Secure self-organizing and self-provisioning anomalous event detection systems
First Claim
1. A method for supporting managed security services, the method comprising:
- self-provisioning within an enterprise network that includes a plurality of interconnected networks by scanning the enterprise network to determine whether an instance of an anomalous event detection mechanism exists, to create the instance if the anomalous event detection mechanism does not exist, and to create automatically one or more additional instances of the anomalous event detection mechanism to accommodate expansion of the enterprise network; and
accessing, by the anomalous event detection mechanism, a database storing a rule set specifying a security policy for the enterprise network for monitoring one of the networks according to the rule set.
10 Assignments
0 Petitions
Accused Products
Abstract
An approach for providing managed security services is disclosed. A database, within a server or a pre-existing anomalous event detection system, stores a rule set specifying a security policy for a network associated with a customer. An anomalous detection event module is deployed within a premise of the customer and retrieves rule sets from the database. The anomalous detection event module monitors a sub-network of the network based on the rule sets. The anomalous event detection module is further configured to self-organize by examining components of the network and to monitor for anomalous events according to the examined components, and to self-provision by selectively creating another instance of the anomalous detection event module to monitor another sub-network of the network.
56 Citations
29 Claims
-
1. A method for supporting managed security services, the method comprising:
-
self-provisioning within an enterprise network that includes a plurality of interconnected networks by scanning the enterprise network to determine whether an instance of an anomalous event detection mechanism exists, to create the instance if the anomalous event detection mechanism does not exist, and to create automatically one or more additional instances of the anomalous event detection mechanism to accommodate expansion of the enterprise network; and accessing, by the anomalous event detection mechanism, a database storing a rule set specifying a security policy for the enterprise network for monitoring one of the networks according to the rule set. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for providing managed security services, the system comprising:
-
a database configured to store a rule set specifying a security policy for a network associated with a customer; and an anomalous detection event module deployed within a premise of the customer and configured to retrieve the rule set from the database and to monitor a sub-network within the network based on the rule set, wherein the anomalous event detection module is further configured to self-organize by examining components of the network and to monitor for the anomalous event according to the examined components, and to self-provision by creating an initial instance of itself and selectively creating another instance to monitor another sub-network of the network. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer-readable medium carrying one or more sequences of one or more instructions for supporting managed security services, the one or more sequences of one or more instructions including instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of:
-
self-provisioning within an enterprise network that includes a plurality of interconnected networks by scanning the enterprise network to determine whether an instance of an anomalous event detection mechanism exists, to create the instance if the anomalous event detection mechanism does not exist, and to create automatically one or more additional instances of the anomalous event detection mechanism to accommodate expansion of the enterprise network; and accessing, by the anomalous event detection mechanism, a database storing a rule set specifying a security policy for the enterprise network for monitoring one of the networks according to the rule set. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A network apparatus for supporting managed security services, the apparatus comprising:
-
means for self-provisioning within an enterprise network that includes a plurality of interconnected networks by scanning the enterprise network to determine whether an instance of an anomalous event detection mechanism exists, to create the instance if the anomalous event detection mechanism does not exist, and to create automatically one or more additional instances of the anomalous event detection mechanism to accommodate expansion of the enterprise network; and means for accessing, by the anomalous event detection mechanism, a database storing a rule set specifying a security policy for the enterprise network and means for monitoring one of the networks according to the rule set. - View Dependent Claims (24, 25, 26, 27, 28, 29)
-
Specification