SYSTEM AND METHOD FOR MANAGING NETWORK AND SECURITY EVENTS VIA SUPERIMPOSING DATA

US 20150088868A1
Filed: 09/25/2014
Published: 03/26/2015
Est. Priority Date: 09/26/2013
Status: Active Grant

First Claim

Patent Images

1. A method for gathering a plurality of data and representing the results, the method comprising:

collecting events sharing the same derived key in a pre-defined sliding window;

superimposing the events in the pre-defined sliding window into a single record to form superimposed events; and

superimposing attributes from the plurality of data into an aggregated summary structure to form superimposed attributes.superimposed tags with results prior to results being delivered to the user or requesting process

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An integrated network flow and security information management system and method is provided, more particularly, an integrated network flow and security information management system and method which leverages a process of superimposing and cross referencing common events and attributes in order to increase the speed of searches, completeness of searches and size of dataset (flow data). In particular, the process of superimposing may increase the amount of information that can be processed, while accelerating the search, thereby providing the user with more responsive acts of pivoting and scoping leading to a more complete response to network errors and threats.

Citations

14 Claims

1. A method for gathering a plurality of data and representing the results, the method comprising:
- collecting events sharing the same derived key in a pre-defined sliding window;
  
  superimposing the events in the pre-defined sliding window into a single record to form superimposed events; and
  
  superimposing attributes from the plurality of data into an aggregated summary structure to form superimposed attributes.superimposed tags with results prior to results being delivered to the user or requesting process
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 wherein the plurality of data is selected from the group comprising:
    - security event data, network event data, actionable intelligence, and analysis results.
  - 3. The method of claim 1 wherein events are information that combine a flow tuple into a derived key.
  - 4. The method of claim 3 wherein the flow tuple is the source address/port, destination address/port, and protocol.

5. A method for superimposing and retrieving attributes, the method comprising:
- receiving data containing a plurality of attributes and related values;
  
  examining each of the plurality of attributes to identify associated attributes; and
  
  superimposing the associated attributes in a cross relationship, where a cross relationship is a collection of unique attribute pairings.
- View Dependent Claims (6, 7, 8, 9, 10, 11)
- - 6. The method of claim 5 wherein each of the plurality of attributes has a pre-defined relationship schema that specifies the superimpose action to be taken for all associated attributes.
  - 7. The method of claim 5 further comprising:
    - creating a new summary record when an examined attribute is new and does not exist in a current window.
  - 8. The method of claim 5 further comprising:
    - superimposing all associated attributes to a corresponding record following a pre-defined relationship schema when an examined attribute exists in a current window.
  - 9. The method of claim 5 wherein each of the plurality of attributes has a collection of cross relationships when stored.
  - 10. The method of claim 9 further comprising:
    - converting the collection of cross relationships into a single tree structure.
  - 11. The method of claim 9 further comprising:
    - storing the single tree structure with the value associated with the attribute as its key.

12. A method for superimposing of tags on the results from searches, the method comprising:
- defining tag filters by processes or users in an independent schema, the independent schema defined as a condition and a label.
- View Dependent Claims (13, 14)
- - 13. The method of claim 12 further comprising:
    - appending results by a label attached to tag filters, wherein the independent schema matches a result prior to the results being delivered to a user or a requesting process.
  - 14. The method of claim 12 wherein a set of tag filters is independent of a datastore schema for superimposed events and superimposed attributes summaries.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Securitydo Corporation
Original Assignee
Securitydo Corporation
Inventors
Jordan, Christopher, Luo, Kun

Granted Patent

US 9,336,287 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/722
CPC Class Codes

G06F 16/2228   Indexing structures

G06F 16/2246   Trees, e.g. B+trees

G06F 16/248   Presentation of query results

G06F 16/284   Relational databases

G06F 16/957   Browsing optimisation, e.g....

G06F 40/117   Tagging; Marking up details...

H04L 63/1408   by monitoring network traff...

SYSTEM AND METHOD FOR MANAGING NETWORK AND SECURITY EVENTS VIA SUPERIMPOSING DATA

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR MANAGING NETWORK AND SECURITY EVENTS VIA SUPERIMPOSING DATA

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links