Methods, devices, systems, and computer program products for edge driven communications network security monitoring
First Claim
Patent Images
1. A method of providing security for a communications network comprising:
- monitoring, using a programmed computer processor circuit, data at an edge of the communications network, that is outside a backbone of the communications network, the data being received at the edge from outside the backbone of the communications network;
determining, at the edge, that the data being monitored at the edge comprises a security threat to the communications network;
reporting the data determined at the edge to be the security threat to a central management system associated with the backbone; and
blocking the data at the edge responsive to determining at the edge that the data is the security threat to the communications network;
wherein blocking comprises blocking data directed to a victim at the edge for a relatively low bandwidth aggregated security threat and blocking data directed to the victim at the backbone for a relatively high bandwidth security threat.
1 Assignment
0 Petitions
Accused Products
Abstract
An edge monitoring approach can be utilized to detect an attack which includes a plurality of relatively low bandwidth attacks, which are aggregated at a victim sub-network. The aggregated low bandwidth attacks can generate a relatively high bandwidth attack including un-solicited data traffic directed to the victim'"'"' so that the aggregated attack becomes more detectable at an edge monitor circuit located proximate to the victim. Related systems, devices, and computer program products are also disclosed.
-
Citations
17 Claims
-
1. A method of providing security for a communications network comprising:
-
monitoring, using a programmed computer processor circuit, data at an edge of the communications network, that is outside a backbone of the communications network, the data being received at the edge from outside the backbone of the communications network; determining, at the edge, that the data being monitored at the edge comprises a security threat to the communications network; reporting the data determined at the edge to be the security threat to a central management system associated with the backbone; and blocking the data at the edge responsive to determining at the edge that the data is the security threat to the communications network; wherein blocking comprises blocking data directed to a victim at the edge for a relatively low bandwidth aggregated security threat and blocking data directed to the victim at the backbone for a relatively high bandwidth security threat. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for providing security for a communications network comprising:
-
an edge monitor circuit configured to monitor data at an edge of the communications network, that is outside a backbone of the communications network, the data being received at the edge from outside the backbone of the communications network; the edge monitor circuit configured to determine, at the edge, that the data being monitored at the edge comprises a security threat to the communications network; the edge monitor circuit configured to report the data determined at the edge to be the security threat to a central management system associated with the backbone; and the edge monitor circuit configured to block the data at the edge responsive to determining at the edge that the data is the security threat to the communications network; wherein the edge monitor circuit is further configured to block data directed to a victim at the edge for a relatively low bandwidth aggregated security threat and the central management system is further configured to block data directed to the victim at the backbone for a relatively high bandwidth security threat. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product for providing security for a communications network, the computer readable program product comprising a non-transitory computer readable storage medium having computer readable program code embodied therein, the computer readable program code comprising:
-
computer readable program code that is configured to monitor data at an edge of the communications network, that is outside a backbone of the communications network, the data being received at the edge from outside the backbone of the communications network; computer readable program code that is configured to determine, at the edge, that the data being monitored at the edge comprises a security threat to the communications network; computer readable program code that is configured to report the data determined at the edge to be the security threat to a central management system associated with the backbone; and computer readable program code that is configured to block the data at the edge responsive to determining at the edge that the data is the security threat to the communications network; wherein the computer readable program code configured to block comprises computer readable program code configured to block data directed to a victim at the edge for a relatively low bandwidth aggregated security threat and computer readable program code configured to block data directed to the victim at the backbone for a relatively high bandwidth security threat.
-
Specification