Method and system for responding to network intrusions
First Claim
1. A method for responding to network intrusions, comprising:
- a) receiving an intrusion detection system (IDS) alert from an IDS sensor located in a network of computing resources, wherein said IDS alert indicates an unauthorized intrusion upon a remotely located computing resource in said network of computing resources;
b) identifying said IDS alert; and
c) determining an appropriate response to said IDS alert that is identified at a location separate from said remotely located computing resource so that said determining said appropriate response is unaffected by said unauthorized intrusion; and
d) automatically implementing said appropriate response to mitigate damage to said network of computing resources from said unauthorized intrusion.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for responding to network intrusions. Specifically, in one embodiment, the method begins by receiving an intrusion detection system (IDS) alert from an IDS sensor located in a network of computing resources. The IDS alert indicates an unauthorized intrusion upon a remotely located computing resource in the network of computing resources. The embodiment of the method continues by identifying the IDS alert. Then, the embodiment continues by determining an appropriate response to the IDS alert that is identified at a location separate from the remotely located computing resource so that the appropriate response is unaffected by the unauthorized intrusion. The embodiment of the method automatically implements the appropriate response to mitigate damage to the network of computing resources from the unauthorized intrusion.
29 Citations
33 Claims
-
1. A method for responding to network intrusions, comprising:
-
a) receiving an intrusion detection system (IDS) alert from an IDS sensor located in a network of computing resources, wherein said IDS alert indicates an unauthorized intrusion upon a remotely located computing resource in said network of computing resources;
b) identifying said IDS alert; and
c) determining an appropriate response to said IDS alert that is identified at a location separate from said remotely located computing resource so that said determining said appropriate response is unaffected by said unauthorized intrusion; and
d) automatically implementing said appropriate response to mitigate damage to said network of computing resources from said unauthorized intrusion. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for responding to network intrusions, comprising:
-
a) receiving an intrusion detection system (IDS) alert from an IDS sensor in a network of computing resources at a location separate from an infected computing resource, wherein said IDS alert indicates an unauthorized intrusion upon said infected computing resource in said network of computing resources, wherein implementation of a response to said IDS alert is unaffected by said unauthorized intrusion;
b) responding to said IDS alert by automatically interfacing with at least one switch in said network of computing resources to virtually reconfigure said at least one switch, an associated switch, in order to virtually isolate said computing resource from remaining computing resources in said network of computing resources; and
c) responding to said IDS alert by automatically interfacing with a power controller that controls power to said computing resource to shut power to said computing resource. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer system comprising:
-
a bus for communicating information associated with a method for responding to network intrusions;
a processor coupled to said bus for processing said information associated with said method for responding to network intrusions; and
a computer readable memory coupled to said processor containing program instructions, that when executed by said processor, implement said method for responding to network intrusions, comprising;
a) receiving an intrusion detection system (IDS) alert from an IDS sensor located in a network of computing resources, wherein said IDS alert indicates an unauthorized intrusion upon a remotely located computing resource in said network of computing resources;
b) identifying said IDS alert; and
c) determining an appropriate response to said IDS alert that is identified at a location separate from said remotely located computing resource so that said determining said appropriate response is unaffected by said unauthorized intrusion; and
d) automatically implementing said appropriate response to mitigate damage to said network of computing resources from said unauthorized intrusion. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification