Method and system for implementing security devices in a network
First Claim
1. A method for communicating among a plurality of security modules for providing security for a computing network comprising:
- coupling a first security module and a second security module to an interface module;
identifying the first security module and the second security module with the interface module;
extracting a message identifier from a first definition corresponding to the first security module and extracting the same message identifier from a second definition corresponding to the second security module;
storing the message identifier in the interface module;
creating a message using the message identifier in the interface module and the first security module;
placing the message in a shared memory;
receiving a subscription request at the interface module from the second security module for the message identifier; and
using the message identifier and the subscription request at the interface module to notify the second security module of the message in the shared memory.
3 Assignments
0 Petitions
Accused Products
Abstract
Supporting the implementation and collaboration of a variety of security modules in a distributed computing network. A security interface provides a universal platform for coupling security modules to the network. The various security modules are linked to and provide identifying information to the security interface. The security interface also receives subscription requests used to coordinate which security modules will communicate. When a security event occurs, a message can be generated by the relevant security module. The security interface shares the message with those security modules that have subscribed to the relevant security module. The sharing of security information enables better performance by the entire network security system.
-
Citations
57 Claims
-
1. A method for communicating among a plurality of security modules for providing security for a computing network comprising:
-
coupling a first security module and a second security module to an interface module;
identifying the first security module and the second security module with the interface module;
extracting a message identifier from a first definition corresponding to the first security module and extracting the same message identifier from a second definition corresponding to the second security module;
storing the message identifier in the interface module;
creating a message using the message identifier in the interface module and the first security module;
placing the message in a shared memory;
receiving a subscription request at the interface module from the second security module for the message identifier; and
using the message identifier and the subscription request at the interface module to notify the second security module of the message in the shared memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 27, 28, 29, 30, 31, 32, 33, 34, 36, 37, 38, 39, 40, 41)
-
-
12. A method for integrating a plurality of security modules comprising like or different security technologies to provide enhanced security for a computing network comprising:
-
identifying a first security module and a second security module with an interface module;
extracting a message identifier from a first definition associated with the first security module and extracting the same message identifier from a second definition associated with the second security module;
storing the message identifier in the interface module;
receiving a subscription request at the interface module from the second security module for the message identifier.
-
-
26. A method for communicating between a plurality of security modules in a computing network comprising the steps of:
-
detecting a security event at a first security module;
in response to the security event, building a first message using the first security module and an interface module;
storing the first message in the interface module;
reviewing a subscription request from a second security module at the interface module; and
in response to the subscription request, notifying the second security module of the first message in the interface module.
-
-
35. A system for coordinating the use of a plurality of security modules in a computing network comprising:
-
a first security module coupled to the computing network, the first security module operable for one or more of detecting, responding, or acting on a security event;
a second security module coupled to the computing network, the second security module operable for one or more of detecting, responding, or acting on a security event; and
an interface module coupled to the first security module and the second security module, the interface module operable for supporting communication between the first security module and the second security module.
-
-
42. A method for integrating a plurality of security modules for use in providing security for a computing network comprising:
-
coupling a first security module and a second security module to an interface module;
identifying the first security module and the second security module with the interface module;
receiving at the interface a message identifier from the first security module and the same message identifier from the second security module;
storing the message identifier in the interface module;
receiving a subscription request at the interface module from the second security module;
creating a first message in response to an event received at the first security module, the message created using the first security module, the message identifier, and the interface module;
storing the first message in the interface module; and
sharing the first message with the second security module in response to the subscription request. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51)
-
-
52. A method for integrating a plurality of security modules for use in providing security for a computing network comprising:
-
coupling an intrusion detection module and an assessment module to an interface module;
identifying the intrusion detection module and the assessment module to the interface module;
extracting a message identifier from the intrusion detection module and the same message identifier from the assessment module;
storing the message identifier in the interface module;
receiving a subscription request at the interface module from the assessment module;
creating a message using the message identifier at the intrusion detection module in response to a security event;
placing the message in the interface module; and
using the message identifier to notify the assessment module of the message in the interface module in response to the subscription request. - View Dependent Claims (53, 54, 55, 56, 57)
-
Specification