INTEGRATED SECURITY SYSTEM HAVING THREAT VISUALIZATION

US 20170126727A1
Filed: 12/30/2015
Published: 05/04/2017
Est. Priority Date: 11/03/2015
Status: Abandoned Application

First Claim

Patent Images

1. A security management system comprising:

one or more processors;

one or more computer-readable memories;

a threat data aggregator that executes on one or more of the processors to aggregate data received from a plurality of security devices positioned within a network and configured to perform deep packet inspection on packet flows within the network, wherein the data received from the plurality of security devices identifies a plurality of threats detected by the security devices; and

a threat control module having a visualization module that executes on one or more of the processors to display the threats corresponding to the aggregated threat data by the threat data aggregator in a single, aggregated representation for the entire network,wherein the visualization module generates one or more filtered representations of the aggregated threat data based on one or more user interface elements selected by an administrator.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for taking direct actions, such as selectively blocking or allowing traffic and applications, while monitoring events from a graphical representation of threats. As such, the administrator in an enterprise interacts with the graphical representation of threats rendered by the security management system to automatically invoke a policy/rule module of the security management system to configure and update security policies for the security devices deployed throughout the computer networks of the enterprise. An administrator may, for example, interact with the representation of threats rendered by the threat control module based on the data aggregated from the distributed security devices and, responsive to the interaction, the security management system may identify a relevant set of the security devices, automatically construct security policies having ordered rules within the policies for the identified set of security devices, and automatically communicate and install the policies in the identified set of security devices.

Citations

18 Claims

1. A security management system comprising:
- one or more processors;
  
  one or more computer-readable memories;
  
  a threat data aggregator that executes on one or more of the processors to aggregate data received from a plurality of security devices positioned within a network and configured to perform deep packet inspection on packet flows within the network, wherein the data received from the plurality of security devices identifies a plurality of threats detected by the security devices; and
  
  a threat control module having a visualization module that executes on one or more of the processors to display the threats corresponding to the aggregated threat data by the threat data aggregator in a single, aggregated representation for the entire network,wherein the visualization module generates one or more filtered representations of the aggregated threat data based on one or more user interface elements selected by an administrator.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The security management system of claim 1, wherein the aggregated representation is a live threat visualization of the one or more threats.
  - 3. The security management system of claim 1, wherein the filtered representations includes a display of at least one of a grid view, chart view, or map view.
  - 4. The security management system of claim 1, wherein the filtered representations includes a display of at least one of an application usage view or a user usage view.
  - 5. The security management system of claim 1, wherein the filtered representations include at least one approximate geographic location detail, interne protocol address detail, threat action status detail, or security device detail associated with the threats.
  - 6. The security management system of claim 1, wherein the visualization module generates a graphical indicator associated with the threats.
  - 7. The security management system of claim 1,wherein the user interface elements selected by the administrator includes user interface elements operable to select, in response to input from the administrator, at least one of a geographic location, a software application, or a user, andwherein the visualization module generates the one or more filtered representations of depicting a subset of the threats based on a subset of the aggregated threat data in accordance with the selection.

8. A method comprising:
- receiving data on a plurality of threats from a plurality of security devices;
  
  aggregating the threats from the security devices;
  
  displaying an aggregated representation of the threats;
  
  selecting one or more user interface elements from the aggregated representation; and
  
  in response to selecting the user interface elements, displaying a filtered representation of the threats.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 9. The method of claim 8, wherein displaying an aggregated representation of the threats includes displaying a live threat visualization of the threats.
  - 10. The method of claim 8, wherein displaying an aggregated representation of the threats includes displaying a graphical indicator associated with the threats.
  - 11. The method of claim 8, wherein displaying an aggregated representation of the threats includes displaying the threats based on a location corresponding to an approximate geographical location associated with the threats.
  - 12. The method of claim 8, wherein displaying a filtered representation includes displaying the filtered representation as one of a grid view, a chart view, or a map view.
  - 13. The method of claim 12, wherein the map view displays threats based on a location corresponding to an approximate geographical location associated with a source of the threat.
  - 14. The method of claim 12, wherein the map view displays threats based on a location corresponding to an approximate geographical location associated with a destination of the threat.
  - 15. The method of claim 8, wherein displaying a filtered representation of the threats includes displaying the filtered representation as one of an application usage view or a user usage view.
  - 16. The method of claim 8, wherein displaying a filtered representation includes displaying at least one approximate geographic location detail, internet protocol address detail, threat action status detail, or security device detail associated with the threats.
  - 17. The method of claim 8, wherein displaying a filtered representation of the threats includes displaying the filtered representation as an overlay on the aggregated representation of the threats.
  - 18. The method of claim 8, wherein selecting the user interface element from the aggregated representation includes selecting at least one of a geographic location, an application, or a user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Beam, Lisa M., Nesteroff, Lyubov, Shimuk, Natalia L., Chavez, Rene, Subbarao, Sujatha P., Park, Dennis

Application Number

US14/983,927
Publication Number

US 20170126727A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0263   Rule management

H04L 63/14   for detecting or protecting...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

INTEGRATED SECURITY SYSTEM HAVING THREAT VISUALIZATION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

INTEGRATED SECURITY SYSTEM HAVING THREAT VISUALIZATION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links