Method and system for communicating data to and from network security devices
First Claim
1. A method comprising:
- an operations center establishing authentication information associated with a first computer network security device, wherein said first computer network security device is located within a first computer network and is configured to generate security log data for said first computer network;
said operations center receiving said security log data in data transmission from said first computer network security device, wherein said operations center is configured to monitor security of a plurality of computer networks, wherein said receiving said security log data comprises receiving a signature generated by said first computer network security device;
said operations center authenticating said data transmission using said authentication information, wherein said authenticating comprises determining whether a timestamp associated with said received signature has expired; and
said operations center analyzing said security log data to monitor security of said first computer network, wherein said analyzing comprises;
automatically performing one or more queries on the security log data to identify a plurality of sub-events indicative of malicious activity in said first computer network;
storing data representing the plurality of sub-events; and
automatically correlating two or more of the sub-events in order to identify one or more patterns indicative of malicious activity in said first computer network.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for transmitting data from a computer network security device for monitoring at least one computer network node to an operations center for monitoring at least the computer network security device and to the computer network security device from the operations center in a managed computer network security system including at least the computer network security device and operations center, including establishing security information associated with the at least one computer network security device. The established security information is used to authenticate data transmissions from the computer network security device to the operations center. The established security information is used to authenticate data transmission to the computer network security device from the operations center.
55 Citations
25 Claims
-
1. A method comprising:
-
an operations center establishing authentication information associated with a first computer network security device, wherein said first computer network security device is located within a first computer network and is configured to generate security log data for said first computer network; said operations center receiving said security log data in data transmission from said first computer network security device, wherein said operations center is configured to monitor security of a plurality of computer networks, wherein said receiving said security log data comprises receiving a signature generated by said first computer network security device; said operations center authenticating said data transmission using said authentication information, wherein said authenticating comprises determining whether a timestamp associated with said received signature has expired; and said operations center analyzing said security log data to monitor security of said first computer network, wherein said analyzing comprises; automatically performing one or more queries on the security log data to identify a plurality of sub-events indicative of malicious activity in said first computer network; storing data representing the plurality of sub-events; and automatically correlating two or more of the sub-events in order to identify one or more patterns indicative of malicious activity in said first computer network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. One or more computer-readable storage media storing program instructions that are computer executable to:
-
store authentication information associated with a first computer network security device in a database in an operations center, wherein said first computer network security device is located within a first computer network and is configured generate security log data for said first computer network, and wherein said operations center is configured to monitor security of a plurality of computer networks; receive said security log data at the operations center in data transmission from said first computer network security device, including receiving a signature generated by said first computer network security device; authenticate said data transmission using said authentication information, including determining whether a timestamp associated with the received signature has expired; and analyze said security log data to monitor security of said first computer network, wherein said analyzing comprises; automatically performing one or more queries on the security log data to identify a plurality of sub-events indicative of malicious activity in said first computer network; storing data representing the plurality of sub-events; and automatically correlating one or more of the sub-events in order to identify one or more patterns indicative of malicious activity in said first computer network.
-
-
25. An operations center comprising:
-
one or more processors; a memory storing program instructions that are executable by the one or more processors to; receive authentication information associated with a computer network security device, wherein said computer network security device is located within a first computer network and is configured to generate security log data for said first computer network, and wherein said operations center is configured to monitor security of a plurality of computer networks; receive said security log data in data transmission from said computer network security device, including receiving a signature generated by said computer network security device; authenticate said data transmission using said authentication information, including determining whether a timestamp associated with the received signature has expired; and analyze said security log data to monitor security of said first computer network, wherein said analyzing comprises; automatically performing one or more queries on the security log data to identify a plurality of sub-events indicative of malicious activity in said first computer network; storing data representing the plurality of sub-events; and automatically correlating one or more of the sub-events in order to identify one or more patterns indicative of malicious activity in said first computer network.
-
Specification