System and method for interfacing with heterogeneous network data gathering tools

US 8,793,763 B2
Filed: 12/06/2011
Issued: 07/29/2014
Est. Priority Date: 02/14/2003
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

mapping dynamic addresses associated with network hosts to static identifiers associated with the network hosts;

receiving results from a scan of the network hosts in heterogeneous formats;

maintaining a reference map that maps an identifier of a test conducted by a first one of the network hosts to an identifier of a test conducted by a second one of the network hosts;

identifying semantically equivalent results from the scan, based, at least in part, on the reference map;

comparing at least a portion of the semantically equivalent results with a network policy to determine compliance with the network policy; and

maintaining a history of compliance for each of the network hosts based on the static identifiers.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A prevention-based network auditing system includes a plurality of heterogeneous information sources gathering information about the network. An audit server invokes the heterogeneous information sources via a uniform communications interface to gather information about the network, and converts the information gathered by the information sources into a normalized data format such as, for example, into XML (Extensible Markup Language). The converted information is then stored in an audit repository for security and regulatory policy assessment, network vulnerability analysis, report generation, and security improvement recommendations.

277 Citations

21 Claims

1. A method, comprising:
- mapping dynamic addresses associated with network hosts to static identifiers associated with the network hosts;
  
  receiving results from a scan of the network hosts in heterogeneous formats;
  
  maintaining a reference map that maps an identifier of a test conducted by a first one of the network hosts to an identifier of a test conducted by a second one of the network hosts;
  
  identifying semantically equivalent results from the scan, based, at least in part, on the reference map;
  
  comparing at least a portion of the semantically equivalent results with a network policy to determine compliance with the network policy; and
  
  maintaining a history of compliance for each of the network hosts based on the static identifiers.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein at least one of the static identifiers is a static hostname associated with one of the network hosts.
  - 3. The method of claim 1, wherein at least one of the static identifiers is a media access control address associated with one of the network hosts.
  - 4. The method of claim 1, wherein the network hosts consist of active network hosts.
  - 5. The method of claim 1, wherein the network hosts consist of active network hosts identified by responses to address resolution protocol requests, and the responses comprise media access control addresses and Internet Protocol addresses associated with the active network hosts.
  - 6. The method of claim 1, wherein the results include a list of wireless access point devices and associated parameters for accessing one or more wireless networks, and a location for each of the wireless access points is determined.
  - 7. The method of claim 1, wherein:
    - the static identifiers comprise media access control addresses associated with at least one of the network hosts;
      
      the network hosts consist of active network hosts identified by responses to address resolution protocol requests, and the responses identify the media access control addresses associated with the active network hosts.

8. Logic encoded in one or more non-transitory media that includes code for execution and, when executed by one or more processors, is operable to perform operations comprising:
- mapping dynamic addresses associated with network hosts to static identifiers associated with the network hosts;
  
  receiving results from a scan of the network hosts in heterogeneous formats;
  
  maintaining a reference map that maps an identifier of a test conducted by a first one of the network hosts to an identifier of a test conducted by a second one of the network hosts;
  
  identifying semantically equivalent results from the scan, based, at least in part, on the reference map;
  
  comparing at least a portion of the semantically equivalent results with a network policy to determine compliance with the network policy; and
  
  maintaining a history of compliance for each host based on the static identifiers.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 21)
- - 9. The encoded logic of claim 8, wherein at least one of the static identifiers is a static hostname associated with one of the network hosts.
  - 10. The encoded logic of claim 8, wherein at least one of the static identifiers is a media access control address associated with one of the network hosts.
  - 11. The encoded logic of claim 8, wherein the network hosts consist of active network hosts.
  - 12. The encoded logic of claim 8, wherein the network hosts consist of active network hosts identified by responses to address resolution protocol requests, and the responses comprise media access control addresses and Internet Protocol addresses associated with the active network hosts.
  - 13. The encoded logic of claim 8, wherein the results include a list of wireless access point devices and associated parameters for accessing one or more wireless networks, and a location for each of the wireless access points is determined.
  - 14. The encoded logic of claim 8, wherein:
    - the static identifiers comprise media access control addresses associated with at least one of the network hosts;
      
      the network hosts consist of active network hosts identified by responses to address resolution protocol requests, and the responses identify the media access control addresses associated with the active network hosts.
  - 21. The encoded logic of claim 8, the operations further comprising:
    - recommending one or more rules for modifying the network policy, based, at least in part, on a severity meter set for each of the rules, the network hosts are scanned by different types of scanners for which meta-information is provided, and the meta-information relates to capabilities for each of the scanners and how each of the scanners maps to other related scanners that can perform similar testing operations.

15. A system, comprising:
- one or more processors operable to execute instructions stored on a memory such that the one or more processorsmap dynamic addresses associated with network hosts to static identifiers associated with the network hosts;
  
  receive results from a scan of the network hosts in heterogeneous formats;
  
  maintain a reference map that maps an identifier of a test conducted by a first one of the network hosts to an identifier of a test conducted by a second one of the network hosts;
  
  identify semantically equivalent results from the scan, based, at least in part, on the reference map;
  
  compare at least a portion of the semantically equivalent results with a network policy to determine compliance with the network policy; and
  
  maintain a history of compliance for each of the network hosts based on the static identifiers.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein at least one of the static identifiers is a static hostname associated with one of the network hosts.
  - 17. The system of claim 15, wherein at least one of the static identifiers is a media access control address associated with one of the network hosts.
  - 18. The system of claim 15, wherein the network hosts consist of active network hosts.
  - 19. The system of claim 15, wherein the network hosts consist of active network hosts identified by responses to address resolution protocol requests, and the responses comprise media access control addresses and Internet Protocol addresses associated with the active network hosts.
  - 20. The system of claim 15, wherein the results include a list of wireless access point devices and associated parameters for accessing one or more wireless networks, and a location for each of the wireless access points is determined.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Musarubra US LLC (Musarubra US SellCo LLC)
Original Assignee
Preventsys, Inc. (McAfee, LLC)
Inventors
Williams, John Leslie, Costello, Brian, Ravenel, John Patrick, Walpole, Thomas Paul
Primary Examiner(s)
Kyle, Tamara T

Application Number

US13/312,978
Publication Number

US 20120079107A1
Time in Patent Office

966 Days
Field of Search

726/3, 726/5, 726/22, 726/25
US Class Current

726/3
CPC Class Codes

H04L 41/0853   by actively collecting conf...

H04L 41/0856   by backing up or archiving ...

H04L 41/0859   by keeping history of diffe...

H04L 43/00   Arrangements for monitoring...

H04L 43/045   for graphical visualisation...

H04L 63/0218   Distributed architectures, ...

H04L 63/0227   Filtering policies mail mes...

H04L 63/14   for detecting or protecting...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

System and method for interfacing with heterogeneous network data gathering tools

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

277 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for interfacing with heterogeneous network data gathering tools

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

277 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links