Computer network security data management system and method

US 20050171969A1
Filed: 10/23/2004
Published: 08/04/2005
Est. Priority Date: 10/24/2003
Status: Abandoned Application

First Claim

Patent Images

1. A method for compiling data constructs each corresponding to the structure of security data received from a network component comprising the steps of:

(a) identifying sets of data categories, each set corresponding to security data received from one of a plurality of network components;

(b) constructing database record definitions, each defining a record subdivided in accordance with one of the sets of data categories;

(c) receiving security data from the network components and output records, each record corresponding to one of the data constructs; and

(d) storing the data constructs.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A software based system for compiling security data from an information network includes at least two network components, each providing data. A data parser is coupled to certain of the network'"'"'s components. The data parser has access to two parser scripts that correspond to the network'"'"'s component data. Categorized data is produced by applying the parser scripts to the data received from the network'"'"'s components.

8 Citations

28 Claims

1. A method for compiling data constructs each corresponding to the structure of security data received from a network component comprising the steps of:
- (a) identifying sets of data categories, each set corresponding to security data received from one of a plurality of network components;
  
  (b) constructing database record definitions, each defining a record subdivided in accordance with one of the sets of data categories;
  
  (c) receiving security data from the network components and output records, each record corresponding to one of the data constructs; and
  
  (d) storing the data constructs.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 further comprising the steps of:
    - (e) determining the format of each category in said sets;
      
      (f) formatting the subdivisions to match the formats of the categories of the set to which the definition corresponds; and
      
      wherein each of the output records of step (c) correspond in format to one of the record definitions.
  - 3. The method of claim 1 further comprising the steps of:
    - (e) building database tables in a relational database each having the fields of one of the database record definitions; and
      
      (f) inserting output records received from the data interface operating per defined data constructs into the tables.
  - 4. The method of claim 2 further comprising the steps of:
    - (g) building database tables in a relational database each having the fields and formats of one of the database record definitions; and
      
      (h) inserting output records received from the data interface operating per the defined data constructs into the tables.
  - 5. The method of claim 1 wherein:
    - at least one of the sets of data categories is identified, at least in part, from the product specifications of the network components.
  - 6. The method of claim 1 wherein:
    - at least one of the sets of data categories is identified, at least in part, by applying a Management Information Base (MIB) integrator to a Management Information Base for the corresponding network component.

7. An information network security data compilation system, comprising:
- (a) a first network component;
  
  (b) a second network component; and
  
  (c) a data interface coupled to the first and second network components having access to a first data construct and a second data construct, the data interface being operable to produce categorized data from the data received from the first and second network components, the data interface operating with the first and second data constructs, respectively.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 8. The data compilation system of claim 7 wherein:
    - (a) the first network component is a firewall; and
      
      (b) the second network component is an intrusion detection system.
  - 9. The data compilation system of claim 7 further comprising:
    - a third network component; and
      
      a distributed data manager, wherein the data interface is coupled to the second and third network components through the distributed data manager which collects and compresses data from the second and third network components and forwards the compressed data to the data interface.
  - 10. The data compilation system of claim 7 further comprising:
    - a third network component;
      
      a second data interface coupled to the third component having access to a data interface operating with a third data construct, the data interface operating with the second data construct, and operable to produce categorized data from the data received from the third network component with the third data construct; and
      
      a relational database coupled to the data interface operating with the first and second data constructs.
  - 11. The data compilation system of claim 7 further comprising:
    - a display coupled to the data interface; and
      
      a relational database coupled between the data interface and the display, and wherein the data interface transfers the -categorized data to the relational database.
  - 12. The data compilation system of claim 11 wherein the relational database receives a data query, and the display shows a portion of the categorized data, up to and including all the data, from the relational database, corresponding to the data query.
  - 13. The data compilation system of claim 12 wherein:
    - the data queries are submitted and the portions are shown through a webbrowser interface.
  - 14. The data compilation system of claim 7 further comprising:
    - an event detector coupled to the data interface, wherein the event detector compares the categorized data to a predetermined event definition and provides a signal if a match is found.
  - 15. The data compilation system of claim 7 further comprising:
    - an information technology agent, wherein the network component is programmed by software, the agent collects security data from the software, and the data provided from the first network component is the security data collected by the agent.
  - 16. The data compilation system of claim 7, wherein the data interface produces formatted and categorized data.
  - 17. The data compilation system of claim 7, wherein data from the first network component is security data and data from the second network component is security data.
  - 18. The data compilation system of claim 7, wherein data from the first network component is encrypted and decrypted.

19-26. -26. (canceled)

27. A method of compiling network security data comprising the steps of:
- (a) collecting security data from a plurality of network components, the plurality of network components including at least a firewall and an intrusion detection system, and one of the network components is programmable by software and an information technology agent communicates with the software to collect the security data;
  
  (b) accessing a plurality of different data constructs, each construct corresponding to a network component;
  
  (c) applying the plurality of different data constructs to the security data to produce categorized and formatted data;
  
  (d) storing the categorized and formatted data;
  
  (e) transmitting the categorized and formatted data to a relational database;
  
  (f) providing a user interface for submitting queries to the relational database;
  
  (g) displaying the categorized and formatted data, or a subset thereof, in accordance with submitted queries;
  
  (e) comparing the categorized and formatted data to at least one predetermined event definition; and
  
  (f) generating a signal if the data matches at least one event definitions.
- View Dependent Claims (28)
- - 28. The method of claim 27, wherein the step of collecting security data occurs in real time, and step (e) occurs prior to step (d), and step (d) comprises storing the categorized and formatted data in the relational database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kathy Maida-Smith, Steve W. Engle
Original Assignee
Kathy Maida-Smith, Steve W. Engle
Inventors
Engle, Steve W., Maida-Smith, Kathy

Application Number

US10/971,773
Publication Number

US 20050171969A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 41/0213   Standardised network manage...

H04L 43/0805   by checking availability

H04L 43/0876   Network utilisation, e.g. v...

H04L 63/20   for managing network securi...

Computer network security data management system and method

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

8 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Computer network security data management system and method

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links