Comprehensive enterprise network analyzer, scanner and intrusion detection framework
First Claim
Patent Images
1. A system for analyzing a network, scanning the network, and detecting intrusions in the network, comprising:
- (a) a plurality of agents coupled to a plurality of computers interconnected via a network, each agent adapted to collect information;
(b) a plurality of host controllers coupled to the agents for collecting the information from the agents, scanning the information, and detecting intrusions in the network; and
(c) a plurality of zone controllers coupled to the host controllers for analyzing an output of the host controllers, and executing security actions in response thereto;
wherein a report is generated including a plurality of objects in a tree representation;
wherein intrusion detection services are provided based on the information;
wherein a Simple Network Management Protocol (SNMP) trap capability is utilized.
13 Assignments
0 Petitions
Accused Products
Abstract
A system and associated method and computer program product are provided for providing business rule-based network services utilizing a network. Initially, information relating to a plurality of computers is collected utilizing a plurality of agents coupled to the computers via a network. Next, the information is collected from the agents utilizing a plurality of controllers coupled to the agents. Then, a plurality of business rules is identified after which various services are provided utilizing the information based on the business rules.
56 Citations
30 Claims
-
1. A system for analyzing a network, scanning the network, and detecting intrusions in the network, comprising:
-
(a) a plurality of agents coupled to a plurality of computers interconnected via a network, each agent adapted to collect information; (b) a plurality of host controllers coupled to the agents for collecting the information from the agents, scanning the information, and detecting intrusions in the network; and (c) a plurality of zone controllers coupled to the host controllers for analyzing an output of the host controllers, and executing security actions in response thereto; wherein a report is generated including a plurality of objects in a tree representation; wherein intrusion detection services are provided based on the information; wherein a Simple Network Management Protocol (SNMP) trap capability is utilized. - View Dependent Claims (2, 3, 4, 5, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
6. A method for analyzing a network, scanning the network, and detecting intrusions in the network, comprising;
-
(a) collecting information relating to a plurality of computers utilizing a plurality of agents coupled to the computers via a network; (b) collecting the information from the agents utilizing a plurality of host controllers coupled to the agents; (c) scanning the information utilizing the host controllers; (d) detecting intrusions in the network utilizing the host controllers; (e) collecting the information from the host controllers utilizing a plurality of zone controllers coupled to the host controllers; (f) analyzing output of (b)–
(d) utilizing the zone controllers; and(g) executing security actions based on the analysis utilizing the zone controllers; wherein a report is generated including a plurality of objects in a tree representation; wherein intrusion detection services are provided based on the information; wherein a Simple Network Management Protocol (SNMP) trap capability is utilized. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer program product for analyzing a network, scanning the network and detecting intrusions in the network, comprising:
-
(a) computer code for collecting information relating to a plurality of computers utilizing a plurality of agents coupled to the computers via a network; (b) computer code for collecting the information from the agents utilizing a plurality of host controllers coupled to the agents; (c) computer code for scanning the information utilizing the host controllers; (d) computer code for detecting intrusions in the network utilizing the host controllers; (e) computer code for collecting the information from the host controllers utilizing a plurality of zone controllers coupled to the host controllers; (f) computer code for analyzing output of (b)–
(d) utilizing the zone controllers; and(g) computer code for executing security actions based on the analysis utilizing the zone controllers; wherein a report is generated including a plurality of objects in a tree representation; wherein intrusion detection services are provided based on the information; wherein a Simple Network Management Protocol (SNMP) trap capability is utilized. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A system for analyzing a network, scanning the network and detecting intrusions in the network, comprising:
-
(a) agent means adapted to collect information; (b) host controller means for collecting the information from the agent means, scanning the information, and detecting intrusions in the network; and (c) zone controller means for analyzing an output of the host controller means, and executing security actions in response thereto; wherein a report is generated including a plurality of objects in a tree representation; wherein intrusion detection services are provided based on the information; wherein a Simple Network Management Protocol (SNMP) trap capability is utilized. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A system for analyzing a network, scanning the network, and detecting intrusions in the network, comprising:
-
(a) a plurality of agents coupled to a plurality of computers interconnected via a network, each agent adapted to collect information; (b) a plurality of host controllers coupled to the agents for collecting the information from the agents; (c) means for scanning the information; (d) means for detecting intrusions in the network; (e) a plurality of zone controllers coupled to the host controllers for analyzing an output of the host controllers; and (f) means for executing security actions in response to at least one of the scanning, the detecting, and the analyzing; wherein a report is generated including a plurality of objects in a tree representation; wherein intrusion detection services are provided based on the information; wherein a Simple Network Management Protocol (SNMP) trap capability is utilized.
-
Specification