NETWORK SECURITY DATA MANAGEMENT SYSTEM AND METHOD

US 20090063531A9
Filed: 03/19/2004
Published: 03/05/2009
Est. Priority Date: 11/22/1999
Status: Active Grant

First Claim

Patent Images

1. A method for compiling parser scripts each corresponding to the structure of security data received from a network component comprising the steps of:

a) identifying sets of data categories, each set corresponding to security data received from one of a plurality of network components;

b) constructing database record definitions, each defining a record subdivided in accordance with one of the sets of data categories;

c) writing parser scripts that receive security data from the network components and output records, each record corresponding to one of the record definitions; and

d) storing said parser scripts.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for compiling security data from an information network includes at least two network components, each providing data. A data partner is coupled to the network components. The data parser has access to two parser scripts that correspond to the network'"'"'s component data. Categorized data can be produced by applying the parser scripts to the data received from the network components.

Citations

26 Claims

1. A method for compiling parser scripts each corresponding to the structure of security data received from a network component comprising the steps of:
- a) identifying sets of data categories, each set corresponding to security data received from one of a plurality of network components;
  
  b) constructing database record definitions, each defining a record subdivided in accordance with one of the sets of data categories;
  
  c) writing parser scripts that receive security data from the network components and output records, each record corresponding to one of the record definitions; and
  
  d) storing said parser scripts.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 further comprising the steps of:
    - e) determining the format of each category in said sets;
      
      f) formatting the subdivisions to match the formats of the categories of the set to which the definition corresponds; and
      
      wherein each of the output records of step (c) correspond in format to one of the record definitions.
  - 3. The method of claim 1 further comprising the steps of:
    - g) building database tables in a relational database each having the fields of one of the database record definitions; and
      
      h) inserting output records received from the parser scripts into the tables.
  - 4. The method of claim 2 further comprising the steps of:
    - i) building database tables in a relational database each having the fields and formats of one of the database record definitions; and
      
      j) inserting output records received from the data interface operating per defined data constructs into the tables.
  - 5. The method of claim 1 wherein:
    - at least one of the sets of data categories is identified, at least in part, from the product specifications of the network components.
  - 6. The method of claim 1 wherein:
    - at least one of the sets of data categories is identified, at least in part, by applying a Management Information Base (MIB) integrator to a Management Information Base for the corresponding network component.

7. An information network security data compilation system, comprising:
- a) a first network component;
  
  b) a second network component; and
  
  c) a data parser coupled to the first and second network components having access to a first parser script and a second parser script, the data parser is operable to produce categorized data from the data received from the first and second network components data interface operating with the first and second parser scripts, respectively.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 8. The data compilation system of claim 7 wherein:
    - a) the first network component is a firewall and b) the second network component is an intrusion detection system.
  - 9. The data compilation system of claim 7 further comprising:
    - a) a third network component and b) a distributed data manager; and
      
      wherein;
      
      the data parser is coupled to the second and third network components through the distributed data manager which collects and compresses data from the second and third network components and forwards the compressed data to the data parser.
  - 10. The data compilation system of claim 7 further comprising:
    - a) a third network component;
      
      b) a second data parser coupled to the third component having access to a third parser script, the second data parser operable to produce categorized data from the data received from the third network component with the third parser script; and
      
      c) a relational database coupled to the first and second data parsers.
  - 11. The data compilation system of claim 7 further comprising:
    - a) a display coupled to the data parser; and
      
      b) a relational database coupled between the data parser and the display, and wherein;
      
      the data parser transfers the categorized data to the relational database.
  - 12. The data compilation system of claim 11 wherein:
    - the relational database receives a data query, and the display shows a portion of the categorized data, up to and including all the data, from the relational database, corresponding to the data query.
  - 13. The data compilation system of claim 12 wherein:
    - the data queries are submitted and the portions are shown through a web browser interface.
  - 14. The data compilation system of claim 7 further comprising:
    - a) an event detector coupled to the data parser and wherein;
      
      the event detector compares the categorized data to a predetermined event definition and provides a signal if a match is found.
  - 15. The data compilation system of claim 7 further comprising:
    - a) an information technology agent and wherein;
      
      the network component is programmed by software, the agent collects security data from the software, and the data provided from the first network component is the security data collected by the agent.
  - 16. The data compilation system of claim 7 wherein:
    - the data parser produces formatted and categorized data.
  - 17. The data compilation system of claim 7 wherein:
    - data from the first network component is security data and data from the second network component is security data.
  - 18. The data compilation system of claim 7 wherein:
    - data from the first network component is encrypted and decrypted.

19. A method of compiling network security data comprising the steps of:
- a) collecting security data from a plurality of network components;
  
  b) accessing a plurality of different parser scripts, each script corresponding to one of the network components;
  
  c) applying the plurality of different parser scripts to the security data to produce categorized and formatted data; and
  
  d) storing the categorized and formatted data.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
- - 20. The method of claim 19 wherein:
    - the plurality of network components includes at least a firewall and an intrusion detection system.
  - 21. The method of claim 19 further comprising the steps of:
    - e) transmitting the categorized and formatted data to a relational database;
      
      f) providing a user interface for submitting queries to the relational database; and
      
      g) displaying the categorized and formatted data, or a subset thereof, in accordance with submitted queries.
  - 22. The method of claim 21 wherein:
    - step (e) occurs prior to step (d) and step (d) comprises storing the categorized and formatted data in the relational database.
  - 23. The method of claim 19 further comprising the steps of:
    - h) comparing the categorized and formatted data to at least one predetermined event definition; and
      
      i) generating a signal if the data matches at least one event definitions.
  - 24. The method of claim 19 wherein:
    - one of the network components is programmed by software and an information technology agent communicates with the software to collect the security data.
  - 25. The method of claim 19 wherein:
    - the step of collecting occurs in real time rather than in batches.
  - 26. The method of claim 19 wherein:
    - at least two of the plurality of different data constructs correspond to the same network component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Diversified High Technologies Incorporated, Kathy J. Maida-Smith
Original Assignee
Kathy Maida-Smith, Steven Engle
Inventors
Engle, Steven, Maida-Smith, Kathy

Granted Patent

US 7,499,937 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/20   for managing network securi...

NETWORK SECURITY DATA MANAGEMENT SYSTEM AND METHOD

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

NETWORK SECURITY DATA MANAGEMENT SYSTEM AND METHOD

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links