Managing network security

US 8,650,295 B2
Filed: 11/14/2012
Issued: 02/11/2014
Est. Priority Date: 05/24/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of managing network security, said method comprising:

receiving a plurality of sampled packets at a network security device from one or more network devices, wherein said plurality of sampled packets represent packets being sampled from network packet traffic in a network comprising said one or more network devices;

generating an event message from said network security device as a result of analysis of said plurality of sampled packets;

sending said event message to a second location configured for network security analysis;

evaluating at said second location said network security based on said event message and security policies; and

adjusting said network security at one of said one or more network devices based on said evaluation of said network security, wherein said network security device and said one or more network devices are a part of a closed loop that comprises a feedback path free of intermediate network access.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Technology for network security is disclosed. In one embodiment, a method of managing network security includes receiving sampled packets. The sampled packets represent packets being sampled from network packet traffic in at least one location in a network. The sampled packets are converted into an appropriate format for analysis to form converted packets. Moreover, the converted packets are sent to a first group including at least one security device for analysis. If an event message is generated by the at least one security device as a result of analysis of the converted packets, the event message is received from the at least one security device. Network security is evaluated based on the event message and security policies and is adjusted based on that evaluation. The method may be implemented with a network manager.

42 Citations

16 Claims

1. A computer-implemented method of managing network security, said method comprising:
- receiving a plurality of sampled packets at a network security device from one or more network devices, wherein said plurality of sampled packets represent packets being sampled from network packet traffic in a network comprising said one or more network devices;
  
  generating an event message from said network security device as a result of analysis of said plurality of sampled packets;
  
  sending said event message to a second location configured for network security analysis;
  
  evaluating at said second location said network security based on said event message and security policies; and
  
  adjusting said network security at one of said one or more network devices based on said evaluation of said network security, wherein said network security device and said one or more network devices are a part of a closed loop that comprises a feedback path free of intermediate network access.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising:
    - converting said plurality of sampled packets into an appropriate format for analysis at said network security device.
  - 3. The method as recited in claim 1, wherein said adjusting said network security comprises:
    - sending security adjustment information from said second location to a network device.
  - 4. The method as recited in claim 1, further comprising:
    - sending said plurality of sampled packets to a group including at least one security device; and
      
      receiving a second event message from a second security device in said group as a result of analysis of said plurality of sampled packets.
  - 5. The method as recited in claim 4, further comprising:
    - evaluating said network security based on said second event message from said second security device and said security policies; and
      
      adjusting said network security based on said evaluation of said network security that is based on said second event message from said second security device and said security policies.

6. A network security system, comprising:
- a packet sampling unit configured for sampling network packet traffic at a network device to form a plurality of sampled packets;
  
  a network security device configured for receiving said plurality of sampled packets from said packet sampling unit;
  
  a network manager configured for receiving an event message from said network security device as a result of analysis of said plurality of sampled packets by said network security device and for evaluating said network security based on said event message; and
  
  a security response unit at said network device configured for receiving security adjusting information from said network manager and for implementing at said network device security adjustment based on said security adjusting information,wherein said security response unit and said network manager comprise a closed loop comprising a feedback path free of intermediate network access.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The network security system of claim 6, further comprising:
    - a packet format converter for receiving said plurality of sampled packets and converting said plurality of sampled packets into an appropriate format for analysis to form a plurality of converted packets, and for sending said plurality of converted packets to said network security device.
  - 8. The network security system of claim 6, wherein said network device comprises a switch.
  - 9. The network security system of claim 6, wherein said network manager further comprises:
    - an event message collector configured for receiving event messages based on analysis of said plurality of sampled packets from said network security device.
  - 10. The network security system of claim 9, wherein said network manager is configured for receiving a second event message from a second security device configured for receiving said plurality of sampled packets and evaluating said network security based on said second event message.
  - 11. The network security system of claim 10, wherein said security response adjusting information is based on second security adjusting information from said network manager.

12. A computer-readable non-transitory medium comprising computer-executable instructions for causing performance of a method of managing network security, said method comprising:
- receiving a plurality of sampled packets at a network security device from one or more network devices, wherein said plurality of sampled packets represent packets being sampled from network packet traffic in a network comprising said one or more network devices;
  
  generating an event message from said network security device as a result of analysis of said plurality of sampled packets;
  
  sending said event message to a second location configured for network security analysis;
  
  evaluating at said second location said network security based on said event message and security policies; and
  
  adjusting said network security at one of said one or more network devices based on said evaluation of said network security, wherein said network security device and said one or more network devices are a part of a closed loop that comprises a feedback path free of intermediate network access.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The computer-readable medium of claim 12, wherein said method further comprises:
    - converting said plurality of sampled packets into an appropriate format for analysis at said network security device.
  - 14. The computer-readable medium of claim 12, wherein said adjusting said network security in said method further comprises:
    - sending security adjustment information from said second location to a network device.
  - 15. The computer-readable medium of claim 12, wherein said method further comprises:
    - sending said plurality of sampled packets to a group including at least one security device; and
      
      receiving a second event message from a second security device in said group as a result of analysis of said plurality of sampled packets.
  - 16. The computer-readable medium of claim 15, wherein said method further comprises:
    - evaluating said network security based on said second event message from said second security device and said security policies; and
      
      adjusting said network security based on said evaluation of said network security that is based on said second event message from said second security device and said security policies.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Foundry Networks LLC (Broadcom, Inc.)
Inventors
Chaturvedi, Animesh, Lavine, Marc, Shah, Manan, Lau, Ron
Primary Examiner(s)
Feild, Lynn
Assistant Examiner(s)
Chambers, Michael A

Application Number

US13/676,804
Publication Number

US 20130318617A1
Time in Patent Office

454 Days
Field of Search

726/25, 726/23, 713/153, 713/201, 709/224, 709/225
US Class Current

709/225
CPC Class Codes

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Managing network security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

42 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Managing network security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links