ESCALATION SECURITY METHOD FOR USE IN SOFTWARE DEFINED NETWORKS
First Claim
1. A method for performing an escalation security policy in a software defined network (SDN), the method is being performed by a central controller of the SDN, comprising:
- receiving at least one attack indication performed against at least one destination server;
upon determination, respective of at least one attack indication, that an attack is being performed against the at least one destination server, for each client sending traffic to the at least one destination server;
determining a risk state for a user of the each client;
obtaining an escalation security policy respective of the determined risk state of the user, wherein the escalation security policy defines a sequence of at least one challenge action for challenging the each client, an order and at least one condition for execution of the sequence of at least one challenge action; and
causing network elements of the SDN to divert incoming traffic from the each client to security servers connected to the SDN and configured to perform the at least one challenge action.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for performing an escalation security policy in a software defined network (SDN) includes receiving at least one attack indication performed against at least one destination server; upon determination that an attack is being performed against the at least one destination server, for each client sending traffic to the at least one destination server: determining a risk state for a user of the each client; obtaining an escalation security policy respective of the determined risk state of the user, wherein the escalation security policy defines a sequence of at least one challenge action for challenging the each client, an order and at least one condition for execution of the sequence of at least one challenge action; and causing network elements of the SDN to divert incoming traffic from the each client to security servers connected to the SDN and configured to perform the at least one challenge action.
43 Citations
27 Claims
-
1. A method for performing an escalation security policy in a software defined network (SDN), the method is being performed by a central controller of the SDN, comprising:
-
receiving at least one attack indication performed against at least one destination server; upon determination, respective of at least one attack indication, that an attack is being performed against the at least one destination server, for each client sending traffic to the at least one destination server; determining a risk state for a user of the each client; obtaining an escalation security policy respective of the determined risk state of the user, wherein the escalation security policy defines a sequence of at least one challenge action for challenging the each client, an order and at least one condition for execution of the sequence of at least one challenge action; and causing network elements of the SDN to divert incoming traffic from the each client to security servers connected to the SDN and configured to perform the at least one challenge action. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A system for performing an escalation security policy in a software defined network (SDN), comprising:
-
a processor; a network-interface module for communicating with the SDN; a memory connected to the processor and configured to contain a plurality of instructions that when executed by the processor configure the system to; receive at least one attack indication performed against at least one destination server; upon determination, respective of at least one attack indication, that an attack is being performed against the at least one destination server, for each client sending traffic to the at least one destination server; determine a risk state for a user of the each client; obtain an escalation security policy respective of the determined user risk state, wherein the escalation security policy defines a sequence of at least one challenge action for challenging the each client, an order and at least one condition for execution of the sequence of at least one challenge action; and cause network elements of the SDN to divert incoming traffic from the each client to security servers connected to the SDN and configured to perform the at least one challenge action. - View Dependent Claims (23)
-
-
24. A system for performing an escalation security policy in a software defined network (SDN), comprising:
-
a network-interface module for communicating with the SDN; a system-interface for receiving at least one attack indication performed against at least one destination server; an escalation module for determining whether an attack is being performed against the at least one destination server, wherein upon determination of that the attack is being perform, the escalation module is configured to; determine a risk state for a user for the each client sending traffic to the at least one destination server; obtain an escalation security policy respective of the determined user risk state, wherein the escalation security policy defines a sequence of at least one challenge action for challenging the each client, an order and at least one condition for execution of the sequence of at least one challenge action; and a diversion module for causing network elements of the SDN to divert incoming traffic from the each client to security servers connected to the SDN and configured to perform the at least one challenge action. - View Dependent Claims (25, 26, 27)
-
Specification