Method and system for prioritizing security operations in a communication network
First Claim
1. A method for filtering data packets through a network security device, the method comprising performing a plurality of security operations on each of the data packets, the plurality of security operations including dropping of malicious data packets;
- recording rate of the malicious data packets being dropped by each of the plurality of security operation; and
re-ordering the plurality of security operations, the re-ordering being based on the rate of the data packets being dropped by the plurality of security operations, wherein the plurality of security operations are re-ordered automatically.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system and apparatus for filtering data packets through an integrated network security device are provided. Various security operations are performed on the data packets belonging to a network connection while they pass through the integrated network security device in a communication network. A classification engine is applied to the first packet of the connection. The result of this filtering is stored in a per-connection control key, and determines which of the security operations must be applied to each of the data packets of the connection. These security operations may be prioritized and re-ordered, based on the rate at which they detect and drop malicious data packets.
38 Citations
12 Claims
-
1. A method for filtering data packets through a network security device, the method comprising
performing a plurality of security operations on each of the data packets, the plurality of security operations including dropping of malicious data packets; -
recording rate of the malicious data packets being dropped by each of the plurality of security operation; and
re-ordering the plurality of security operations, the re-ordering being based on the rate of the data packets being dropped by the plurality of security operations, wherein the plurality of security operations are re-ordered automatically. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for filtering data packets through a network security device, the system comprising
means for performing a plurality of security operations on each of the data packets; -
means for recording rate of malicious data packets being dropped by each of the plurality of security operation; and
means for re-ordering the plurality of security operations, the re-ordering being based on the rate of the malicious data packets being dropped by the plurality of security operations, wherein the plurality of security operations are re-ordered automatically.
-
-
7. A system for filtering data packets through a network security device, the system comprising
one or more security operations module, the one or more security operations module performing a plurality of security operations on each of the data packets; -
a recording module for recording rate of malicious data packets being dropped by each of the plurality of security operations module; and
a re-ordering module for automatically re-ordering the plurality of security operations. - View Dependent Claims (8, 9, 10)
-
-
11. An apparatus for filtering data packets through a network security device, the apparatus comprising
a processing system including a processor coupled to a display and user input device; -
a machine-readable medium including instructions executable by the processor comprising one or more instructions for performing a plurality of security operations on each of the data packets, the plurality of security operations including dropping of malicious data packets;
one or more instructions for recording rate of the malicious data packets being dropped by each of the plurality of security operation; and
one or more instructions for re-ordering the plurality of security operations, the re-ordering being based on the rate of the malicious data packets being dropped by the plurality of security operations, wherein the plurality of security operations are re-ordered automatically.
-
-
12. A machine-readable medium including instructions for filtering data packets through a network security device, the instructions being executable by a processor comprising
one or more instructions for performing a plurality of security operations on each of the data packets, the plurality of security operations including dropping of malicious data packets; -
one or more instructions for recording rate of the malicious data packets being dropped by each of the plurality of security operation; and
one or more instructions for re-ordering the plurality of security operations, the re-ordering being based on the rate of the malicious data packets being dropped by the plurality of security operations, wherein the plurality of security operations are re-ordered automatically.
-
Specification