Secure self-organizing and self-provisioning anomalous event detection systems
First Claim
1. A computer-implemented method comprising:
- scanning a network, by a processor, for an instance of an anomalous event detection module, wherein the network includes one or more sub-networks;
creating the instance if no instance exists;
determining whether one or more additional instances need to be created based on a change in configuration of the network; and
automatically creating the one or more additional instances based on the determined change in configuration.
7 Assignments
0 Petitions
Accused Products
Abstract
An approach for providing managed security services is disclosed. A database, within a server or a pre-existing anomalous event detection system, stores a rule set specifying a security policy for a network associated with a customer. An anomalous detection event module is deployed within a premise of the customer and retrieves rule sets from the database. The anomalous detection event module monitors a sub-network of the network based on the rule sets. The anomalous event detection module is further configured to self-organize by examining components of the network and to monitor for anomalous events according to the examined components, and to self-provision by selectively creating another instance of the anomalous detection event module to monitor another sub-network of the network.
-
Citations
20 Claims
-
1. A computer-implemented method comprising:
-
scanning a network, by a processor, for an instance of an anomalous event detection module, wherein the network includes one or more sub-networks; creating the instance if no instance exists; determining whether one or more additional instances need to be created based on a change in configuration of the network; and automatically creating the one or more additional instances based on the determined change in configuration. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
an anomalous event detection module configured to scan a network for an instance of itself, wherein the network includes one or more sub-networks, wherein the anomalous event detection module is further configured to create the instance if no instance exists, and to determine whether one or more additional instances need to be created based on a change in configuration of the network, the anomalous event detection module automatically creating the one or more additional instances based on the determined change in configuration. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
17. An apparatus comprising:
-
a communication interface configured to scan a network for an instance of an anomalous event detection module, wherein the network includes one or more sub-networks; and a processor configured to create the instance if no instance exists, and to determine whether one or more additional instances need to be created based on a change in configuration of the network, wherein the one or more additional instances are automatically created based on the determined change in configuration. - View Dependent Claims (18, 19, 20)
-
Specification