Dynamic threat protection in mobile networks
First Claim
1. A network system comprising:
- a mobile network that couples to a public network;
a plurality of mobile devices that access the mobile network;
at least one network security device positioned upstream from the mobile devices at the edge of the mobile network and between the mobile network and the public network; and
a management system that includes;
a network server comprising a shared database; and
a mobile device manager (MDM) device that manages the plurality of mobile devices,wherein the MDM device includes;
at least one interface that receives a report message from one of the plurality of mobile devices, wherein the report message specifies a threat to the mobile network originating from the public network; and
a control unit that publishes the threat to the shared database; and
a network management system (NMS) that manages the at least one network security device,wherein the NMS includes;
at least one interface that receives data from the shared database of the network server identifying the threat to the mobile network originating from the public network; and
a control unit that generates a security policy that specifies one or more actions to address the threat specified by the received data and installs the security policy in the at least one network security device so that the network security device performs the actions of the security policy to address the threat specified in the received message.
1 Assignment
0 Petitions
Accused Products
Abstract
In general, techniques are described for dynamic threat protection in mobile networks. A network system comprising a network security device and a management system may implement the techniques. The management system includes a network server having a shared database. A mobile device manager (MDM) of the management system receives a report message from a mobile device, specifying a threat to a mobile network. The MDM publishes the threat to the shared database. A network management system (NMS) of the management system receives data from the shared database identifying the threat and generates a security policy that specifies actions to address the threat. The NMS then installs the security policy in the network security device so that the network security device performs the actions of the security policy to address the threat.
166 Citations
26 Claims
-
1. A network system comprising:
-
a mobile network that couples to a public network; a plurality of mobile devices that access the mobile network; at least one network security device positioned upstream from the mobile devices at the edge of the mobile network and between the mobile network and the public network; and a management system that includes; a network server comprising a shared database; and a mobile device manager (MDM) device that manages the plurality of mobile devices, wherein the MDM device includes; at least one interface that receives a report message from one of the plurality of mobile devices, wherein the report message specifies a threat to the mobile network originating from the public network; and a control unit that publishes the threat to the shared database; and a network management system (NMS) that manages the at least one network security device, wherein the NMS includes; at least one interface that receives data from the shared database of the network server identifying the threat to the mobile network originating from the public network; and a control unit that generates a security policy that specifies one or more actions to address the threat specified by the received data and installs the security policy in the at least one network security device so that the network security device performs the actions of the security policy to address the threat specified in the received message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
receiving, with a mobile device manager (MDM) of a management system that manages a plurality of mobile devices that access a mobile network, a report message from one of the plurality of mobile devices, wherein the report message specifies a threat to the mobile network originating from a public network to which the mobile network connects; and publishing, with the MDM, the threat to a shared database in accordance with an interface for metadata access points (IF-MAP) standard such that a network management system (NMS) of the management system that manages at least one network security device of the mobile network is able to generate a security policy that specifies one or more actions to address the threat specified in the report message and install the security policy in the at least one network security device so that the network security device performs the actions of the security policy to address the threat specified in the report message. - View Dependent Claims (10)
-
-
11. A mobile device manager (MDM) device of a management system that manages a plurality of mobile devices that access a mobile network, the MDM device comprising:
-
at least one interface that receives a report message from one of the plurality of mobile devices, wherein the report message specifies a threat to the mobile network originating from a public network to which the mobile network connects; and at least one control unit that publishes the threat to a shared database in accordance with an interface for metadata access points (IF-MAP) standard such that a network management system (NMS) of the management system that manages at least one network security device of the mobile network is able to generate a security policy that specifies one or more actions to address the threat specified in the report message and install the security policy in the at least one network security device so that the network security device performs the actions of the security policy to address the threat specified in the report, the at least one network security device positioned upstream from the mobile devices at the edge of the mobile network and between the mobile network and the public network. - View Dependent Claims (12)
-
-
13. A non-transitory computer-readable medium comprising instructions that, when executed, cause one or more processors of a mobile device manager (MDM) device included within a management system to:
-
receive a report message from one of a plurality of mobile devices managed by the MDM device, wherein the report message specifies a threat to a mobile network originating from a public network to which the mobile network connects; and publish the threat to a shared database in accordance with an interface for metadata access points (IF-MAP) standard such that a network management system (NMS) of the management system that manages at least one network security device of the mobile network is able to generate a security policy that specifies one or more actions to address the threat specified in the report message and install the security policy in the at least one network security device so that the network security device performs the actions of the security policy to address the threat specified in the report message, the at least one network security device positioned upstream from the mobile devices at the edge of the mobile network and between the mobile network and the public network.
-
-
14. A method comprising:
-
receiving, with a network management system (NMS) of a management system that manages at least one network security device positioned upstream from a plurality of mobile devices that access a mobile network and between the mobile network and a public network, data from a shared database in accordance with an interface for metadata access points (IF-MAP) standard, wherein the data identifies a threat to the mobile network originating from the public network to which the mobile network connects, and wherein the shared database is shared by a mobile device manager (MDM) of the management system and the NMS; generating, with the NMS, a security policy that specifies one or more actions to address the threat specified by the received data; and installing, with the NMS, the security policy in the at least one network security device so that the network security device performs the actions of the security policy to address the threat specified in the received message. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A network management system (NMS) of a management system that manages at least one network security device positioned between a mobile network and a public network, the NMS comprising:
-
at least one interface that receives data from a shared database in accordance with an interface for metadata access points (IF-MAP) standard, wherein the data identifies a threat to the mobile network originating from the public network to which the mobile network connects, and wherein the shared database is shared by a mobile device manager (MDM) of the management system and the NMS; and a control unit that generates a security policy that specifies one or more actions to address the threat specified by the received data and installs the security policy in the at least one network security device so that the network security device performs the actions of the security policy to address the threat specified in the received message, the at least one network security device positioned upstream from the mobile devices at the edge of the mobile network and between the mobile network and the public network. - View Dependent Claims (21, 22, 23, 24, 25)
-
-
26. A non-transitory computer-readable medium comprising instructions that, when executed, cause one or more processors of a network management system (NMS) to:
-
receive data from a shared database in accordance with an interface for metadata access points (IF-MAP) standard, wherein the data identifies a threat to a mobile network originating from a public network to which the mobile network connects, and wherein the shared database is shared by a mobile device manager (MDM) and the NMS; generate a security policy that specifies one or more actions to address the threat specified by the received data; and install the security policy in at least one network security device positioned upstream from a plurality of mobile devices that access the mobile network and between the mobile network and the public network so that the network security device performs the actions of the security policy to address the threat specified in the received message.
-
Specification