MANAGING NETWORK SECURITY
First Claim
1. A computer-implemented method of managing network security, said method comprising:
- receiving sampled packets at said computer at a first location, wherein said sampled packets represent packets being sampled from network packet traffic in at least one second location in a network;
converting said sampled packets into an appropriate format for analysis to form converted packets;
sending said converted packets to a first group including at least one security device for analysis;
receiving an event message from said at least one security device if said event message is generated by said at least one security device as a result of analysis of said converted packets;
evaluating said network security based on said event message and security policies; and
adjusting said network security based on said evaluation of said network security wherein said first location said second location and said at least one security device are a part of a closed loop that comprises a feedback path.
7 Assignments
0 Petitions
Accused Products
Abstract
Technology for network security is disclosed. In one embodiment, a method of managing network security includes receiving sampled packets. The sampled packets represent packets being sampled from network packet traffic in at least one location in a network. The sampled packets are converted into an appropriate format for analysis to form converted packets. Moreover, the converted packets are sent to a first group including at least one security device for analysis. If an event message is generated by the at least one security device as a result of analysis of the converted packets, the event message is received from the at least one security device. Network security is evaluated based on the event message and security policies and is adjusted based on that evaluation. The method may be implemented with a network manager.
-
Citations
21 Claims
-
1. A computer-implemented method of managing network security, said method comprising:
-
receiving sampled packets at said computer at a first location, wherein said sampled packets represent packets being sampled from network packet traffic in at least one second location in a network; converting said sampled packets into an appropriate format for analysis to form converted packets; sending said converted packets to a first group including at least one security device for analysis; receiving an event message from said at least one security device if said event message is generated by said at least one security device as a result of analysis of said converted packets; evaluating said network security based on said event message and security policies; and adjusting said network security based on said evaluation of said network security wherein said first location said second location and said at least one security device are a part of a closed loop that comprises a feedback path. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method of managing network security, said method comprising:
-
sampling network packet traffic in at least one first location in a network to form sampled packets; sending said sampled packets to said computer including a network manager at a second location; receiving security adjustment information from said network manager; and implementing security adjustment based on said security adjustment information wherein said first location and said second location are a part of a closed loop that comprises a feedback path. - View Dependent Claims (7)
-
-
8. A computer-implemented network manager comprising:
-
a sampled packets collector for receiving sampled packets at said computer at a first location, wherein said sampled packets represent packets being sampled from network packet traffic in at least one second location in a network; a packet format converter for converting said sampled packets into an appropriate format for analysis to form converted packets and for sending said converted packets to a first group including at least one security device for analysis; an event message collector for receiving event messages based on analysis of said converted packets from said at least one security device; and an event message processor for processing said event messages based on security policies and for adjusting network security based on results of said processing wherein said first location said second location and said at least one security device are a part of a closed loop that comprises a feedback path. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A network device comprising:
-
a packet sampling unit for sampling network packet traffic at a first location to form sampled packets and for sending said sampled packets to a network manager at a second location; and a security response unit for receiving security adjustment information from said network manager and for implementing security adjustment based on said security adjustment information wherein said first location said second location and said at least one security response unit are a part of a closed loop that comprises a feedback path. - View Dependent Claims (14)
-
-
15. A computer-readable non-transitory medium comprising computer-executable instructions for causing performance of a method of managing network security, said method comprising:
-
receiving sampled packets at a first location, wherein said sampled packets represent packets being sampled from network packet traffic in at least one second location in a network; converting said sampled packets into an appropriate format for analysis to form converted packets; sending said converted packets to a first group including at least one security device for analysis; receiving an event message from said at least one security device if said event message is generated by said at least one security device as a result of analysis of said converted packets; evaluating said network security based on said event message and security policies; and adjusting said network security based on said evaluation of said network security wherein said first location said second location and said at least one security device are a part of a closed loop that comprises a feedback path. - View Dependent Claims (16, 17, 18)
-
-
19. A computer-readable non-transitory medium comprising computer-executable instructions for causing performance of a method of managing network security, said method comprising:
-
sampling network packet traffic in at least one first location in a network to form sampled packets; sending said sampled packets to a network manager at a second location; receiving security adjustment information from said network manager; and implementing security adjustment based on said security adjustment information wherein said first location and said second location are a part of a closed loop that comprises a feedback path. - View Dependent Claims (20)
-
-
21. A computer-implemented method of managing network security, said method comprising:
-
sampling network packet traffic in at least one first location in a network to form sampled packets; sending said sampled packets to at least one security device for analysis at a second location; receiving security adjustment information from said computer including a network manager; and implementing security adjustment based on said security adjustment information wherein said first location and said second location are a part of a closed loop that comprises a feedback path.
-
Specification