Method and system for prioritizing security operations in a communication network
First Claim
Patent Images
1. A method comprising:
- performing a plurality of different security operations on each of a plurality of data packets at a single network security device, the plurality of security operations including dropping of malicious data packets;
recording a rate of malicious data packets being dropped by each of the plurality of security operations;
associating a priority to each security operation based on a rate of malicious data packets being dropped such that a given security operation having a higher rate of malicious data packets being dropped has a higher priority than a given security operation having a lower rate of malicious data packets being dropped; and
re-ordering the plurality of security operations at the network security device, the re-ordering being based on a decreasing order of priority, wherein the plurality of security operations are re-ordered automatically.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system and apparatus for filtering data packets through an integrated network security device are provided. Various security operations are performed on the data packets belonging to a network connection while they pass through the integrated network security device in a communication network. A classification engine is applied to the first packet of the connection. The result of this filtering is stored in a per-connection control key, and determines which of the security operations must be applied to each of the data packets of the connection. These security operations may be prioritized and re-ordered, based on the rate at which they detect and drop malicious data packets.
8 Citations
12 Claims
-
1. A method comprising:
-
performing a plurality of different security operations on each of a plurality of data packets at a single network security device, the plurality of security operations including dropping of malicious data packets; recording a rate of malicious data packets being dropped by each of the plurality of security operations; associating a priority to each security operation based on a rate of malicious data packets being dropped such that a given security operation having a higher rate of malicious data packets being dropped has a higher priority than a given security operation having a lower rate of malicious data packets being dropped; and re-ordering the plurality of security operations at the network security device, the re-ordering being based on a decreasing order of priority, wherein the plurality of security operations are re-ordered automatically. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system comprising:
-
means for performing a plurality of different security operations on each of a plurality of data packets at a single network security device; means for recording a rate of malicious data packets being dropped by each of the plurality of security operations; means for associating a priority to each security operation based on a rate of malicious data packets being dropped such that a given security operation having a higher rate of malicious data packets being dropped has a higher priority than a given security operation having a lower rate of malicious data packets being dropped; and means for re-ordering the plurality of security operations at the single network security device, the re-ordering being based on a decreasing order of priority, wherein the plurality of security operations are re-ordered automatically.
-
-
7. A system comprising:
-
one or more security operations modules, the one or more security operations module performing a plurality of different security operations on each of a plurality of data packets at a single network security device; a recording module for recording a rate of malicious data packets being dropped by each of the plurality of security operations module; and a re-ordering module for automatically re-ordering the plurality of security operations at the single network security device, the re-ordering being based on a decreasing order of priority, wherein each security operation is associated with a rate of malicious data packets being dropped such that a given security operation having a higher rate of malicious data packets being dropped has a higher priority than a given security operation having a lower rate of malicious data packets being dropped. - View Dependent Claims (8, 9, 10)
-
-
11. An apparatus comprising:
-
a processing system including a processor coupled to a display and user input device; a machine-readable medium including instructions executable by the processor comprising; one or more instructions for performing a plurality of different security operations on each of a plurality of data packets at a single network security device, the plurality of security operations including dropping of malicious data packets; one or more instructions for recording a rate of the malicious data packets being dropped by each of the plurality of security operations; one or more instructions for associating a priority to each security operation based on a rate of malicious data packets being dropped such that a given security operation having a higher rate of malicious data packets being dropped has a higher priority than a given security operation having a lower rate of malicious data packets being dropped; and one or more instructions for re-ordering the plurality of security operations at a single network security device, the re-ordering being based on a decreasing order of priority, wherein the plurality of security operations are re-ordered automatically.
-
-
12. A non-transitory machine-readable medium including instructions executable by a processor, the machine-readable medium comprising:
-
one or more instructions for performing a plurality of different security operations on each of a plurality of data packets at a single network security device, the plurality of security operations including dropping of malicious data packets; one or more instructions for recording a rate of the malicious data packets being dropped by each of the plurality of security operations; one or more instructions for associating a priority to each security operation based on a rate of malicious data packets being dropped such that a given security operation having a higher rate of malicious data packets being dropped has a higher priority than a given security operation having a lower rate of malicious data packets being dropped; and one or more instructions for re-ordering the plurality of security operations at a single network security device, the re-ordering being based on a decreasing order of priority, wherein the plurality of security operations are re-ordered automatically.
-
Specification