Assessment tool
First Claim
Patent Images
1. An apparatus for adding network usage to an assessment framework by providing ability to capture and classify large volumes of network traffic efficiently based on a formal policy specification describing said traffic, said apparatus comprising:
- means for identifying network services;
means for identifying usage patterns of critical machines on said network;
means for analyzing routing patterns; and
thereby reducing errors and omissions during an assessment process.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for allowing a technique for continuously assessing the security of a network to be applicable to network assessment, by capturing and classifying large volumes of network traffic based on a formal policy, and applying such to both long-term and short-term network assessment.
155 Citations
29 Claims
-
1. An apparatus for adding network usage to an assessment framework by providing ability to capture and classify large volumes of network traffic efficiently based on a formal policy specification describing said traffic, said apparatus comprising:
-
means for identifying network services;
means for identifying usage patterns of critical machines on said network;
means for analyzing routing patterns; and
thereby reducing errors and omissions during an assessment process. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for an end user to add network usage to a network assessment process, said method comprising:
-
attaching a monitoring station to a network, wherein said station is nonintrusive to said network;
said station receiving network packets over a period of time;
removing undesirable network events of said received network packets;
performing data analysis on remaining network events; and
determining a list of network events from said analyzed remaining network events to use in said network assessment process. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A method for performing data analysis on a network packet or on a compressed file of network events, said method comprising:
-
creating a null policy denying all protocol actions of said network events;
setting a policy specification to said null policy;
running a policy engine over said network packet or said compressed file using said policy specification, and storing said results in a database;
examining said stored results using a query tool, and determining from said examined results network events in violation of said policy specification;
categorizing most frequent traffic from said violating network events based on predetermined input; and
repeating from running a policy engine with said categorized most frequent traffic until a small and manageable number of events remain. - View Dependent Claims (27, 28, 29)
-
Specification