System and method for managing computer networks
First Claim
Patent Images
1. A method for monitoring traffic in a computer network comprising acts of:
- receiving, by an interface of a flow capture device coupled to the computer network via the network interface, flow information related to network traffic of a plurality of hosts in the computer network;
determining, by a flow controller device, similarity between the plurality of hosts in the computer network based on the flow information;
calculating similarity values representing the similarity between the plurality of hosts;
arranging the hosts into hierarchical clusters based on the similarity values, comprising arranging each of a plurality of entities in a separate cluster and merging the two most similar clusters into a single cluster;
selecting at least two of the hierarchical clusters as groups; and
creating, by a policy engine, a network access policy for the plurality of hosts in the network based on the flow information, wherein the act of creating a network access policy for the plurality of hosts is performed automatically, and wherein the network access policy is defined at a group level.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method are provided for monitoring traffic in an enterprise network. Similar hosts may be grouped using flow information. Network policy may then be created at the group level based on the signatures of the hosts and groups of hosts in the enterprise. Hosts may be arranged in hierarchical clusters. Some of these clusters may be selected as groups based on a desired degree of similarity between hosts in a group. The similarity between hosts may be determined based on similarity of network behavior of the hosts.
-
Citations
24 Claims
-
1. A method for monitoring traffic in a computer network comprising acts of:
-
receiving, by an interface of a flow capture device coupled to the computer network via the network interface, flow information related to network traffic of a plurality of hosts in the computer network; determining, by a flow controller device, similarity between the plurality of hosts in the computer network based on the flow information; calculating similarity values representing the similarity between the plurality of hosts; arranging the hosts into hierarchical clusters based on the similarity values, comprising arranging each of a plurality of entities in a separate cluster and merging the two most similar clusters into a single cluster; selecting at least two of the hierarchical clusters as groups; and creating, by a policy engine, a network access policy for the plurality of hosts in the network based on the flow information, wherein the act of creating a network access policy for the plurality of hosts is performed automatically, and wherein the network access policy is defined at a group level. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for monitoring traffic in a computer network comprising:
-
at least one flow capture device configured to create flow information based on network traffic of a plurality of hosts in the computer network wherein the at least one flow capture device comprises; a network interface device coupled to the computer network, the network interface device configured to receive data from the network; and a packet analyzer and flow generation engine configured to receive network traffic from the network interface and generate flow information based on the network traffic; a flow controller device configured to determine similarity between the plurality of hosts in the computer network based on the flow information, and further configured to; calculate similarity values representing the similarity between the plurality of hosts; arrange the plurality of hosts into hierarchical clusters based on the similarity values, comprising arranging each of a plurality of entities in a separate cluster and merging the two most similar clusters into a single cluster; and select at least some of the hierarchical clusters as groups; and a policy management engine configured to automatically create and manage network access policy for the plurality of hosts based on the generated flow information, wherein the policy management engine is configured to define access information for the network access policy at a group level; wherein the packet analyzer and flow generation engine and the policy management engine are implemented in software. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification