Secure enterprise network
First Claim
1. A method of implementing a security system (Packet Sentry (PS)) addressing the internal security problem of enterprises having a generalized approach for inferential determination with directory service based group correlation.
7 Assignments
0 Petitions
Accused Products
Abstract
What is proposed is a method of implementing a security system (Packet Sentry) addressing the internal security problem of enterprises having a generalized approach for inferential determination and enforcement of network policy with directory service based group correlation with transparent authentication of the connected customer and the policy enforcement inside the network. The security system enables the network to analyze and enforce policy using any bit or bits in a stream or a packet, conduct Flow Vector analysis on the data traffic, provide Application Monitoring, Normalization and user authentication validation. The system enables the network to implement Group relationship Analysis and correlation using combination of Network inferences and Directory service data resulting in generation of Group norms using statistically significant relationships. These will provide a more secure enterprise environment where data security levels can be enforced and the usage monitored effectively in the infrastructure.
-
Citations
23 Claims
- 1. A method of implementing a security system (Packet Sentry (PS)) addressing the internal security problem of enterprises having a generalized approach for inferential determination with directory service based group correlation.
- 5. A Security system, (Packet Sentry (PS)), solution is disclosed for addressing internal security problem of enterprises having a generalized approach for inferential determination and enforcement of network policy with directory service based group correlation having capability to transparently handle authentication verification and implement transparent policy enforcement in a fabric of a network.
- 12. A Security system, (Packet Sentry (PS)), solution is disclosed for the internal security problem of enterprises having a generalized approach for inferential determination and enforcement of network policy with directory service based group correlation having capability to do Information Flow vector analysis based on characteristics of the flows such as bit rates, packet sizes, ratios of data packets to control packets, ratios of forward to reverse flows and content weighted rates.
- 15. A Security system, (Packet Sentry (PS)), solution is disclosed for the internal security problem of enterprises having a generalized approach for inferential determination and enforcement of network policy with directory service based group correlation having ability for application monitoring, flow normalization, user behavioral check and user authentication validation on an individual and a group level from which analyze on a network-level which groups access a resource and then to generate statistically significant relationships of the groups of users who have access to a set of resources in a network.
- 19. A Security system, (Packet Sentry (PS)), solution is disclosed for the internal security problem of enterprises having a generalized approach for inferential determination and enforcement of network policy with directory service based group correlation having ability to create policies and enforce them using information available on any bit or bits in a data stream.
-
23. A Security system, (Packet Sentry (PS)), solution is disclosed for the internal security problem of enterprises having a generalized approach for inferential determination and enforcement of network policy with directory service based group correlation having capability for
transparently handle authentication verification and implement transparent policy enforcement in a fabric of a network; -
do Information Flow vector analysis;
implement application monitoring, normalization, user behavioral check and user authentication validation on an individual and group level;
conduct group relationship analysis and correlation using a combination of network Inference and directory services data and from this to generate group norms using statistically significant relationships for use by the security system (Packet Sentry);
create policies and enforce them using information available on any bit or bits of the data stream;
-
Specification