Hardware-based detection and containment of an infected host computing device
First Claim
Patent Images
1. A method for network traffic analysis, comprising:
- receiving network traffic at a traffic analyzer of a system over an internal connection of the system, the system coupled to an external network;
comparing a traffic pattern of the network traffic to an expected pattern; and
performing a security-policy-driven action based on a result of the comparing of the traffic pattern to the expected pattern.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatuses enable a traffic analyzer to monitor an internal connection of a computing system for one or more traffic patterns. The traffic analyzer compares traffic on the internal connection to an expected traffic pattern, and performs a policy based action based on the result of comparing the traffic pattern to the expected pattern. The traffic analyzer can exist in a stack of a VMM or a monitoring VM or be implemented in a management engine of the computing system. In one embodiment, the computing system includes traffic analyzer components in both a VMM or monitoring VM and a management engine.
49 Citations
21 Claims
-
1. A method for network traffic analysis, comprising:
-
receiving network traffic at a traffic analyzer of a system over an internal connection of the system, the system coupled to an external network; comparing a traffic pattern of the network traffic to an expected pattern; and performing a security-policy-driven action based on a result of the comparing of the traffic pattern to the expected pattern. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An article of manufacture comprising a machine-readable storage medium having content stored thereon to provide instructions to result in a device performing operations including:
-
monitoring network traffic of an internal connection of a system, the internal connection between components of a hardware platform of the system; comparing a traffic pattern of the network traffic to an expected pattern; and performing a security-policy-driven action based on a result of the comparing of the traffic pattern to the expected pattern. - View Dependent Claims (12, 13, 14)
-
-
15. A traffic analyzer comprising:
-
an internal connection interface coupled to an internal connection of a computing system, the internal connection interface to receive traffic from the internal connection; a traffic recognition module coupled to the internal connection interface to compare a the received traffic to an expected traffic pattern to generate a traffic pattern comparison result; and a policy-based decision module to select a policy-driven action in response to the generated traffic pattern comparison result. - View Dependent Claims (16, 17, 18)
-
-
19. A system comprising:
-
a traffic analyzer having an internal connection interface coupled to an internal connection of a computing system, the internal connection interface to receive traffic from the internal connection, a traffic recognition module coupled to the internal connection interface to compare a the received traffic to an expected traffic pattern to generate a traffic pattern comparison result, and a policy-based decision module to select a policy-driven action in response to the generated traffic pattern comparison result; and an out-of-band (OOB) channel to an external network coupled to the traffic analyzer, the OOB channel coupled to a network administrator of the external network. - View Dependent Claims (20, 21)
-
Specification