Method and apparatus for network immunization
First Claim
1. A method of immunizing a communication network containing a plurality of network elements configured to perform deep packet inspection, the method comprising the steps of:
- receiving a pattern associated with an instance of malicious code;
converting the pattern into a filter rule; and
causing the filter rule to be programmed into a hardware filtering platform associated with at least one of the network elements that is configured to perform deep packet inspection to enable the malicious code matching the pattern to be filtered from the network.
8 Assignments
0 Petitions
Accused Products
Abstract
Network elements that are configured to perform deep packet inspection may be dynamically updated with patterns associated with malicious code, so that malicious code may be detected and blocked at the network level. As new threats are identified by a security service, new patterns may be created for those threats, and the new patterns may then be passed out onto the network in real time. The real time availability of patterns enables filter rules derived from the patterns to be applied by the network elements so that malicious code may be filtered on the network before it reaches the end users. The filter rules may be derived by security software resident in the network elements or may be generated by a filter generation service configured to generate network element specific filter rules for those network elements that are to be implemented as detection points on the network.
99 Citations
15 Claims
-
1. A method of immunizing a communication network containing a plurality of network elements configured to perform deep packet inspection, the method comprising the steps of:
-
receiving a pattern associated with an instance of malicious code;
converting the pattern into a filter rule; and
causing the filter rule to be programmed into a hardware filtering platform associated with at least one of the network elements that is configured to perform deep packet inspection to enable the malicious code matching the pattern to be filtered from the network. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A network element, comprising:
-
a data plane containing hardware configured to perform deep packet inspection on data received over an interface to a communication network in connection with forwarding the data on the communication network; and
a control plane configured to control operation of the data plane, wherein the network element contains control logic configured to program filter rules associated with malicious code into the hardware configured to perform deep packet inspection to enable the malicious code to be filtered from the network. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A network element, comprising:
-
means for filtering data by performing deep packet inspection on traffic flowing through the network element; and
means for programming a filter rule into the means for filtering, to cause the filter rule to be applied to the traffic flowing through the network element, said filter rule being associated with a pattern identified as comprising at least a part of a malicious code to be filtered from the traffic flowing through the network element. - View Dependent Claims (13, 14, 15)
-
Specification