System and method for security policy
First Claim
Patent Images
1. A system for analyzing network traffic to use in performing network and security assessments by listening on a subject network, interpreting events, and taking action, comprising:
- a policy specification file;
a network monitor processor for processing network packet data collected from said subject network; and
a policy monitoring component for receiving and processing said policy specification file, and receiving and processing said processed network packet data to assign dispositions to network events contained in said network packet data.
3 Assignments
0 Petitions
Accused Products
Abstract
A network security policy monitoring system and method for performing network and security assessments based on system-wide policy. Real network traffic is analyzed to identify abnormal traffic patterns, system vulnerabilities, and incorrect configuration of computer systems on a network, by listening on a network, logging events, and taking action.
434 Citations
40 Claims
-
1. A system for analyzing network traffic to use in performing network and security assessments by listening on a subject network, interpreting events, and taking action, comprising:
-
a policy specification file;
a network monitor processor for processing network packet data collected from said subject network; and
a policy monitoring component for receiving and processing said policy specification file, and receiving and processing said processed network packet data to assign dispositions to network events contained in said network packet data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for analyzing network traffic to use in performing network and security assessments by listening on a subject network, interpreting events, and taking action, said method comprising:
-
providing a policy specification file;
providing a network monitor processor for processing network packet data collected from said subject network; and
providing a policy monitoring component for receiving and processing said policy specification file, and receiving and processing said processed network packet data to assign dispositions to network events contained in said network packet data. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A method for interatively developing network security policy for a network, comprising:
-
creating an initial network security policy file;
ensuring said initial network security policy file is uploaded to a machine on said network;
running a network monitor on said network machine to collect said network traffic;
said network monitor outputting said collected network traffic in an output file, and passing said output file to a policy monitor;
said policy monitor analyzing said collected network traffic;
storing said analyzed network traffic in a database;
examining said analyzed network traffic in said database by querying said database using a query tool; and
modifying said initial network security policy file as needed until a comprehensive and desired policy file is attained. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
-
-
33. A system for interatively developing network security policy for a network, said system comprising:
-
means for creating an initial network security policy file;
means for ensuring said initial network security policy file is uploaded to a machine on said network;
means for running a network monitor on said machine to collect said network traffic;
means for said network monitor outputting said collected network traffic in an output file, and passing said output file to a policy monitor;
means for said policy monitor analyzing said collected network traffic;
means for storing said analyzed network traffic in a database;
means for examining said analyzed network traffic in said database by querying said database using a query tool; and
means for modifying said initial network security policy file as needed until a comprehensive and desired policy file is attained. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40)
-
Specification