UNIFIED INTERFACE FOR ANALYSIS OF AND RESPONSE TO SUSPICIOUS ACTIVITY ON A TELECOMMUNICATIONS NETWORK

US 20150341374A1
Filed: 07/29/2015
Published: 11/26/2015
Est. Priority Date: 12/13/2013
Status: Abandoned Application

First Claim

Patent Images

1. A system for analyzing telemetry in customer and provider networks, comprising(a) a network intrusion detection device which detects potentially malicious traffic directed toward the telemetry;

and(b) a network appliance device connected with said network intrusion detection device for implementing defensive response actions in response to detection of potentially malicious traffic.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention is a platform for analysis of disparate data sources and automated and or user driven incident response via a single user interface. The platform includes an agent server, message broker, index, correlation engine and user interface. Telemetry sources may include network appliances, mobile devices, and standard terminals. Each telemetry type has interactions that enable incident response from the unified interface.

7 Citations

12 Claims

1. A system for analyzing telemetry in customer and provider networks, comprising(a) a network intrusion detection device which detects potentially malicious traffic directed toward the telemetry;
- and(b) a network appliance device connected with said network intrusion detection device for implementing defensive response actions in response to detection of potentially malicious traffic.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A system as defined in claim 1, and further comprising at least one agent at a host and network component of the telemetry for collecting telemetry and issuing defensive response actions.
  - 3. A system as defined in claim 2, and further comprising an agent server connected with the provider network for managing communications with host and network agents,
  - 4. A system as defined in claim 3, and further comprising a correlation engine in the provider network to fuse and correlate host and network telemetry, generate alerts, and automate actions in response to potentially malicious traffic.
  - 5. A system as defined in claim 4, and further comprising a message broker connected between said correlation engine and said agent server to facilitate communication between the correlation engine and the agents.
  - 6. A system as defined in claim 5, and further comprising an index connected with said correlation engine for storing information relating to potentially malicious traffic alerts and responses said alerts.

7. A method for analyzing telemetry in customer and provider networks, comprising the steps of(a) detecting potentially malicious traffic directed toward the telemetry;
- and(b) implementing defensive response actions in response to detection of potentially malicious traffic.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. A method as defined in claim 7, and further comprising the steps of correlating host and network telemetry, generating alerts, and automating actions in response to potentially malicious traffic.
  - 9. A method as defined in claim 8, wherein said correlation step uses an anomaly detection algorithm derived from supervised and unsupervised machine learning techniques to trigger alerts.
  - 10. A method as defined in claim 8, wherein said correlation step uses primary, secondary, and tertiary data points in the telemetry to make an alert decision.
  - 11. A method as defined in claim 9, wherein said correlation step uses threat intelligence feed data to make an alert decision.
  - 12. A method as defined in claim 8, and further comprising the step of storing information relating to potentially malicious traffic alerts and responses said alerts.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vahna, Inc.
Original Assignee
Vahna, Inc.
Inventors
Conlon, Brendan, Hall, LaTonya

Application Number

US14/811,998
Publication Number

US 20150341374A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/1408   by monitoring network traff...

H04L 63/1441   Countermeasures against mal...

H04Q 9/00   Arrangements in telecontrol...

UNIFIED INTERFACE FOR ANALYSIS OF AND RESPONSE TO SUSPICIOUS ACTIVITY ON A TELECOMMUNICATIONS NETWORK

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

7 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

UNIFIED INTERFACE FOR ANALYSIS OF AND RESPONSE TO SUSPICIOUS ACTIVITY ON A TELECOMMUNICATIONS NETWORK

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links