Comprehensive enterprise network analyzer, scanner and intrusion detection framework

US 7,062,783 B1
Filed: 12/21/2001
Issued: 06/13/2006
Est. Priority Date: 12/21/2001
Status: Expired due to Term

First Claim

Patent Images

1. A system for analyzing a network, scanning the network, and detecting intrusions in the network, comprising:

(a) a plurality of agents coupled to a plurality of computers interconnected via a network, each agent adapted to collect information;

(b) a plurality of host controllers coupled to the agents for collecting the information from the agents, scanning the information, and detecting intrusions in the network; and

(c) a plurality of zone controllers coupled to the host controllers for analyzing an output of the host controllers, and executing security actions in response thereto;

wherein a report is generated including a plurality of objects in a tree representation;

wherein intrusion detection services are provided based on the information;

wherein a Simple Network Management Protocol (SNMP) trap capability is utilized.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and associated method and computer program product are provided for providing business rule-based network services utilizing a network. Initially, information relating to a plurality of computers is collected utilizing a plurality of agents coupled to the computers via a network. Next, the information is collected from the agents utilizing a plurality of controllers coupled to the agents. Then, a plurality of business rules is identified after which various services are provided utilizing the information based on the business rules.

56 Citations

View as Search Results

30 Claims

1. A system for analyzing a network, scanning the network, and detecting intrusions in the network, comprising:
- (a) a plurality of agents coupled to a plurality of computers interconnected via a network, each agent adapted to collect information;
  
  (b) a plurality of host controllers coupled to the agents for collecting the information from the agents, scanning the information, and detecting intrusions in the network; and
  
  (c) a plurality of zone controllers coupled to the host controllers for analyzing an output of the host controllers, and executing security actions in response thereto;
  
  wherein a report is generated including a plurality of objects in a tree representation;
  
  wherein intrusion detection services are provided based on the information;
  
  wherein a Simple Network Management Protocol (SNMP) trap capability is utilized.
- View Dependent Claims (2, 3, 4, 5, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 2. The system as recited in claim 1, wherein the host controllers are further capable of cybercop services.
  - 3. The system as recited in claim 1, wherein the zone controllers are further capable of integrated reporting.
  - 4. The system as recited in claim 1, wherein the host controllers and the zone controllers operate based on business rules.
  - 5. The system as recited in claim 1, wherein the business rules are user-configurable.
  - 22. The system as recited in claim 1, wherein enterprise latency mapping is performed.
  - 23. The system as recited in claim 22, wherein at least one of the zone controllers chooses a port number associated with an application.
  - 24. The system as recited in claim 23, wherein the at least one zone controller pushes a configuration request to a plurality of the host controllers in an associated zone.
  - 25. The system as recited in claim 24, wherein the host controllers push the configuration request to the agents.
  - 26. The system as recited in claim 25, wherein the agents monitor a port associated with the port number.
  - 27. The system as recited in claim 26, wherein monitor data is sent from the agents to the host controllers.
  - 28. The system as recited in claim 27, wherein the monitor data is buffered.
  - 29. The system as recited in claim 27, wherein the host controllers update the at least one zone controller with consolidated monitor data.
  - 30. The system as recited in claim 29, wherein differences in delay times are calculated to construct a picture of latency throughout an enterprise.

6. A method for analyzing a network, scanning the network, and detecting intrusions in the network, comprising;
- (a) collecting information relating to a plurality of computers utilizing a plurality of agents coupled to the computers via a network;
  
  (b) collecting the information from the agents utilizing a plurality of host controllers coupled to the agents;
  
  (c) scanning the information utilizing the host controllers;
  
  (d) detecting intrusions in the network utilizing the host controllers;
  
  (e) collecting the information from the host controllers utilizing a plurality of zone controllers coupled to the host controllers;
  
  (f) analyzing output of (b)–
  
  (d) utilizing the zone controllers; and
  
  (g) executing security actions based on the analysis utilizing the zone controllers;
  
  wherein a report is generated including a plurality of objects in a tree representation;
  
  wherein intrusion detection services are provided based on the information;
  
  wherein a Simple Network Management Protocol (SNMP) trap capability is utilized.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method as recited in claim 6, wherein the host controllers are further capable of cybercop services.
  - 8. The method as recited in claim 6, wherein the zone controllers are further capable of integrated reporting.
  - 9. The method as recited in claim 6, wherein the host controllers and the zone controllers operate based on business rules.
  - 10. The method as recited in claim 6, wherein the business rules are user-configurable.

