Network Security Monitoring and Correlation System and Method of Using Same
First Claim
1. A network visualization system, comprising:
- an application server comprising a non-transitory computer readable medium having stored thereon software instructions for programming the application server to perform server operations including;
retrieving network traffic metadata and discrete data pertaining to a monitored network;
processing the network traffic metadata by normalizing the network traffic metadata and constructing a graph data structure, the graph data structure comprising;
one or more vertices representing computer hosts; and
one or more edges representing connections between two computer hosts;
processing the discrete data by adding the discrete data to the one or more edges in the graph data structure; and
a client application comprising a non-transitory computer readable medium having stored thereon software instructions for programming the application server to perform client operations including generating a three-dimensional visualization of the monitored network by parsing the graph data structure received from the server.
2 Assignments
0 Petitions
Accused Products
Abstract
A network security monitoring and correlation system for providing a three-dimensional visualization of network traffic overlaid with security alerts and other relevant discrete data. The system may comprise an application server communicably linked to a client. The server functions to retrieve network traffic metadata and relevant discrete data associated with individual computer hosts and connections in the monitored network, process the network traffic data by building a graph data structure, and then embedding within the graph data structure one or more layers of additional information about the individual computer hosts and connections derived from the discrete data. The client functions to produce a three-dimensional visualization of the network environment by parsing the graph data structure received from the server and then spawning computer hosts and connections in the 3-D environment. The client will then add the overlay information to the appropriate hosts or connections, with the overlay information preferably being represented within the 3-D environment as a particular color, shape, size, position, or a changing dynamic value.
-
Citations
19 Claims
-
1. A network visualization system, comprising:
-
an application server comprising a non-transitory computer readable medium having stored thereon software instructions for programming the application server to perform server operations including; retrieving network traffic metadata and discrete data pertaining to a monitored network; processing the network traffic metadata by normalizing the network traffic metadata and constructing a graph data structure, the graph data structure comprising;
one or more vertices representing computer hosts; and
one or more edges representing connections between two computer hosts;processing the discrete data by adding the discrete data to the one or more edges in the graph data structure; and a client application comprising a non-transitory computer readable medium having stored thereon software instructions for programming the application server to perform client operations including generating a three-dimensional visualization of the monitored network by parsing the graph data structure received from the server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of visualizing a monitored computer network, the method comprising:
-
retrieving network traffic metadata and discrete data pertaining to a monitored network; processing the network traffic metadata by embedding the network traffic metadata into a graph data structure, the graph data structure comprising;
one or more vertices representing computer hosts; and
one or more edges representing connections between two computer hosts;processing the discrete data by adding the discrete data to the one or more edges in the graph data structure; generating a three-dimensional visualization of the monitored network; and displaying the three-dimensional visualization of the monitored network overlaid with the discrete data. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A network visualization system, comprising:
-
an application server comprising;
a retrieval engine module for retrieving network traffic metadata and discrete data pertaining to a monitored network;
a graph generator module for processing the network metadata and building a graph data structure, wherein the graph data structure includes one or more vertices representing computer hosts and one or more edges representing connections between two computer hosts; and
an overlay generator module for processing the discrete data by adding the discrete data to the one or more edges in the graph data structure; anda client application comprising;
a network worker module communicably linked to the application server;
a 3-D object generator module for creating a simulated 3-D environment;
a communicator module for spawning one or more primary three-dimensional objects in the 3-D environment representing computer hosts in the monitored network, and for spawning one or more secondary three-dimensional objects in the 3-D environment representing the connections between two computer hosts in the monitored network; and
a graphical user interface for displaying the simulated 3-D environment.
-
Specification