Systems and Methods of Network Security and Threat Management

US 20090178139A1
Filed: 01/09/2009
Published: 07/09/2009
Est. Priority Date: 01/09/2008
Status: Active Grant

First Claim

Patent Images

1. A system of managing security threats in a network, the system comprising:

a detection module to collect information associated with binary network packet data; and

a correlation module to analyze the collected information from the detection module, to identify potential security threats to the network, and to update subordinate applications with information related to the potential security threats.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure generally provides systems and methods of network security and threat management. An exemplary system includes detection and prevention modules (DPM) designed specifically to collect and transmit suspicious binary network packet data. The collected network packets are sent to a behavioral correlation module to perform automatic behavioral correlation: (1) within each DPM, (2) across all DPMs installed on a network, and (3) across all DPMs installed on all networks. The results of the behavioral correlation are sent to a security dashboard module (SDM), which generally acts as a fully integrated Security Event Management system and collects, correlates, and prioritizes global network alerts, local network alerts, posted vendor alerts, and detected network vulnerabilities with enterprise assets. The SDM could display the results in a user-friendly graphical user interface and has the ability to perform geographic mapping of externally generated threats.

120 Citations

20 Claims

1. A system of managing security threats in a network, the system comprising:
- a detection module to collect information associated with binary network packet data; and
  
  a correlation module to analyze the collected information from the detection module, to identify potential security threats to the network, and to update subordinate applications with information related to the potential security threats.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the detection module collects the information associated with binary network packet data prior to the binary network packet data passing a firewall device.
  - 3. The system of claim 1, wherein the collected information comprises at least one of:
    - Internet protocol (IP) port information, packet data source information, and packet data destination information.
  - 4. The system of claim 1, wherein the collected information comprises at least one of:
    - access time information, and priority level information.
  - 5. The system of claim 1, wherein the terminal displays the information associated with the potential threats in real-time.
  - 6. The system of claim 1, wherein the correlation module stores the identified potential threats to the network in a database.
  - 7. The system of claim 1, wherein the correlation module is configured to analyze behavioral patterns related to the potential threats to the network.
  - 8. The system of claim 1 further comprising:
    - a remote security module to monitor the network and a second network.
  - 9. The system of claim 8, wherein the remote security module correlates threat related information from the network and the second network.

10. A method of managing security threats in a network, the method comprising:
- collecting binary network packet data information related to network traffic;
  
  comparing any known security threats to the security of the network with the binary network packet data information; and
  
  if the comparison is successful, generating a prioritized alert and updating subordinate applications with information associated with the binary network packet data and the prioritized alert.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method of claim 10, wherein the collecting of the binary network packet data information is performed prior to the binary network packet data passing a firewall device.
  - 12. The method of claim 10 further comprising:
    - collecting binary network packet data information associated with at least one of;
      
      Internet protocol (IP) port information, packet data source information, and packet data destination information.
  - 13. The method of claim 10, wherein the terminal displays the information associated with the alert on a terminal in real-time.
  - 14. The method of claim 10 further comprising:
    - analyzing a behavioral pattern related to the binary network packet data information; and
      
      updating the database with information associated with the behavioral pattern.
  - 15. The method of claim 10 further comprising:
    - remotely monitoring the network and a second network; and
      
      correlating threat related information from the network and the second network.

16. A multi-network security system comprising:
- a first detection module to collect information associated with incoming binary network packet data from a first network;
  
  a second detection module associated with a second network to collect information associated with incoming binary network packet data from the second network;
  
  a correlation module configured to analyze behavioral patterns related to potential security threats from the incoming binary network packet data from the first network and the second network;
  
  a remote database to store information associated with the analysis of the behavioral patterns; and
  
  a terminal to display information associated with the potential security threats in real-time.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein the first detection module collects the information associated with binary network packet data prior to the binary network packet data passing a firewall device.
  - 18. The system of claim 16, wherein the second detection module collects the information associated with binary network packet data prior to the binary network packet data passing a firewall device.
  - 19. The system of claim 16, wherein the collected information comprises at least one of:
    - Internet protocol (IP) port information, packet data source information, and packet data destination information.
  - 20. The system of claim 16, wherein the collected information comprises at least one of:
    - access time information, and priority level information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Masergy Communications Incorporated (Comcast Corporation)
Original Assignee
Global DataGuard, Inc. (Comcast Corporation)
Inventors
Paly, Scott S., Stute, Michael Roy

Granted Patent

US 10,091,229 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/554   involving event detection a...

G06Q 10/109   Time management, e.g. calen...

H04L 63/0209   Architectural arrangements,...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

Systems and Methods of Network Security and Threat Management

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

120 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Systems and Methods of Network Security and Threat Management

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

120 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others