Method and apparatus for verifying the integrity and security of computer networks and implementing counter measures
First Claim
1. A security system for a computer network, the network having a plurality of devices connected thereto, at least some of the devices generating event messages when the device is under an attack, each event message having an associated event, the security system comprising:
- (a) a security subsystem connected to at least the devices in the network that generate an event message when under attack, the security subsystem including;
(i) a collection engine which collects the event messages from the devices, and (ii) an event analyzer which analyzes the event messages to determine if any of the associated events exceed any predetermined thresholds;
(b) a master security system which receives the associated events that exceed any predetermined thresholds; and
(c) a first communication medium connected between the security subsystem and the master security system, the master security system receiving the associated events through the first communication medium.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for verifying the integrity of devices on a target network. The apparatus has security subsystems and a master security system hierarchically connected to the security subsystems via a secure link. The target network includes various intrusion detection devices, which may be part of the security subsystem. Each intrusion detection device generates a plurality of event messages when an attack on the network is detected. The security subsystem collects these event messages, correlates, and analyzes them, and performs network scanning processes. If certain events warrant additional scrutiny, they are uploaded to the master security system for review.
92 Citations
17 Claims
-
1. A security system for a computer network, the network having a plurality of devices connected thereto, at least some of the devices generating event messages when the device is under an attack, each event message having an associated event, the security system comprising:
-
(a) a security subsystem connected to at least the devices in the network that generate an event message when under attack, the security subsystem including;
(i) a collection engine which collects the event messages from the devices, and (ii) an event analyzer which analyzes the event messages to determine if any of the associated events exceed any predetermined thresholds;
(b) a master security system which receives the associated events that exceed any predetermined thresholds; and
(c) a first communication medium connected between the security subsystem and the master security system, the master security system receiving the associated events through the first communication medium. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A security system for a computer network, the network having a plurality of devices connected thereto, at least some of the devices generating event messages when the device is under an attack, each event message having an associated event, the security system comprising:
-
(a) a security subsystem connected to at least the devices in the network that generate an event message when under attack, the security subsystem including;
(i) a collection engine which collects the event messages from the devices, and (ii) an event analyzer which combines all event messages from the devices determined to be related to the same attack into a single security ticket;
(b) a master security system which receives the security tickets; and
(c) a first communication medium connected between the security subsystem and the master security system, the master security system receiving the security tickets through the first communication medium.
-
-
17. A security system for a computer network, the network having a plurality of devices connected thereto, at least some of the devices generating event messages when the device is under an attack, each event message having an associated event, the security system comprising:
-
(a) a security subsystem connected to at least the devices in the network that generate an event message when under attack, the security subsystem including;
(i) a collection engine which collects the event messages from at least the devices in the network that generate an event message when under attack, and (ii) an enterprise event analyzer which performs event correlation to correlate event messages collected by the collection engine to one particular threat or security event;
(b) a master security system which receives the correlated event messages; and
(c) a first communication medium connected between the security subsystem and the master security system, the master security system receiving the correlated event messages through the first communication medium.
-
Specification