System and method of characterizing and managing electronic traffic

US 20060026679A1
Filed: 07/29/2005
Published: 02/02/2006
Est. Priority Date: 07/29/2004
Status: Abandoned Application

First Claim

Patent Images

1. A computer-based method for enabling a central manager device to create and distribute different sets of network traffic rules to a plurality of traffic sensor devices, the method comprising the steps of:

storing rules in a master directory located at the central manager device, wherein the rules are based at least in part on network user information or network traffic profiles;

receiving a user'"'"'s network traffic information at the central manager device from one of the plurality of traffic sensor devices, the user'"'"'s network traffic information including user information;

determining a set of rules based on the received user'"'"'s traffic information;

selecting one or more of the plurality traffic sensors to receive the set of rules based on at least one or more properties of the traffic sensor devices;

distributing the set of rules to one or more selected traffic sensor devices.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for monitoring and dynamically managing all user traffic at point of log-in and throughout a user'"'"'s network experience. Rules may be enforced based on observed traffic of users at and after log-in and up until log off. The system automatically detects network traffic and dynamically responds to potential attacks with extremely high speed and efficiency. Rich Traffic Analysis (RTA) offers greater network traffic characterization accuracy, detection speed, network management options and intrusion prevention capabilities. The system has ability to view all network traffic in the full context of users, applications, data and system access which offers strong, verifiable and accurate protection of networked assets. The system employs several traffic sensor devices communicating with a central manager device enabling the high-speed characterization of each network packets traversing the network. This provides a more solid basis for legitimately taking action and enforcing rules on the observed traffic.

296 Citations

18 Claims

1. A computer-based method for enabling a central manager device to create and distribute different sets of network traffic rules to a plurality of traffic sensor devices, the method comprising the steps of:
- storing rules in a master directory located at the central manager device, wherein the rules are based at least in part on network user information or network traffic profiles;
  
  receiving a user'"'"'s network traffic information at the central manager device from one of the plurality of traffic sensor devices, the user'"'"'s network traffic information including user information;
  
  determining a set of rules based on the received user'"'"'s traffic information;
  
  selecting one or more of the plurality traffic sensors to receive the set of rules based on at least one or more properties of the traffic sensor devices;
  
  distributing the set of rules to one or more selected traffic sensor devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-based method of claim 1, wherein the user information includes one or more of:
    - network location, user device type, time of day, network address, device address, number of log-ins, and group membership.
  - 3. The computer-based method of claim 1 wherein the network traffic profiles include handshake data characterizing the content and timing of a series of message exchanges.
  - 4. The computer-based method of claim 1, wherein the properties of the network traffic sensor device includes network location, bandwidth capabilities, and network assets in proximity to the traffic sensor.
  - 5. The computer-based method of claim 1, wherein the step of determining a set of rules further includes, determining whether the user'"'"'s traffic information matches a network traffic profile.
  - 6. The computer-based method of claim 1, wherein a traffic sensor enforces rules based on observing traffic, including packets moving through the network.
  - 7. The computer-based method of claim 1, wherein user information includes group membership, the group membership indicating user permissions.
  - 8. The computer-based method of claim 1, wherein the determining step includes dynamically creating a new rule based on received user'"'"'s traffic information.
  - 9. The computer-based method of claim 1, wherein the determining step includes dynamically updating a rule based on received user'"'"'s traffic information.

10. A central manager system creating and distributing different sets of network traffic rules to a plurality of traffic sensor devices, the central manager system comprising:
- a master directory having means for storing rules, wherein the rules are based at least in part on network user information or network traffic profiles;
  
  an analysis component having means for receiving and analyzing a user'"'"'s network traffic information from one of the plurality of traffic sensor devices, the user'"'"'s network traffic information including user information;
  
  a control component having means for determining a set of rules based on the received user'"'"'s traffic information;
  
  means for selecting one or more of the plurality traffic sensors to receive the set of rules based on at least one or more properties of the traffic sensor devices;
  
  a distribution tool having means for distributing the set of rules to one or more selected traffic sensor devices.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10 wherein the user information includes one or more of:
    - network location, user device type, time of day, network address, device address, number of log-ins, and group membership.
  - 12. The system of claim 10, wherein the network traffic profiles include handshake data characterizing the content and timing of a series of messages.
  - 13. The system of claim 10, wherein the properties of the network traffic sensor device includes network location, bandwidth capabilities, and network assets in proximity to the traffic sensor.
  - 14. The system of claim 10, wherein the means for determining a set of rules further includes, determining whether the user'"'"'s traffic information matches a network traffic profile.
  - 15. The system of claim 10, wherein a traffic sensor enforces rules based on observing packets moving through the network.
  - 16. The system of claim 10 wherein user information includes group membership, group membership indicating user credential information
  - 17. The computer-based method of claim 10, wherein the means for determining includes, dynamically creating a new rule based on received user'"'"'s traffic information.
  - 18. The computer-based method of claim 10, wherein the means for determining includes, dynamically updating a rule based on received user'"'"'s traffic information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
INTELLI7
Original Assignee
INTELLI7
Inventors
Zakas, Phillip H.

Application Number

US11/192,410
Publication Number

US 20060026679A1
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

H04L 63/0218   Distributed architectures, ...

H04L 63/0236   Filtering by address, proto...

H04L 63/0263   Rule management

H04L 63/04   for providing a confidentia...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/1408   by monitoring network traff...

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

H04L 9/40   Network security protocols

System and method of characterizing and managing electronic traffic

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

296 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of characterizing and managing electronic traffic

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

296 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links