Intelligent integrated network security device
First Claim
Patent Images
1. A method comprising:
- receiving a data packet;
examining the data packet;
identifying a packet identifier using header data associated with the data packet;
searching a flow table, using the packet identifier, to identify a single flow record associated with the data packet;
extracting instructions for two or more security devices from the single flow record when the single flow record is identified in the flow table, the instructions relating to processing the data packet;
communicating a respective one of the instructions to a respective one of the two or more security devices,communicating the respective one of the instructions to the respective one of the two or more security devices including;
communicating a first instruction, of the instructions, to a first security device of the two or more security devices, andcommunicating a second instruction, of the instructions, to a second security device, of the two or more security devices, different than the first security device;
receiving, from each of the two or more security devices, evaluation information,the evaluation information, received from the first security device, being generated by the first security device based on the first instruction, andthe evaluation information, received from the second security device, being generated by the second security device based on the second instruction; and
processing the data packet using the evaluation information received from each of the two or more security devices.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods, computer program products and apparatus for processing data packets are described. Methods include receiving the data packet, examining the data packet, determining a single flow record associated with the packet and extracting flow instructions for two or more devices from the single flow record.
-
Citations
41 Claims
-
1. A method comprising:
-
receiving a data packet; examining the data packet; identifying a packet identifier using header data associated with the data packet; searching a flow table, using the packet identifier, to identify a single flow record associated with the data packet; extracting instructions for two or more security devices from the single flow record when the single flow record is identified in the flow table, the instructions relating to processing the data packet; communicating a respective one of the instructions to a respective one of the two or more security devices, communicating the respective one of the instructions to the respective one of the two or more security devices including; communicating a first instruction, of the instructions, to a first security device of the two or more security devices, and communicating a second instruction, of the instructions, to a second security device, of the two or more security devices, different than the first security device; receiving, from each of the two or more security devices, evaluation information, the evaluation information, received from the first security device, being generated by the first security device based on the first instruction, and the evaluation information, received from the second security device, being generated by the second security device based on the second instruction; and processing the data packet using the evaluation information received from each of the two or more security devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 24, 25, 26, 27, 28)
-
-
10. A non-transitory computer-readable medium comprising:
a plurality of instructions which, when executed by a device, cause the device to; receive a data packet; examine the data packet; identify a packet identifier using header data associated with the data packet; search a flow table, using the packet identifier, to identify a single flow record associated with the data packet; extract instructions, for two or more security devices, from the single flow record when the single flow record is identified in the flow table, the instructions relating to processing the data packet; communicate a respective one of the instructions to a respective one of the two or more security devices, one or more instructions, of the plurality of instructions, to communicate the respective one of the instructions to the respective one of the two or more security devices including; one or more instructions to communicate a first instruction, of the instructions, to a first security device of the two or more security devices, and one or more instructions to communicate a second instruction, of the instructions, to a second security device, of the two or more security devices, different than the first security device; receive, from each of the two or more security devices, evaluation information, the evaluation information, received from the first security device, being generated by the first security device based on the first instruction, and the evaluation information, received from the second security device, being generated by the second security device based on the second instruction; and process the data packet using the evaluation information received from each of the two or more security devices. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
29. A method comprising:
-
examining a data packet; identifying, based on examining the data packet, a packet identifier using header data associated with the data packet; searching a flow table, using the packet identifier, to identify a single flow record associated with the data packet; extracting, from the single flow record when the single flow record is identified in the flow table, instructions for two or more of an intrusion detection system, an intrusion prevention system, a firewall, or a flow-based router, the instructions relating to processing the data packet; communicating a respective one of the instructions to a respective one of the two or more of the intrusion detection system, the intrusion prevention system, the firewall, or the flow-based router, communicating the respective one of the instructions to the respective one of the two or more of the intrusion detection system, the intrusion prevention system, the firewall, or the flow-based router including; communicating a first instruction, of the instructions, to a first one of the two or more of the intrusion detection system, the intrusion prevention system, the firewall, or the flow-based router, and communicating a second instruction, of the instructions, to a second one of the two or more of the intrusion detection system, the intrusion prevention system, the firewall, or the flow-based router, different than the first one of the two or more of the intrusion detection system, the intrusion prevention system, the firewall, or the flow-based router; receiving evaluation information from each of the two or more of the intrusion detection system, the intrusion prevention system, the firewall, or the flow-based router, the evaluation information, received from the first one of the two or more of the intrusion detection system, the intrusion prevention system, the firewall, or the flow-based router, being generated by the first one of the intrusion detection system, the intrusion prevention system, the firewall, or the flow-based router based on the first instruction, and the evaluation information, received from the second one of the two or more of the intrusion detection system, the intrusion prevention system, the firewall, or the flow-based router, being generated by the second one of the two or more of the intrusion detection system, the intrusion prevention system, the firewall, or the flow-based router based on the second instruction; and processing the data packet using the evaluation information received from each of the two or more of the intrusion detection system, the intrusion prevention system, the firewall, or the flow-based router. - View Dependent Claims (30, 31)
-
-
32. A system comprising:
a device to; examine a data packet; identify, based on examining the data packet, a packet identifier using header data associated with the data packet; search a flow table, using the packet identifier, to identify a single flow record associated with the data packet; extract instructions for two or more security devices from the single flow record, the instructions relating to processing the data packet; communicate a respective one of the instructions to a respective one of the two or more security devices, when communicating the respective one of the instructions to the respective one of the two or more security devices, the device is to; communicate a first instruction, of the instructions, to a first security device of the two or more security devices, and communicate a second instruction, of the instructions, to a second security device, of the two or more security devices, different than the first security device; receive, from each of the two or more security devices, evaluation information, the evaluation information, received from the first security device, being generated by the first security device based on the first instruction, and the evaluation information, received from the second security device, being generated by the second security device based on the second instruction; and process the data packet using the evaluation information received from each of the two or more security devices. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41)
Specification