Integrated data traffic monitoring system
First Claim
1. A method of screening packets received from a communication network comprising:
- receiving a packet associated with one of an e-mail message, a VPN connection, and a web page response, the packet having a source;
performing an intrusion detection analysis on the packet using a set of intrusion detection rules;
if the packet passes the intrusion detection analysis, performing a firewall analysis on the packet using a set of firewall rules;
if the packet passes the firewall analysis, determining if the packet is associated with an e-mail message, a VPN connection or a web page response;
if the packet is associated with an e-mail message, performing a virus analysis on the packet using a set of virus definitions;
if the packet is associated with a VPN connection, performing an authentication analysis on the packet using a set of authentication criteria; and
if the packet fails any of the intrusion detection analysis, the firewall analysis, the virus analysis, or the authentication analysis, automatically generating a new intrusion detection rule to delete any subsequent packets received from the same source as the packet.
9 Assignments
0 Petitions
Accused Products
Abstract
The present invention includes an integrated data traffic monitoring system monitoring data traffic received from a communication network and destined for a protected network. The monitoring system includes a security appliance and one or more security and monitoring technologies such as hardware and open source and proprietary software products. The security appliance and the security and monitoring technologies may be implemented as separate and distinct modules or combined into a single security appliance. The security and monitoring technologies monitor network data traffic on, or directed to, the protected network. The monitoring system collects data from each of the technologies into an event database and, based on the data, automatically generates rules directing one or more of the technologies to prevent subsequent communications traffic from specific sources from entering the protected network.
-
Citations
6 Claims
-
1. A method of screening packets received from a communication network comprising:
-
receiving a packet associated with one of an e-mail message, a VPN connection, and a web page response, the packet having a source; performing an intrusion detection analysis on the packet using a set of intrusion detection rules; if the packet passes the intrusion detection analysis, performing a firewall analysis on the packet using a set of firewall rules; if the packet passes the firewall analysis, determining if the packet is associated with an e-mail message, a VPN connection or a web page response; if the packet is associated with an e-mail message, performing a virus analysis on the packet using a set of virus definitions; if the packet is associated with a VPN connection, performing an authentication analysis on the packet using a set of authentication criteria; and if the packet fails any of the intrusion detection analysis, the firewall analysis, the virus analysis, or the authentication analysis, automatically generating a new intrusion detection rule to delete any subsequent packets received from the same source as the packet. - View Dependent Claims (2, 3, 4, 5, 6)
-
Specification