Method and apparatus providing unified compliant network audit
First Claim
1. A method of performing a network security audit based on information flows among network elements, comprising the machine-implemented steps of:
- obtaining a network inventory that identifies one or more network elements of a packet-switched network;
determining how information packets flow through the one or more network elements;
determining a first threat level for each of the one or more network elements;
determining a second threat level for the network as a whole; and
providing a report of a network security audit based on the first and second threat levels.
1 Assignment
0 Petitions
Accused Products
Abstract
Information flow between network elements in a network enables a management system to capture a security knowledge base and to perform a static analysis of the network. In one embodiment, a method for performing a network security audit based on information flows among network elements comprises the machine-implemented steps of obtaining a network inventory that identifies one or more network elements of a packet-switched network; determining how information packets flow through the one or more network elements; determining a first threat level for each of the one or more network elements; determining a second threat level for the network as a whole; and providing a report of a network security audit based on the first and second threat levels.
97 Citations
41 Claims
-
1. A method of performing a network security audit based on information flows among network elements, comprising the machine-implemented steps of:
-
obtaining a network inventory that identifies one or more network elements of a packet-switched network;
determining how information packets flow through the one or more network elements;
determining a first threat level for each of the one or more network elements;
determining a second threat level for the network as a whole; and
providing a report of a network security audit based on the first and second threat levels. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method, comprising the machine-implemented steps of:
-
receiving user input that defines a security policy and a network monitoring policy, wherein the security policy is based on determining how information packets flow through the one or more network elements, determining a first threat level for each of the one or more network elements, and determining a second threat level for the network as a whole;
retrieving running configuration from the network elements;
validating the security policy against the running configuration;
based on the network monitoring policy, monitoring and auditing the network for one or more potential violations of the security policy; and
automatically performing one or more corrective actions in response to identifying one or more potential violations of the security policy.
-
-
12. A computer-readable medium for performing a network security audit based on information flows among network elements, comprising one or more sequences of computer program instructions, which instructions, when executed by one or more processors, cause the one or more processors to perform the steps of:
-
obtaining a network inventory that identifies one or more network elements of a packet-switched network;
determining how information packets flow through the one or more network elements;
determining a first threat level for each of the one or more network elements;
determining a second threat level for the network as a whole; and
providing a report of a network security audit based on the first and second threat levels. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. An apparatus configured for performing a network security audit based on information flows among network elements, comprising:
-
security policy definition logic;
a security policy database coupled to the security policy definition logic;
security policy compliance logic coupled to the security policy database; and
corrective action logic;
wherein the security policy compliance logic comprises one or more computer program instructions for obtaining a network inventory that identifies one or more network elements of a packet-switched network;
determining how information packets flow through the one or more network elements;
determining a first threat level for each of the one or more network elements;
determining a second threat level for the network as a whole; and
providing a report of a network security audit based on the first and second threat levels. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. An apparatus configured for performing a network security audit based on information flows among network elements, comprising:
-
means for obtaining a network inventory that identifies one or more network elements of a packet-switched network;
means for determining how information packets flow through the one or more network elements;
means for determining a first threat level for each of the one or more network elements;
means for determining a second threat level for the network as a whole; and
means for providing a report of a network security audit based on the first and second threat levels. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41)
-
Specification