Network security system integration
First Claim
Patent Images
1. A protection system for a first network of machines/hosts, comprising:
- a network discovery functionality which scans the first network to identify components present in the first network and their properties;
a management agent which receives a detection signature for a type of attack pertinent to a certain component and/or certain property, the management agent operating to query the network discovery functionality to determine whether the certain component and/or the certain property are among the identified components and/or properties present in the first network and, if so, instantiate the detection signature for that type of attack and otherwise not instantiate the detection signature in order to minimize false detection;
a traffic inspection agent that analyzes network traffic passing from a second network of machines/hosts into the first network of machines/hosts in view of instantiated detection signatures to identify passing content that is potentially harmful to the first network and issue alerts;
a network entrance sentry coupled to receive the network traffic from the traffic inspection agent and which operates to prevent unauthorized access to the first network;
an interlocking functionality supporting delivery of the traffic inspection agent issued alerts to the network entrance sentry; and
the network entrance sentry further operating responsive to the traffic inspection agent issued alert to block the identified passing content that is potentially harmful to the first network from entering the first network.
10 Assignments
0 Petitions
Accused Products
Abstract
A network discovery functionality, intrusion detector functionality and firewalling functionality are integrated together to form a network security system presenting a self-deploying and self-hardening security defense for a network.
126 Citations
40 Claims
-
1. A protection system for a first network of machines/hosts, comprising:
-
a network discovery functionality which scans the first network to identify components present in the first network and their properties; a management agent which receives a detection signature for a type of attack pertinent to a certain component and/or certain property, the management agent operating to query the network discovery functionality to determine whether the certain component and/or the certain property are among the identified components and/or properties present in the first network and, if so, instantiate the detection signature for that type of attack and otherwise not instantiate the detection signature in order to minimize false detection; a traffic inspection agent that analyzes network traffic passing from a second network of machines/hosts into the first network of machines/hosts in view of instantiated detection signatures to identify passing content that is potentially harmful to the first network and issue alerts; a network entrance sentry coupled to receive the network traffic from the traffic inspection agent and which operates to prevent unauthorized access to the first network; an interlocking functionality supporting delivery of the traffic inspection agent issued alerts to the network entrance sentry; and the network entrance sentry further operating responsive to the traffic inspection agent issued alert to block the identified passing content that is potentially harmful to the first network from entering the first network. - View Dependent Claims (2, 3, 4)
-
-
5. A method for protection of a first network of machines/hosts, comprising:
-
scanning the first network to identify components present in the first network and their properties; receiving a detection signature for a type of attack pertinent to a certain component and/or certain property; determining whether the certain component and/or the certain property are among the components and/or properties present in the first network identified by scanning; if so, instantiating the detection signature for that type of attack; and otherwise not instantiating the detection signature in order to minimize false detection; analyzing network traffic passing from a second network of machines/hosts into the first network of machines/hosts in view of instantiated detection signatures to identify passing content that is potentially harmful to the first network; issuing alerts responsive to detection of passing content that is potentially harmful; receiving the alerts at a firewall which also processes the network traffic and prevents unauthorized access to the first network; and blocking entrance of the identified passing content that is potentially harmful to the first network at the firewall in response to the received alerts. - View Dependent Claims (6, 7, 8)
-
-
9. A network protection system, comprising:
-
a network discovery functionality associated with a first network of devices/hosts that scans the first network prior to an attack to detect computer system and network device vulnerabilities to an attack based on the devices/hosts which are present in the first network and provides a notification identifying the detected vulnerabilities of the first network which could potentially be subsequently exploited by such an attack; a security management agent receiving the notification identifying the detected vulnerabilities and operating to tailor a detection signature to address the vulnerability to attack detected by the network discovery functionality; and an intrusion detector functionality upon which the tailored detection signature is instantiated by the security management agent prior to attack, the intrusion detector functionality analyzing network traffic received by the first network from a second network of devices/hosts in view of the instantiated detection signature to protect against exploitation of the detected vulnerabilities of the first network in such an attack by identifying entering content that is potentially harmful to the first network and issuing alerts. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A method for network protection, comprising:
