Security Integration System and Device

US 20100325685A1
Filed: 06/17/2009
Published: 12/23/2010
Est. Priority Date: 06/17/2009
Status: Abandoned Application

First Claim

Patent Images

1. An integration device for exchanging information related to security among different security devices, the device comprising:

a network interface configured to receive a notification of a security event at a first security device;

a computer memory configured to store a set of rules; and

a processor configured to compare the contents of the notification against the set of rules, select actions to take based on the set of rules at one or more other security devices, establish a connection to the one or more other security devices using the network interface, and take the actions over the connection.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure generally relates to systems and devices that share information related to computer and network security. In an embodiment, an integration device can receive a notification of a security event at a security device. The integration device can compare the contents of the notification against a set of rules, select actions to take based on the set of rules at other security devices, establish a connection to the other security devices, and take the actions over the connection. The integration device can take the actions by sending commands understood by the other security devices over the connection. The other security devices can be of different platforms than the security device or not interoperable with the security device. Additionally, the integration device can receive information related to log entries, security incidents, transaction data, or configuration data, and take actions based on this information at other security devices.

Citations

23 Claims

1. An integration device for exchanging information related to security among different security devices, the device comprising:
- a network interface configured to receive a notification of a security event at a first security device;
  
  a computer memory configured to store a set of rules; and
  
  a processor configured to compare the contents of the notification against the set of rules, select actions to take based on the set of rules at one or more other security devices, establish a connection to the one or more other security devices using the network interface, and take the actions over the connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The integration device of claim 1, wherein the other security devices comprise at least one security device of a different platform than the first security device.
  - 3. The integration device of claim 1, wherein the other security devices comprise at least one security device which is not interoperable with the first security device.
  - 4. The integration device of claim 1, wherein the processor is configured to take the actions by sending commands understood by the one or more other security devices over the connection.
  - 5. The integration device of claim 1, wherein the processor is configured to take the actions using an application programming interface provided by the one or more other security devices.
  - 6. The integration device of claim 1, wherein the processor is operable to configure the set of rules using best practices selected by an administrator.
  - 7. The integration device of claim 1, wherein the network interface is configured to receive a set of security policies from a security information management system.
  - 8. The integration device of claim 7, where in the processor is operable to configure the set of rules using the received set of security policies.
  - 9. The integration device of claim 1, wherein the notification comprises an electronic mail message.

10. A computer-implemented method of sharing security information among security systems, the method comprising:
- receiving a message from a security information management system related to a security event at a first security system;
  
  parsing contents of the message; and
  
  automatically taking an action on a second security system based on the contents of the message;
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method of claim 10, further comprising reporting the actions taken at the second security system to the security information management system.
  - 12. The method of claim 10, wherein the taking the action comprises establishing a connection to the second security system over a network and issuing commands over the connection.
  - 13. The method of claim 12, wherein the commands are in a language understood by second security system.
  - 14. The method of claim 12, wherein the connection comprises a secure socket layer connection.
  - 15. The method of claim 12, wherein the connection comprises a secure shell connection.
  - 16. The method of claim 12, wherein the commands are written for a command line interpreter of the second security system.

17. A computer readable medium having stored thereon computer executable components, the medium comprising:
- a rules engine that receives a notification including information related to a security event at a security device, matches the security event against one or more rules, and identifies actions to take at one or more different security devices when the security event matches the one or more rules; and
  
  an action engine that takes the actions on the one or more different security devices.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The computer readable medium of claim 17, wherein the action engine takes the actions by setting up a connection with each of the different security devices and issues commands over the connection using an interface understood by each different security device.
  - 19. The computer readable medium of claim 17, wherein the rules engine sends contents of the notification to an electronic mail server for delivery to a recipient when the one or more rules are not matched.
  - 20. The computer readable medium of claim 17, wherein the one or more different security devices comprise a network access control system.
  - 21. The computer readable medium of claim 17, wherein the one or more different security devices comprise a host intrusion prevention system.
  - 22. The computer readable medium of claim 17, wherein the one or more different security devices comprise an intrusion detection system.
  - 23. The computer readable medium of claim 17, wherein the one or more different security devices comprise a firewall system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Force 3 LLC (CDW Corporation)
Original Assignee
Force 3 LLC (CDW Corporation)
Inventors
Sanbower, Jamie

Application Number

US12/486,309
Publication Number

US 20100325685A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/554   involving event detection a...

H04L 63/0263   Rule management

H04L 63/1441   Countermeasures against mal...

Security Integration System and Device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Security Integration System and Device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links