Integrated data traffic monitoring system
First Claim
1. A method of screening packets received from a communication network comprising:
- receiving a packet associated with one of an e-mail message, a VPN connection, and a web page response, the packet having a source;
performing an intrusion detection analysis on the packet using a set of intrusion detection rules;
if the packet passes the intrusion detection analysis, performing a firewall analysis on the packet using a set of firewall rules;
if the packet passes the firewall analysis, determining if the packet is associated with an e-mail message, a VPN connection or a web page response;
if the packet is associated with an e-mail message, performing a virus analysis on the packet using a set of virus definitions;
if the packet is associated with a VPN connection, performing an authentication analysis on the packet using a set of authentication criteria; and
if the packet fails any of the intrusion detection analysis, the firewall analysis, the virus analysis, or the authentication analysis, automatically generating a new intrusion detection rule to delete any subsequent packets received from the same source as the packet.
9 Assignments
0 Petitions
Accused Products
Abstract
The present invention includes an integrated data traffic monitoring system monitoring data traffic received from a communication network and destined for a protected network. The monitoring system includes a security appliance and one or more security and monitoring technologies such as hardware and open source and proprietary software products. The security appliance and the security and monitoring technologies may be implemented as separate and distinct modules or combined into a single security appliance. The security and monitoring technologies monitor network data traffic on, or directed to, the protected network. The monitoring system collects data from each of the technologies into an event database and, based on the data, automatically generates rules directing one or more of the technologies to prevent subsequent communications traffic from specific sources from entering the protected network.
39 Citations
6 Claims
-
1. A method of screening packets received from a communication network comprising:
-
receiving a packet associated with one of an e-mail message, a VPN connection, and a web page response, the packet having a source; performing an intrusion detection analysis on the packet using a set of intrusion detection rules; if the packet passes the intrusion detection analysis, performing a firewall analysis on the packet using a set of firewall rules; if the packet passes the firewall analysis, determining if the packet is associated with an e-mail message, a VPN connection or a web page response; if the packet is associated with an e-mail message, performing a virus analysis on the packet using a set of virus definitions; if the packet is associated with a VPN connection, performing an authentication analysis on the packet using a set of authentication criteria; and if the packet fails any of the intrusion detection analysis, the firewall analysis, the virus analysis, or the authentication analysis, automatically generating a new intrusion detection rule to delete any subsequent packets received from the same source as the packet. - View Dependent Claims (2, 3, 4, 5, 6)
-
Specification
-
- Resources
-
Current AssigneeCloudCover Ltd.
-
Original AssigneeThe Barrier Group, LLC
-
InventorsDemopoulos, Robert James, Fladebo, David James
-
Primary Examiner(s)Kyle, Tamara T
-
Application NumberUS12/592,580Publication NumberTime in Patent Office1,747 DaysField of Search726 23- 25US Class Current726/23CPC Class CodesG06F 21/552 involving long-term monitor...H04L 41/16 using machine learning or a...H04L 51/212 using filtering or selectiv...H04L 63/02 for separating internal fro...H04L 63/0209 Architectural arrangements,...H04L 63/0236 Filtering by address, proto...H04L 63/0245 Filtering by information in...H04L 63/0254 Stateful filteringH04L 63/0263 Rule managementH04L 63/0281 ProxiesH04L 63/1408 by monitoring network traff...H04L 63/1416 Event detection, e.g. attac...H04L 63/1425 Traffic logging, e.g. anoma...H04L 63/1441 Countermeasures against mal...H04L 63/145 the attack involving the pr...H04L 63/1458 Denial of ServiceH04L 63/1466 Active attacks involving in...H04L 63/1475 Passive attacks, e.g. eaves...
