INTEGRATED SECURITY SYSTEM HAVING THREAT VISUALIZATION
First Claim
1. A security management system comprising:
- one or more processors;
one or more computer-readable memories;
a threat data aggregator that executes on one or more of the processors to aggregate data received from a plurality of security devices positioned within a network and configured to perform deep packet inspection on packet flows within the network, wherein the data received from the plurality of security devices identifies a plurality of threats detected by the security devices; and
a threat control module having a visualization module that executes on one or more of the processors to display the threats corresponding to the aggregated threat data by the threat data aggregator in a single, aggregated representation for the entire network,wherein the visualization module generates one or more filtered representations of the aggregated threat data based on one or more user interface elements selected by an administrator.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques are described for taking direct actions, such as selectively blocking or allowing traffic and applications, while monitoring events from a graphical representation of threats. As such, the administrator in an enterprise interacts with the graphical representation of threats rendered by the security management system to automatically invoke a policy/rule module of the security management system to configure and update security policies for the security devices deployed throughout the computer networks of the enterprise. An administrator may, for example, interact with the representation of threats rendered by the threat control module based on the data aggregated from the distributed security devices and, responsive to the interaction, the security management system may identify a relevant set of the security devices, automatically construct security policies having ordered rules within the policies for the identified set of security devices, and automatically communicate and install the policies in the identified set of security devices.
-
Citations
18 Claims
-
1. A security management system comprising:
-
one or more processors; one or more computer-readable memories; a threat data aggregator that executes on one or more of the processors to aggregate data received from a plurality of security devices positioned within a network and configured to perform deep packet inspection on packet flows within the network, wherein the data received from the plurality of security devices identifies a plurality of threats detected by the security devices; and a threat control module having a visualization module that executes on one or more of the processors to display the threats corresponding to the aggregated threat data by the threat data aggregator in a single, aggregated representation for the entire network, wherein the visualization module generates one or more filtered representations of the aggregated threat data based on one or more user interface elements selected by an administrator. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
receiving data on a plurality of threats from a plurality of security devices; aggregating the threats from the security devices; displaying an aggregated representation of the threats; selecting one or more user interface elements from the aggregated representation; and in response to selecting the user interface elements, displaying a filtered representation of the threats. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
Specification