Early warning system for network attacks
First Claim
Patent Images
23. A computer implemented method for analysis of network security events, the method comprising:
- obtaining security event data that was initially gathered by at least one security device;
converting the security event data into common, vendor-independent security event types;
analyzing the security event data to determine a number of occurrences for at least one security event type and to identify linked series of security events within the security event data;
determining identification information for originating parties of at least one security event; and
preparing an alert describing results from the analyzing step for at least one security event.
2 Assignments
0 Petitions
Accused Products
Abstract
Security events based on network message traffic and other network security information are analyzed to identify validated security threats occurring on one or more networks. Alerts are prepared based on the results of the security analysis.
-
Citations
121 Claims
-
23. A computer implemented method for analysis of network security events, the method comprising:
-
obtaining security event data that was initially gathered by at least one security device;
converting the security event data into common, vendor-independent security event types;
analyzing the security event data to determine a number of occurrences for at least one security event type and to identify linked series of security events within the security event data;
determining identification information for originating parties of at least one security event; and
preparing an alert describing results from the analyzing step for at least one security event. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A computer implemented method for identifying validated network security threats, the method comprising:
-
obtaining security event data that was initially gathered by at least one security device;
performing a security event analysis on the security event data to identify validated security threats; and
preparing an alert based on the identified validated security threats. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64)
-
-
65. A computer implemented method for identifying network security incidents, the method comprising:
-
obtaining security event data that was initially gathered by at least one security device;
analyzing the security event data to determine a frequency of occurrence for at least one security event type and to identify linked series of security events within the security event data;
comparing the analyzed security event data with a listing of validated security threats; and
preparing an alert based on the results of the analyzing and comparing steps.
-
-
66. A computer system for the early detection of validated security threats, the computer system comprising:
-
a software portion configured for obtaining security event data initially gathered by a plurality of security devices;
a software portion configured for converting the security event data into common, vendor-independent security event types;
a software portion configured for performing a security event analysis on the security event data to identify validated security threats; and
a software portion configured for preparing an alert based on the identified validated security threats. - View Dependent Claims (1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 67, 68, 69, 70, 71, 72, 73, 74)
-
-
69-1. The computer system of claim 68, wherein the software portion configured for identifying the linked series of security events comprises a software portion configured for detecting a series of security events occurring in a specific sequence.
-
75. A computer system for analysis of network security events, the computer system comprising:
-
a software portion configured for obtaining security event data that was initially gathered by at least one security device;
a software portion configured for analyzing the security event data to determine a number of occurrences for at least one security event type and to identify linked series of security events within the security event data;
a software portion configured for determining identification information for originating parties of at least one security event; and
a software portion configured for preparing an alert describing results from the analyzing step for at least one security event. - View Dependent Claims (76, 77, 78, 79, 80, 81, 82, 83)
-
-
84. A computer system for the early detection of validated security threats, the computer system comprising:
-
means for obtaining security event data initially gathered by a plurality of security devices;
means for converting the security event data into common, vendor-independent security event types;
means for performing a security event analysis on the security event data to identify validated security threats; and
means for preparing an alert based on the identified validated security threats. - View Dependent Claims (85, 86, 87, 88, 89, 90, 91, 92, 93)
-
-
94. A computer system for analysis of network security events, the computer system comprising:
-
means for obtaining security event data that was initially gathered by at least one security device;
means for analyzing the security event data to determine a number of occurrences for at least one security event type and to identify linked series of security events within the security event data;
means for determining identification information for originating parties of at least one security event; and
means for preparing an alert describing results from the analyzing step for at least one security event. - View Dependent Claims (95, 96, 97, 98, 99, 100, 101, 102)
-
-
103. A computer program product for the early detection of validated security threats, the computer program product comprising:
-
program code for obtaining security event data initially gathered by a plurality of security devices;
program code for converting the security event data into common, vendor-independent security event types;
program code for performing a security event analysis on the security event data to identify validated security threats; and
program code for preparing an alert based on the identified validated security threats. - View Dependent Claims (104, 105, 106, 107, 108, 109, 110, 111, 112)
-
-
113. A computer program product for analysis of network security events, the computer program product comprising:
-
program code for obtaining security event data that was initially gathered by at least one security device;
program code for analyzing the security event data to determine a number of occurrences for at least one security event type and to identify linked series of security events within the security event data;
program code for determining identification information for originating parties of at least one security event; and
program code for preparing an alert describing results from the analyzing step for at least one security event. - View Dependent Claims (114, 115, 116, 117, 118, 119, 120, 121)
-
Specification