Intelligent integrated network security device
First Claim
Patent Images
1. A method comprising:
- receiving, by one or more processors of a device, a packet in a flow of packets associated with a session;
determining, by the one or more processors and using data of the packet, that a data structure does not store information identifying the flow of packets;
communicating, by the one or more processors and to a plurality of security devices, particular information that includes;
information identifying a location of the packet in a memory associated with the one or more processors, andinformation identifying a position of the packet in the flow of packets, the plurality of security devices being included in the device;
obtaining, by the one or more processors and from each security device of the plurality of security devices, information relating to processing packets associated with the session,the information, relating to processing the packets associated with the session, being obtained from each security device of the plurality of security devices based on determining that the data structure does not store the information identifying the flow of packets;
creating, by the one or more processors and for storing in the data structure, a single entry for storing the information identifying the flow of packets based on determining that the data structure does not store the information identifying the flow of packets,the single entry being created using the information, obtained from each security device of the plurality of security devices, relating to processing the packets associated with the session; and
processing, by the one or more processors, the packet based on the information, obtained from each security device of the plurality of security devices, relating to processing the packets associated with the session.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods, computer program products and apparatus for processing data packets are described. Methods include receiving the data packet, examining the data packet, determining a single flow record associated with the packet and extracting flow instructions for two or more devices from the single flow record.
87 Citations
18 Claims
-
1. A method comprising:
-
receiving, by one or more processors of a device, a packet in a flow of packets associated with a session; determining, by the one or more processors and using data of the packet, that a data structure does not store information identifying the flow of packets; communicating, by the one or more processors and to a plurality of security devices, particular information that includes; information identifying a location of the packet in a memory associated with the one or more processors, and information identifying a position of the packet in the flow of packets, the plurality of security devices being included in the device; obtaining, by the one or more processors and from each security device of the plurality of security devices, information relating to processing packets associated with the session, the information, relating to processing the packets associated with the session, being obtained from each security device of the plurality of security devices based on determining that the data structure does not store the information identifying the flow of packets; creating, by the one or more processors and for storing in the data structure, a single entry for storing the information identifying the flow of packets based on determining that the data structure does not store the information identifying the flow of packets, the single entry being created using the information, obtained from each security device of the plurality of security devices, relating to processing the packets associated with the session; and processing, by the one or more processors, the packet based on the information, obtained from each security device of the plurality of security devices, relating to processing the packets associated with the session. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable medium storing instructions, the instructions comprising:
-
one or more instructions which, when executed by one or more processors of a device, cause the one or more processors to receive a packet in a flow of packets associated with a session; one or more instructions which, when executed by the one or more processors, cause the one or more processors to determine, using a portion of the packet, that a data structure does not store information identifying the flow of packets associated with the session; one or more instructions which, when executed by the one or more processors, cause the one or more processors to communicate, to a plurality of security elements, particular information that includes; information identifying a location of the packet in a memory associated with the one or more processors, and information identifying a position of the packet in the flow of packets, the plurality of security elements being included in the device; one or more instructions which, when executed by the one or more processors, cause the one or more processors to obtain, from each security element of a plurality of security elements, information relating to processing packets associated with the session, the plurality of security elements including a firewall and an intrusion prevention system, the information, relating to processing the packets associated with the session, being obtained from each security element of the plurality of security elements based on determining that the data structure does not store the information identifying the flow of packets; one or more instructions which, when executed by the one or more processors, cause the one or more processors to create a single entry for storing the information identifying the flow of packets based on determining that the data structure does not store the information identifying the flow of packets, the single entry being created using the information, obtained from each security element of the plurality of security elements, relating to processing the packets associated with the session; one or more instructions which, when executed by the one or more processors, cause the one or more processors to store the single entry in the data structure; and one or more instructions which, when executed by the one or more processors, cause the one or more processors to determine whether the packet is associated with an attempted network security intrusion based on the information, obtained from each security element of the plurality of security elements, relating to processing the packets associated with the session. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A system comprising:
-
a memory to store instructions; and one or more processors to execute the instructions to; receive a packet in a flow of packets associated with a session; determine, using a portion of the packet, that a data structure does not store information identifying the flow of packets associated with the session; communicate, to a plurality of devices, particular information that includes; information identifying a location of the packet in a memory associated with the one or more processors, and information identifying a position of the packet in the flow of packets; obtain, from each device of the plurality of devices, information relating to processing packets associated with the session, the plurality of devices including a firewall and an intrusion prevention system, the information, relating to processing the packets associated with the session, being obtained from each device of the plurality of devices based on determining that the data structure does not store the information identifying the flow of packets; create, for storing in the data structure, a single entry for storing the information identifying the flow of packets, the single entry being created using the information, obtained from each device of the plurality of devices, relating to processing the packets associated with the session; and determine whether the packet is associated with an attempted network security intrusion based on the information, obtained from each device of the plurality of devices, relating to processing the packets associated with the session. - View Dependent Claims (15, 16, 17, 18)
-
Specification