security module;
  
  in response to the security event, building a first message using the first security module and an interface module;
  
  storing the first message in the interface module;
  
  reviewing a subscription request from a second security module at the interface module; and
  
  in response to the subscription request, notifying the second security module of the first message in the interface module.

35. A system for coordinating the use of a plurality of security modules in a computing network comprising:
- a first security module coupled to the computing network, the first security module operable for one or more of detecting, responding, or acting on a security event;
  
  a second security module coupled to the computing network, the second security module operable for one or more of detecting, responding, or acting on a security event; and
  
  an interface module coupled to the first security module and the second security module, the interface module operable for supporting communication between the first security module and the second security module.

42. A method for integrating a plurality of security modules for use in providing security for a computing network comprising:
- coupling a first security module and a second security module to an interface module;
  
  identifying the first security module and the second security module with the interface module;
  
  receiving at the interface a message identifier from the first security module and the same message identifier from the second security module;
  
  storing the message identifier in the interface module;
  
  receiving a subscription request at the interface module from the second security module;
  
  creating a first message in response to an event received at the first security module, the message created using the first security module, the message identifier, and the interface module;
  
  storing the first message in the interface module; and
  
  sharing the first message with the second security module in response to the subscription request.
- View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51)
- - 43. The method of claim 42, further comprising the step of filtering the first message for the second security module.
  - 44. The method of claim 42, wherein the first message is stored within a shared memory in the interface module.
  - 45. The method of claim 42, further comprising the step of identifying a processor within the second security module for processing the first message.
  - 46. The method of claim 42, wherein the step of creating a message in response to an event further comprises evaluating the event to determine whether a message should be created.
  - 47. The method of claim 42, further comprising the steps of:
    - coupling a third security module to the interface module;
      
      identifying the third security module with the interface module; and
      
      receiving at the interface module the message identifier from the third security module.
  - 48. The method of claim 42, wherein the subscription request from the second security module is for messages only from the first security module.
  - 49. The method of claim 42, wherein the first security module and the second security module are directly connected to the computing network for which security is being provided.
  - 50. The method of claim 42, wherein the first security module and the second security module are connected through the interface module to the computing network for which security is being provided.
  - 51. A computer-readable medium having computer-executable instructions for performing the steps recited in claim 42.

52. A method for integrating a plurality of security modules for use in providing security for a computing network comprising:
- coupling an intrusion detection module and an assessment module to an interface module;
  
  identifying the intrusion detection module and the assessment module to the interface module;
  
  extracting a message identifier from the intrusion detection module and the same message identifier from the assessment module;
  
  storing the message identifier in the interface module;
  
  receiving a subscription request at the interface module from the assessment module;
  
  creating a message using the message identifier at the intrusion detection module in response to a security event;
  
  placing the message in the interface module; and
  
  using the message identifier to notify the assessment module of the message in the interface module in response to the subscription request.
- View Dependent Claims (53, 54, 55, 56, 57)
- - 53. The method of claim 52, further comprising the step of reviewing the message in the interface module by the assessment module.
  - 54. The method of claim 52, further comprising the step of filtering the message in the interface module for the assessment module.
  - 55. The method of claim 52, further comprising the step of creating a response message to the message using the assessment module, the message identifier, and the interface module.
  - 56. The method of claim 55, further comprising the step of placing the response message in the interface module.
  - 57. A computer-readable medium having computer-executable instructions for performing the steps recited in claim 52.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated (Kyndryl Holdings, Inc.)
Original Assignee
Internet Services LLC (IAC/InterActiveCorp)
Inventors
Hackenberger, William Frank, Wood, Christopher James, Hendry, Randy Jay

Granted Patent

US 7,562,388 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

Method and system for implementing security devices in a network

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

57 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for implementing security devices in a network

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

57 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links