Managing network security

US 8,341,739 B2
Filed: 11/20/2007
Issued: 12/25/2012
Est. Priority Date: 05/24/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of managing network security, said method comprising:

receiving sampled packets at said computer at a first location, wherein said sampled packets represent packets being sampled from network packet traffic in at least one second location in a network;

converting said sampled packets into an appropriate format for analysis to form converted packets;

sending said converted packets to a first group including at least one security device for analysis at a third location;

receiving at said first location an event message from said at least one security device if said event message is generated by said at least one security device as a result of analysis of said converted packets;

evaluating at said first location said network security based on said event message and security policies wherein said evaluating is knowledge based; and

adjusting at said second location said network security based on said evaluation of said network security wherein said second location and said at least one security device are a part of a closed loop that comprises a feedback path free of intermediate network access,wherein said adjusting said network security comprises automatically notifying a network administrator concerning network security adjustment; and

if said network administrator approves said network security adjustment, automatically implementing said network security adjustment.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Technology for network security is disclosed. In one embodiment, a method of managing network security includes receiving sampled packets. The sampled packets represent packets being sampled from network packet traffic in at least one location in a network. The sampled packets are converted into an appropriate format for analysis to form converted packets. Moreover, the converted packets are sent to a first group including at least one security device for analysis. If an event message is generated by the at least one security device as a result of analysis of the converted packets, the event message is received from the at least one security device. Network security is evaluated based on the event message and security policies and is adjusted based on that evaluation. The method may be implemented with a network manager.

41 Citations

19 Claims

1. A computer-implemented method of managing network security, said method comprising:
- receiving sampled packets at said computer at a first location, wherein said sampled packets represent packets being sampled from network packet traffic in at least one second location in a network;
  
  converting said sampled packets into an appropriate format for analysis to form converted packets;
  
  sending said converted packets to a first group including at least one security device for analysis at a third location;
  
  receiving at said first location an event message from said at least one security device if said event message is generated by said at least one security device as a result of analysis of said converted packets;
  
  evaluating at said first location said network security based on said event message and security policies wherein said evaluating is knowledge based; and
  
  adjusting at said second location said network security based on said evaluation of said network security wherein said second location and said at least one security device are a part of a closed loop that comprises a feedback path free of intermediate network access,wherein said adjusting said network security comprises automatically notifying a network administrator concerning network security adjustment; and
  
  if said network administrator approves said network security adjustment, automatically implementing said network security adjustment.
- View Dependent Claims (2, 3, 4)
- - 2. The method as recited in claim 1 wherein said adjusting said network security comprises:
    - sending security adjustment information to a network device.
  - 3. The method as recited in claim 1 further comprising:
    - receiving an event message from a second group including at least one security device.
  - 4. The method as recited in claim 3 further comprising:
    - evaluating said network security based on said event message from said second group and said security policies; and
      
      adjusting said network security based on said evaluation based on said event message from said second group and said security policies.

5. A computer-implemented method of managing network security, said method comprising:
- sampling network packet traffic in at least one first location in a network to form sampled packets;
  
  sending said sampled packets to said computer including a network manager at a second location;
  
  receiving at said first location security adjustment information from said network manager wherein said security adjustment information is based on analysis of said sampled packets performed at a third location; and
  
  implementing at said first location security adjustment based on said security adjustment information wherein said second location is a part of a closed loop that comprises a feedback path free of intermediate network access,wherein said implementing security adjustment comprises automatically notifying a network administrator concerning network security adjustment; and
  
  if said network administrator approves said network security adjustment, automatically implementing said network security adjustment.
- View Dependent Claims (6)
- - 6. The method as recited in claim 5 wherein said at least one first location is in a network device.

7. A computer-implemented network manager comprising:
- a sampled packets collector for receiving sampled packets at said computer at a first location, wherein said sampled packets represent packets being sampled from network packet traffic in at least one second location in a network;
  
  a packet format converter for converting said sampled packets into an appropriate format for analysis to form converted packets and for sending said converted packets to a first group including at least one security device for analysis at a third location;
  
  an event message collector for receiving event messages based on analysis of said converted packets from said at least one security device at said third location; and
  
  an event message processor for processing at said first location said event messages based on security policies and for adjusting network security at said second location based on results of said processing wherein said second location and said at least one security device are a part of a closed loop that comprises a feedback path free of intermediate network access,wherein said adjusting said network security comprises automatically notifying a network administrator concerning network security adjustment; and
  
  if said network administrator approves said network security adjustment, automatically implementing said network security adjustment.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The network manager as recited in claim 7 further comprising a security alert notification unit for notifying a network administrator concerning network security adjustment and for receiving a response from said network administrator.
  - 9. The network manager as recited in claim 7 wherein said event message processor sends security adjustment information to a network device.
  - 10. The network manager as recited in claim 7 wherein said event message collector receives event messages from a second group including at least one security device.
  - 11. The network manager as recited in claim 10 wherein said event message processor processes said event messages from said second group based on said security policies and adjusts network security based on result of said processing of said event messages from said second group.

