Firewall system and method via feedback from broad-scope monitoring for intrusion detection
First Claim
1. A method of alerting at least one device in a networked computer system comprising a plurality of devices to an anomaly, at least one of the plurality of devices having a firewall, comprising:
- detecting an anomaly in the networked computer system;
determining which of the plurality of devices are anticipated to be affected by the anomaly; and
alerting the devices that are anticipated to be affected by the anomaly.
7 Assignments
0 Petitions
Accused Products
Abstract
A broad-scope intrusion detection system analyzes traffic coming into multiple hosts or other customers'"'"' computers or sites. This provides additional data for analysis as compared to systems that just analyze the traffic coming into one customer'"'"'s site. Additional detection schemes can be used to recognize patterns that would otherwise be difficult or impossible to recognize with just a single customer detector. Standard signature detection methods can be used. Additionally, new signatures can be used based on broad-scope analysis goals. An anomaly is detected in the computer system, and then it is determined which devices or devices are anticipated to be affected by the anomaly in the future. These anticipated devices are then alerted to the potential for the future anomaly. The anomaly can be an intrusion or an intrusion attempt or reconnaissance activity.
-
Citations
22 Claims
-
1. A method of alerting at least one device in a networked computer system comprising a plurality of devices to an anomaly, at least one of the plurality of devices having a firewall, comprising:
-
detecting an anomaly in the networked computer system;
determining which of the plurality of devices are anticipated to be affected by the anomaly; and
alerting the devices that are anticipated to be affected by the anomaly. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of alerting a device in a networked computer system comprising a plurality of devices to an anomaly, comprising:
-
detecting an anomaly at a first device in the computer system;
determining a device anticipated to be affected by the anomaly; and
alerting the device that is anticipated to be affected by the anomaly. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. An intrusion detection and alerting system for a computer network comprising:
-
a plurality of devices coupled to the computer network, each device adapted to at least one of;
sense data and provide the data to a data collection and processing center, and be adjustable; and
the data collection and processing center comprising a computer with a firewall coupled to the computer network, the data collection and processing center monitoring data communicated to at least a portion of the plurality of devices coupled to the network, detecting an anomaly in the network, determining which of the devices are anticipated to be affected by the anomaly, and alerting the devices. - View Dependent Claims (18, 19, 20, 21, 22)
-
Specification