SYSTEM SECURITY AGENT AUTHENTICATION AND ALERT DISTRIBUTION

US 20100057907A1
Filed: 11/11/2009
Published: 03/04/2010
Est. Priority Date: 12/30/2004
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a receiver to receive from a transport agent on a communication link an aggregated security message, wherein the transport agent receives items of data from different respective on-host system agents monitoring a host system, each item of data representing a security event on the host system, wherein the transport agent aggregates the received items of data into the aggregated security message;

a communication line controller to configure the communication link to receive the aggregated security message; and

a management engine to transmit each of the items of data from the aggregated security message to a respective management console.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An aggregation agent may combine and correlate information generated by multiple on-host agents and/or information generated in response to multiple security events. The aggregation agent may transmit the combined information to a security console. The security console may check the identity of the aggregation agent to determine whether to accept the information. The security console may map information to one or more consoles.

35 Citations

View as Search Results

20 Claims

1. An apparatus comprising:
- a receiver to receive from a transport agent on a communication link an aggregated security message, wherein the transport agent receives items of data from different respective on-host system agents monitoring a host system, each item of data representing a security event on the host system, wherein the transport agent aggregates the received items of data into the aggregated security message;
  
  a communication line controller to configure the communication link to receive the aggregated security message; and
  
  a management engine to transmit each of the items of data from the aggregated security message to a respective management console.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The apparatus of claim 1, the management engine to determine for each of the items of data of the aggregated security message a respective security server with which the item of data is associated.
  - 3. The apparatus of claim 2, wherein the management engine to determine the associated security server of each of the items of data includes the management engine to determine a security server associated with an on-host system agent that generated one of the items of data.
  - 4. The apparatus of claim 2, wherein the management engine to determine the associated security server of each of the items of data includes the management engine to decompress the aggregated security message to extract the aggregated security message from a compressed state.
  - 5. The apparatus of claim 2, wherein the management engine to determine the associated security server of each of the items of data includes the management engine to determine in response to authenticating the transport agent.
  - 6. The apparatus of claim 2, wherein the management engine to transmit each item of data includes the management engine to transmit one of the items of data to the associated security server of the one of the items of data.
  - 7. The apparatus of claim 1, the management engine further to authenticate the transportagent based on the received aggregated security message.
  - 8. The apparatus of claim 7, wherein the management engine to authenticate the transport agent includes the management engine to verify cryptographic keys received from the transport agent.
  - 9. The apparatus of claim 1, the management engine further to decrypt the aggregatedsecurity message.
  - 10. An apparatus according to claim 1, the communication line controller to configure thecommunication link dynamically, after the link has been established with the transport agent.
  - 11. An apparatus according to claim 1, wherein the communication line controller to configure the communication link includes the communication line controller to configure one or more of a port, a communication protocol, a communication channel, an encryption standard, and a compression standard.
  - 12. An apparatus according to claim 1, the communication line controller to further indicate a management console with which the transport agent should direct subsequent communication.

13. A system comprising:
- an aggregation agent to aggregate multiple host-based security event notifications into a single security report and transmit the single security report to a security server;
  
  a router coupled with the aggregation agent to route the single security report from the aggregation agent to the security server; and
  
  the security server coupled with the router to receive the single security report and to indicate a host-based security event notification to a security console.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The system of claim 13, the security server further to authenticate the aggregation agent based on the received security report.
  - 15. The system of claim 13, the security server to determine for each of the multiple security event notifications of the security report a respective security console with which the security event notification is associated.
  - 16. The system of claim 15, wherein the security server to determine the associated security console of each of the multiple security event notifications includes the security server to determine a type of information indicated by one of the multiple security event notifications, and the security server to associate all security consoles configured to receive the type of information.
  - 17. The system of claim 15, wherein the security server to determine the associated security console of each of the multiple security event notifications includes the security server to determine in response to authenticating the aggregation agent.
  - 18. A system according to claim 15, wherein the security server to indicate the security event notification to the security console comprises the security server to indicate the security event notification to a security console associated with a host-based security event monitoring entity that generated the security event notification.
  - 19. A system according to claim 13, wherein the aggregation agent resides on the host.
  - 20. A system according to claim 13, wherein the aggregation agent to transmit the single security report to the security server comprises the aggregation agent to transmit the single security report to a control console on the security server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Daedalus Prime LLC (Daedalus Group LLC)
Original Assignee
Alan D. Ross, Dennis M. Morgan
Inventors
Morgan, Dennis M., Ross, Alan D.

Granted Patent

US 7,937,760 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/224
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/87   by means of encapsulation, ...

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/08   for authentication of entit...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

SYSTEM SECURITY AGENT AUTHENTICATION AND ALERT DISTRIBUTION

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

35 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

SYSTEM SECURITY AGENT AUTHENTICATION AND ALERT DISTRIBUTION

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others