11. A computer program product for analyzing a network, scanning the network and detecting intrusions in the network, comprising:
- (a) computer code for collecting information relating to a plurality of computers utilizing a plurality of agents coupled to the computers via a network;
  
  (b) computer code for collecting the information from the agents utilizing a plurality of host controllers coupled to the agents;
  
  (c) computer code for scanning the information utilizing the host controllers;
  
  (d) computer code for detecting intrusions in the network utilizing the host controllers;
  
  (e) computer code for collecting the information from the host controllers utilizing a plurality of zone controllers coupled to the host controllers;
  
  (f) computer code for analyzing output of (b)–
  
  (d) utilizing the zone controllers; and
  
  (g) computer code for executing security actions based on the analysis utilizing the zone controllers;
  
  wherein a report is generated including a plurality of objects in a tree representation;
  
  wherein intrusion detection services are provided based on the information;
  
  wherein a Simple Network Management Protocol (SNMP) trap capability is utilized.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computer program product as recited in claim 11, wherein the host controllers are further capable of cybercop services.
  - 13. The computer program product as recited in claim 11, wherein the zone controllers are further capable of integrated reporting.
  - 14. The computer program product as recited in claim 11, wherein the host controllers and the zone controllers operate based on business rules.
  - 15. The computer program product as recited in claim 14, wherein the business rules are user-configurable.

16. A system for analyzing a network, scanning the network and detecting intrusions in the network, comprising:
- (a) agent means adapted to collect information;
  
  (b) host controller means for collecting the information from the agent means, scanning the information, and detecting intrusions in the network; and
  
  (c) zone controller means for analyzing an output of the host controller means, and executing security actions in response thereto;
  
  wherein a report is generated including a plurality of objects in a tree representation;
  
  wherein intrusion detection services are provided based on the information;
  
  wherein a Simple Network Management Protocol (SNMP) trap capability is utilized.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system as recited in claim 16, wherein the host controller means is further capable of cybercop services.
  - 18. The system as recited in claim 16, wherein the zone controller means is further capable of integrated reporting.
  - 19. The system as recited in claim 16, wherein the host controller means and the zone controller means operate based on business rules.
  - 20. The system as recited in claim 19, wherein the business rules are user-configurable.

21. A system for analyzing a network, scanning the network, and detecting intrusions in the network, comprising:
- (a) a plurality of agents coupled to a plurality of computers interconnected via a network, each agent adapted to collect information;
  
  (b) a plurality of host controllers coupled to the agents for collecting the information from the agents;
  
  (c) means for scanning the information;
  
  (d) means for detecting intrusions in the network;
  
  (e) a plurality of zone controllers coupled to the host controllers for analyzing an output of the host controllers; and
  
  (f) means for executing security actions in response to at least one of the scanning, the detecting, and the analyzing;
  
  wherein a report is generated including a plurality of objects in a tree representation;
  
  wherein intrusion detection services are provided based on the information;
  
  wherein a Simple Network Management Protocol (SNMP) trap capability is utilized.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Musarubra US LLC (Musarubra US SellCo LLC)
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Joiner, Herbert V.
Primary Examiner(s)
Vu, Kim
Assistant Examiner(s)
Son, Linh L D

Application Number

US10/029,686
Time in Patent Office

1,635 Days
Field of Search

713/200, 713/201, 713/202, 705/18, 714/763, 714/715, 714/1, 709/224, 709/225, 726/23
US Class Current

726/23
CPC Class Codes

H04L 41/0213   Standardised network manage...

H04L 41/046   comprising network manageme...

H04L 63/1416   Event detection, e.g. attac...

H04L 67/125   involving control of end-de...

Comprehensive enterprise network analyzer, scanner and intrusion detection framework

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

56 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Comprehensive enterprise network analyzer, scanner and intrusion detection framework

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links