-
scanning a first network of devices/hosts prior to an attack to detect computer system and network device vulnerabilities to an attack based on the devices/hosts which are present in the network; providing a notification the detected vulnerabilities of the first network which could potentially be subsequently exploited by such an attack; tailoring a detection signature to address the notified vulnerability to attack detected by the scanning step in the context of a configuration of the first network being protected; instantiating the tailored detection signature on a packet inspection agent prior to attack, the packet inspection agent analyzing network traffic received by the first network from a second network of devices/hosts in view of the instantiated detection signature to protect against exploitation of the detected vulnerabilities of the first network in such an attack by identifying passing content that is potentially harmful to the first network; and issuing alerts in response to the identified potentially harmful passing content. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A defense system for a first network of machines/hosts, comprising:
-
a network discovery functionality operating to scan the first network of machines/hosts to detect computer system and network device vulnerabilities to a future attack; an intrusion detector functionality operating to monitor traffic entering the first network of machines/hosts from a second network of machines/hosts and identify a current attack from entering content that is potentially harmful to the first network; a firewalling functionality operating to block unauthorized access to the first network of machines/hosts from the second network and block harmful content received from the second network from entering the first network; a management agent interconnecting the network discovery functionality, intrusion detector functionality and firewalling functionality together such that a self-deploying and self-hardening security defense is provided for the first network; wherein the management agent supports the self-deployed security defense by having the network discovery functionality, intrusion detector functionality and firewalling functionality work together to automate threat detection and threat response operations; and wherein the management agent supports the self-hardening security defense by having the network discovery functionality, intrusion detector functionality and firewalling functionality implement threat detection and threat response operations in a manner that mitigates instances of false detection. - View Dependent Claims (24, 25, 26, 27)
-
-
28. A method for providing network defense, comprising:
-
using a network discovery functionality operating to scan a first network of machines/hosts to detect computer system and network device vulnerabilities to a future attack, an intrusion detector functionality operating to monitor traffic entering the first network of machines/hosts from a second network of machines/hosts and identify a current attack from entering content that is potentially harmful to the first network and a firewalling functionality operating to block unauthorized access to the first network of machines/hosts from the second network and block harmful content received from the second network from entering the first network, integrating the network discovery functionality, intrusion detector functionality and firewalling functionality together such that a self-deploying and self-hardening security defense is provided for the first network of machines/hosts; wherein integrating achieves the self-deploying security defense by having the network discovery functionality, intrusion detector functionality and firewalling functionality work together to automate threat detection and threat response operations and achieves the self-hardening security defense by having the network discovery functionality, intrusion detector functionality and firewalling functionality implement threat detection and threat response operations in a manner that mitigates instances of false detection. - View Dependent Claims (29, 30, 31, 32)
-
-
33. A defense system for a first network of machines/hosts, comprising:
-
a traffic inspection agent that recognizes, from an analysis of passing network traffic concerning the first network of machines/hosts, that a new machine has been installed on the first network, the agent issuing a scan trigger in response thereto; a network discovery function, operating responsive to the issued scan trigger, for scanning the first network, finding the new machine, and identifying a network vulnerability to an attack which is attributable to the presence of the new machine; and the traffic inspection agent responding to the identified network vulnerability to instantiate a detection signature for detecting possible exploitation of that vulnerability to attack in connection with network traffic received by the first network from a second network of machines/hosts connected to the first network. - View Dependent Claims (34, 35, 36)
-
-
37. A method for defense of a first network of machines/hosts, comprising:
-
analyzing passing network traffic concerning the first network of machines/hosts to recognize that a new machine has been installed on the first network; issuing a scan trigger in response thereto; scanning the first network in response to the scan trigger to find the new machine and identify a network vulnerability to an attack which is attributable to the presence of the new machine; and instantiating a detection signature in response to the identified vulnerability for detecting possible exploitation of that vulnerability in connection with network traffic received by the first network from a second network of machines/hosts connected to the first network. - View Dependent Claims (38, 39, 40)
-
Specification