Managing network security
First Claim
1. A computer-implemented method of managing network security, said method comprising:
- receiving a plurality of sampled packets at a network security device from one or more network devices, wherein said plurality of sampled packets represent packets being sampled from network packet traffic in a network comprising said one or more network devices;
generating an event message from said network security device as a result of analysis of said plurality of sampled packets;
sending said event message to a second location configured for network security analysis;
evaluating at said second location said network security based on said event message and security policies; and
adjusting said network security at one of said one or more network devices based on said evaluation of said network security, wherein said network security device and said one or more network devices are a part of a closed loop that comprises a feedback path free of intermediate network access.
1 Assignment
0 Petitions
Accused Products
Abstract
Technology for network security is disclosed. In one embodiment, a method of managing network security includes receiving sampled packets. The sampled packets represent packets being sampled from network packet traffic in at least one location in a network. The sampled packets are converted into an appropriate format for analysis to form converted packets. Moreover, the converted packets are sent to a first group including at least one security device for analysis. If an event message is generated by the at least one security device as a result of analysis of the converted packets, the event message is received from the at least one security device. Network security is evaluated based on the event message and security policies and is adjusted based on that evaluation. The method may be implemented with a network manager.
42 Citations
16 Claims
-
1. A computer-implemented method of managing network security, said method comprising:
-
receiving a plurality of sampled packets at a network security device from one or more network devices, wherein said plurality of sampled packets represent packets being sampled from network packet traffic in a network comprising said one or more network devices; generating an event message from said network security device as a result of analysis of said plurality of sampled packets; sending said event message to a second location configured for network security analysis; evaluating at said second location said network security based on said event message and security policies; and adjusting said network security at one of said one or more network devices based on said evaluation of said network security, wherein said network security device and said one or more network devices are a part of a closed loop that comprises a feedback path free of intermediate network access. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A network security system, comprising:
-
a packet sampling unit configured for sampling network packet traffic at a network device to form a plurality of sampled packets; a network security device configured for receiving said plurality of sampled packets from said packet sampling unit; a network manager configured for receiving an event message from said network security device as a result of analysis of said plurality of sampled packets by said network security device and for evaluating said network security based on said event message; and a security response unit at said network device configured for receiving security adjusting information from said network manager and for implementing at said network device security adjustment based on said security adjusting information, wherein said security response unit and said network manager comprise a closed loop comprising a feedback path free of intermediate network access. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A computer-readable non-transitory medium comprising computer-executable instructions for causing performance of a method of managing network security, said method comprising:
-
receiving a plurality of sampled packets at a network security device from one or more network devices, wherein said plurality of sampled packets represent packets being sampled from network packet traffic in a network comprising said one or more network devices; generating an event message from said network security device as a result of analysis of said plurality of sampled packets; sending said event message to a second location configured for network security analysis; evaluating at said second location said network security based on said event message and security policies; and adjusting said network security at one of said one or more network devices based on said evaluation of said network security, wherein said network security device and said one or more network devices are a part of a closed loop that comprises a feedback path free of intermediate network access. - View Dependent Claims (13, 14, 15, 16)
-
Specification