Network data analysis and characterization model for implementation of secure enclaves within large corporate networks
First Claim
Patent Images
1. An apparatus to analyze traffic on a network, comprising:
- a database to store a plurality of packets forming said traffic;
a static traffic analyzer to identify static traffic in said plurality of packets;
a dynamic traffic analyzer to identify dynamic traffic in said plurality of packets; and
a host identifier to identify at least one host as a communication point from said static traffic and said dynamic traffic.
1 Assignment
0 Petitions
Accused Products
Abstract
A database stores information about known hosts, the applications or services they host, and the ports (known as confirmed ports) used by the applications/services. A static traffic analyzer analyzes traffic data and identifies packets communicating with (either sent to or received from) confirmed ports on hosts. A dynamic traffic analyzer analyzes the traffic data and identifies packets communicating with unconfirmed ports on hosts. A host identifier uses the resulting static and dynamic traffic to identify hosts for which firewall rules should be generated.
-
Citations
51 Claims
-
1. An apparatus to analyze traffic on a network, comprising:
-
a database to store a plurality of packets forming said traffic;
a static traffic analyzer to identify static traffic in said plurality of packets;
a dynamic traffic analyzer to identify dynamic traffic in said plurality of packets; and
a host identifier to identify at least one host as a communication point from said static traffic and said dynamic traffic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system, comprising:
-
a first network, with at least one computer coupled to the first network;
a connection between the first network and a second network; and
a traffic analyzer, including;
a database to store a plurality of packets forming traffic crossing the connection between the first network and the second network;
a static traffic analyzer to identify static traffic in said plurality of packets;
a dynamic traffic analyzer to identify dynamic traffic in said plurality of packets; and
a host identifier to identify at least one host as a communication point for at least a portion of said traffic from said static traffic and dynamic traffic. - View Dependent Claims (19, 20, 21, 22, 23, 24)
-
-
25. A method for analyzing traffic on a network, comprising:
-
receiving the traffic on the network as a plurality of packets;
identifying static traffic from the plurality of packets;
identifying dynamic traffic from the plurality of packets; and
identifying at least one port on one host in the static traffic data and the dynamic traffic data as a communication point for at least a portion of the traffic. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
-
-
44. An article comprising:
-
a storage medium, said storage medium having stored thereon instructions, that, when executed by a machine, result in;
receiving the traffic on the network as a plurality of packets;
identifying static traffic from the plurality of packets;
identifying dynamic traffic from the plurality of packets; and
identifying at least one port on one host in the static traffic data and the dynamic traffic data as a communication point for at least a portion of the traffic. - View Dependent Claims (45, 46, 47, 48, 49, 50, 51)
-
Specification