NETWORK SEGMENTATION
First Claim
1. A system for automatically generating segments in a network, the system comprising:
- a plurality of hosts configured to generate network activity information, at least a portion of the hosts belonging to an organization and connected via the network;
an analyzer server configured to analyze the network activity information, the analyzer server comprising;
memory that stores computer-executable instructions; and
at least one processor configured to access the memory and execute the computer-executable instructions to at least;
receive a portion of the network activity information, the portion of the network activity information describing interactions of the plurality of hosts on the network;
identify one or more metrics based in part on at least the portion of the network activity information, the one or more metrics identifying relationships between hosts of the plurality of hosts;
determine a plurality of observation vectors based at least in part on the one or more metrics, individual observation vectors of the plurality comprising one or more dimensions and corresponding to individual hosts of the plurality of hosts;
generate a plurality of clusters based at least in part on the plurality of observation vectors, each cluster of the plurality of clusters including at least some hosts of the plurality of hosts;
in response to generating the plurality of clusters, identify a profile for at least one cluster of the plurality of clusters, the profile representative of at least a potential system of the network; and
determine at least one segment within the network, the at least one segment including or excluding the potential system with respect to interactions on the network.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and system for segmenting a network including a plurality of hosts is disclosed. In an example embodiment, the network is a provider network. The method receives network activity information describing network traffic between hosts of the plurality. The method generates observations from the network activity information and organizes the observations into clusters. The method determines a profile for each cluster that corresponds to a potential system type implemented by one or more of the hosts of the medical provider network. The method determines segments within the provider network based on the profiled system types.
-
Citations
20 Claims
-
1. A system for automatically generating segments in a network, the system comprising:
-
a plurality of hosts configured to generate network activity information, at least a portion of the hosts belonging to an organization and connected via the network; an analyzer server configured to analyze the network activity information, the analyzer server comprising; memory that stores computer-executable instructions; and at least one processor configured to access the memory and execute the computer-executable instructions to at least; receive a portion of the network activity information, the portion of the network activity information describing interactions of the plurality of hosts on the network; identify one or more metrics based in part on at least the portion of the network activity information, the one or more metrics identifying relationships between hosts of the plurality of hosts; determine a plurality of observation vectors based at least in part on the one or more metrics, individual observation vectors of the plurality comprising one or more dimensions and corresponding to individual hosts of the plurality of hosts; generate a plurality of clusters based at least in part on the plurality of observation vectors, each cluster of the plurality of clusters including at least some hosts of the plurality of hosts; in response to generating the plurality of clusters, identify a profile for at least one cluster of the plurality of clusters, the profile representative of at least a potential system of the network; and determine at least one segment within the network, the at least one segment including or excluding the potential system with respect to interactions on the network. - View Dependent Claims (2, 3, 4)
-
-
5. A computer-implemented method for automatically generating segments in a network, the method comprising:
-
receiving, by a computer system, network activity information, the network activity information describing interactions of a plurality of hosts on the network; identifying one or more metrics based in part on at least a portion of the network activity information, the one or more metrics identifying relationships between hosts of the plurality of hosts; determining a plurality of observation vectors based at least in part on the one or more metrics, individual observation vectors of the plurality comprising one or more dimensions and being associated with individual hosts of the plurality of hosts; generating, by the computer system, a plurality of clusters based in part on the plurality of observation vectors, each cluster of the plurality of clusters including at least some hosts of the plurality of hosts; in response to generating the plurality of clusters, identifying a profile for at least one cluster of the plurality of clusters, the profile representative of at least a potential system of the network; and determining, by the computer system, a segment within the network, the segment including or excluding the potential system with respect to interactions on the network. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer-implemented method for identifying compromised profiles using probability profiles, the method comprising:
-
receiving, by a computer system, network activity information, the network activity information describing interactions of a user with a plurality of hosts on a network; determining a client profile based at least in part on the network activity information corresponding to the interactions of the user with at least a portion of the plurality of hosts on the network; determining, by the computer system and based on the client profile, a probability profile for the user, the probability profile including a prediction that the user will interact with a first host of the plurality of hosts; identifying a particular interaction of the user with a second host of the plurality of hosts, the particular interaction falling outside the probability profile for the user; and providing an indication to an authorized user including the probability profile. - View Dependent Claims (18, 19, 20)
-
Specification