Network intrusion mitigation
First Claim
Patent Images
1. A computer-implemented method for mitigating against a cyber attack on a network, the method comprising:
- receiving an IP address of an infected device and a signature identifier from an intrusion detection system at a cyber attack mitigation control center in response to the intrusion detection system detecting an event that represents a threat to the network at one or more locations on the network, wherein the intrusion detection system checks data packets travelling through the network against a predefined signature;
locating, by the cyber attack mitigation control center, a physical port associated with the threat in response to receiving the IP address by;
a) querying, by the cyber attack mitigation control center, an address table corresponding to a first router or a first switch to determine a port associated with the IP address on the router or the switch,b) if the port associated with the IP address is not connected to the infected device, navigating to a second router or to a second switch connected to the port associated with the IP address of the first router or to the first switch, andc) navigating to additional routers and/or switches by repeating a) and b) until the physical port associated with the infected device is located; and
automatically shutting off the physical port associated with the infected device.
2 Assignments
0 Petitions
Accused Products
Abstract
Described are methods and apparatus, including computer program products, for mitigating against a cyber attack on a network. An indication is received from an intrusion detection system that an event has occurred representing a threat to the network. Upon receiving the event from the intrusion detection system, automated processes determine a port associated with the threat and automatically block the port.
313 Citations
30 Claims
-
1. A computer-implemented method for mitigating against a cyber attack on a network, the method comprising:
-
receiving an IP address of an infected device and a signature identifier from an intrusion detection system at a cyber attack mitigation control center in response to the intrusion detection system detecting an event that represents a threat to the network at one or more locations on the network, wherein the intrusion detection system checks data packets travelling through the network against a predefined signature; locating, by the cyber attack mitigation control center, a physical port associated with the threat in response to receiving the IP address by; a) querying, by the cyber attack mitigation control center, an address table corresponding to a first router or a first switch to determine a port associated with the IP address on the router or the switch, b) if the port associated with the IP address is not connected to the infected device, navigating to a second router or to a second switch connected to the port associated with the IP address of the first router or to the first switch, and c) navigating to additional routers and/or switches by repeating a) and b) until the physical port associated with the infected device is located; and automatically shutting off the physical port associated with the infected device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for mitigating against a cyber attack on a network, the system comprising:
-
a communications network; and a computing device in communication with the communications network, the computing device being configured to; receive an IP address of an infected device and a signature identifier from an intrusion detection system at a cyber attack mitigation control center in response to the intrusion detection system detecting an event that represents a threat to the network at one or more locations on the network, wherein the intrusion detection system checks data packets travelling through the network against a predefined signature; locate, by the cyber attack mitigation control center, a physical port associated with the threat in response to receiving the IP address by; a) querying, by the cyber attack mitigation control center, an address table corresponding to a first router or a first switch to determine a port associated with the IP address on the router or the switch, b) if the port associated with the IP address is not connected to the infected device, navigating to a second router or to a second switch connected to the port associated with the IP address of the first router or to the first switch, and c) navigating to additional routers and/or switches by repeating a) and b) until the physical port associated with the infected device is located; and automatically shut off the physical port associated with the infected device. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A computer program product, tangibly embodied in a computer-readable storage medium, for mitigating against a cyber attack on a network, the computer program product including instructions being operable to cause data processing apparatus to:
-
receive an IP address of an infected device and a signature identifier from an intrusion detection system at a cyber attack mitigation control center in response to the intrusion detection system detecting an event that represents a threat to the network at one or more locations on the network, wherein the intrusion detection system checks data packets travelling through the network against a predefined signature; locate, by the cyber attack mitigation control center, a physical port associated with the threat in response to receiving the IP address by; a) querying, by the cyber attack mitigation control center, an address table corresponding to a first router or a first switch to determine a port associated with the IP address on the router or the switch, b) if the port associated with the IP address is not connected to the infected device, navigating to a second router or to a second switch connected to the port associated with the IP address of the first router or to the first switch, and c) navigating to additional routers and/or switches by repeating a) and b) until the physical port associated with the infected device is located; and automatically shut down the physical port associated with the infected device.
-
-
25. A computer-implemented method for mitigating against a cyber attack on a network, the method comprising:
-
receiving an IP address of an infected device and a signature identifier from an intrusion detection system at a cyber attack mitigation control center in response to the intrusion detection system detecting an event that represents a threat to the network at one or more locations on the network, wherein the intrusion detection system checks data packets travelling through the network against a predefined signature; locating, by the cyber attack mitigation control center, a physical port associated with the threat in response to receiving the IP address by; a) querying, by the cyber attack mitigation control center, an address table corresponding to a first router or a first switch to determine a port associated with the IP address on the router or the switch, b) if the port associated with the IP address is not connected to the infected device, navigating to a second router or to a second switch connected to the port associated with the IP address of the first router or to the first switch, and c) navigating to additional routers and/or switches by repeating a) and b) until the physical port associated with the infected device is located; and automatically blocking the physical port. - View Dependent Claims (26, 27, 28, 29, 30)
-
Specification