12. A network device comprising:
- a packet sampling unit for sampling network packet traffic at a first location to form sampled packets and for sending said sampled packets to a network manager at a second location; and
  
  a security response unit for receiving at said first location security adjustment information from said network manager and for implementing at said first location security adjustment based on said security adjustment information wherein said second location and said at least one security response unit are a part of a closed loop that comprises a feedback path free of intermediate network access,wherein said implementing security adjustment comprises automatically notifying a network administrator concerning network security adjustment; and
  
  if said network administrator approves said network security adjustment, automatically implementing said network security adjustment.
- View Dependent Claims (13)
- - 13. The network device as recited in claim 12 wherein said network device is a network switch.

14. A computer-readable non-transitory medium comprising computer-executable instructions for causing performance of a method of managing network security, said method comprising:
- receiving sampled packets at a first location, wherein said sampled packets represent packets being sampled from network packet traffic in at least one second location in a network;
  
  converting said sampled packets into an appropriate format for analysis to form converted packets;
  
  sending said converted packets to a first group including at least one security device for analysis at a third location;
  
  receiving at said first location an event message from said at least one security device if said event message is generated by said at least one security device as a result of analysis of said converted packets at said third location;
  
  evaluating at said first location said network security based on said event message and security policies wherein said evaluating is knowledge based; and
  
  adjusting at said second location said network security based on said evaluation of said network security wherein said second location and said at least one security device are a part of a closed loop that comprises a feedback path free of intermediate network access,wherein said adjusting said network security comprises automatically notifying a network administrator concerning network security adjustment; and
  
  if said network administrator approves said network security adjustment, automatically implementing said network security adjustment.
- View Dependent Claims (15, 16)
- - 15. The computer-readable non-transitory medium as recited in claim 14 wherein said adjusting said network security comprises:
    - sending security adjustment information to a network device.
  - 16. The computer-readable non-transitory medium as recited in claim 14 wherein said method further comprises:
    - receiving an event message from a second group including at least one security device;
      
      evaluating said network security based on said event message from said second group and said security policies; and
      
      adjusting said network security based on said evaluation based on said event message from said second group and said security policies.

17. A computer-readable non-transitory medium comprising computer-executable instructions for causing performance of a method of managing network security, said method comprising:
- sampling network packet traffic in at least one first location in a network to form sampled packets;
  
  sending said sampled packets to a network manager at a second location;
  
  receiving at said first location knowledge based security adjustment information from said network manager; and
  
  implementing at a first location security adjustment based on said knowledge based security adjustment information wherein said second location is a part of a closed loop that comprises a feedback path free of intermediate network access,wherein said implementing security adjustment comprises automatically notifying a network administrator concerning network security adjustment; and
  
  if said network administrator approves said network security adjustment, automatically implementing said network security adjustment.
- View Dependent Claims (18)
- - 18. The computer-readable non-transitory medium as recited in claim 17 wherein said at least one first location is in a network switch.

19. A computer-implemented method of managing network security, said method comprising:
- sampling network packet traffic in at least one first location in a network to form sampled packets;
  
  sending said sampled packets to at least one security device for analysis at a second location;
  
  receiving at said first location knowledge based security adjustment information from said computer including a network manager; and
  
  implementing at said first location security adjustment based on said knowledge based security adjustment information wherein said second location is a part of a closed loop that comprises a feedback path free of intermediate network access,wherein said implementing security adjustment comprises automatically notifying a network administrator concerning network security adjustment; and
  
  if said network administrator approves said network security adjustment, automatically implementing said network security adjustment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Foundry Networks LLC (Broadcom, Inc.)
Inventors
Chaturvedi, Animesh, Lavine, Marc, Shah, Manan, Lau, Ron
Primary Examiner(s)
Backer, Firmin
Assistant Examiner(s)
Chambers, Michael A

Application Number

US11/942,969
Publication Number

US 20110131324A1
Time in Patent Office

1,862 Days
Field of Search

709/229, 709/225, 380/210, 713/153, 713/201, 726/25, 726/23
US Class Current

726/23
CPC Class Codes

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Managing network security

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

41 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Managing network security

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links