Isolation approach for network users associated with elevated risk
First Claim
Patent Images
1. A method, comprising the computer-implemented steps of:
- determining a user identifier associated with a network device that has caused a security event in a network;
causing the network device to receive a network address that is selected from a subset of addresses within a specified pool associated with suspected malicious network users; and
configuring one or more security restrictions with respect to the selected network address.
1 Assignment
0 Petitions
Accused Products
Abstract
An isolation approach for network users associated with elevated risk is disclosed for protecting networks. In one approach a method comprises the computer-implemented steps of determining a user identifier associated with a network device that has caused a security event in a network; causing the network device to receive a network address that is selected from a subset of addresses within a specified pool associated with suspected malicious network users; and configuring one or more security restrictions with respect to the selected network address.
-
Citations
26 Claims
-
1. A method, comprising the computer-implemented steps of:
-
determining a user identifier associated with a network device that has caused a security event in a network;
causing the network device to receive a network address that is selected from a subset of addresses within a specified pool associated with suspected malicious network users; and
configuring one or more security restrictions with respect to the selected network address. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 21, 22, 23)
-
-
14. A method, comprising the computer-implemented steps of:
-
receiving information identifying a security event in a network;
correlating the security event information with network user information to result in determining a network user associated with the network device, placing the user in an elevated risk security group;
configuring one or more security restrictions with respect to the selected network address;
determining whether a malicious act caused the security event;
if a malicious act caused the security event, then providing information about the security event or malicious act to a security decision controller;
if a malicious act did not cause the security event, then removing the user from the elevated risk group. - View Dependent Claims (15, 16, 17, 24, 25, 26)
-
-
18. A computer-readable medium carrying one or more sequences of instructions, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
-
determining a user identifier associated with a network device that has caused a security event in a network;
causing the network device to receive a network address that is selected from a subset of addresses within a specified pool associated with suspected malicious network users; and
configuring one or more security restrictions with respect to the selected network address.
-
-
19. An apparatus, comprising:
-
means for determining a user identifier associated with a network device that has caused a security event in a network;
means for causing the network device to receive a network address that is selected from a subset of addresses within a specified pool associated with suspected malicious network users; and
means for configuring one or more security restrictions with respect to the selected network address.
-
-
20. An apparatus, comprising:
-
a network interface that is coupled to a data network for receiving one or more packet flows therefrom;
a processor;
one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
determining a user identifier associated with a network device that has caused a security event in a network;
causing the network device to receive a network address that is selected from a subset of addresses within a specified pool associated with suspected malicious network users; and
configuring one or more security restrictions with respect to the selected network address.
-
Specification