Reconfigurable virtualized remote computer security system

US 8,931,087 B1
Filed: 09/15/2009
Issued: 01/06/2015
Est. Priority Date: 12/03/2008
Status: Expired due to Fees

First Claim

Patent Images

1. An apparatus, comprising:

one or more computer network interfaces to;

acquire data related to a computer networked environment, andsend information to, and receive information from, a remote location that is external to the apparatus, the remote location including a library of security-related software programs;

a computer-readable storage medium to store information regarding a virtualization environment,wherein the information regarding the virtualization environment includes information regarding a configuration of a first set of network security data collector programs,wherein a particular network security data collector program, of the first set of network security data collector programs, generates computer network security analysis data based on the acquired data; and

one or more data processors upon which the virtualization environment and the one or more network security data collector programs execute;

wherein the virtualization environment facilitates downloading from the remote location of a second set of network security data collector programs, the second set of network security data collector programs being different from the first set of network security data collector programs,wherein the second set of network security data collector programs includes one or more of the security-related software programs from the library;

wherein downloading the second set of network security data collector programs allows different computer network security analysis data, related to the computer networked environment, to be generated by the second set of network security data collector programs and stored in the computer-readable storage medium,wherein downloading the second set of network security data collector programs occurs based on an identification of a new security threat to the computer networked environment, wherein the one or more of the security-related software programs are selected based on the new security threat;

the apparatus further comprising software instructions for execution upon the one or more data processors for detecting a fault condition with respect to a blade containing a particular virtual machine that is configured to perform one or more computer network security operations with respect to the computer networked environment,wherein upon detection of a fault condition, the virtual machine is transferred to another blade within the apparatus, andwherein the transferring of the virtual machine allows the virtual machine to continue to operate in a degraded performance mode.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Computer-implemented systems and methods are provided for performing computer network security operations with respect to a computer networked environment. A system and method can include deploying a computer network security apparatus at a company'"'"'s location. A virtualization environment is provided for the computer network security apparatus to allow new configurations to be downloaded to the computer network security apparatus after it has been deployed.

Citations

17 Claims

1. An apparatus, comprising:
- one or more computer network interfaces to;
  
  acquire data related to a computer networked environment, andsend information to, and receive information from, a remote location that is external to the apparatus, the remote location including a library of security-related software programs;
  
  a computer-readable storage medium to store information regarding a virtualization environment,wherein the information regarding the virtualization environment includes information regarding a configuration of a first set of network security data collector programs,wherein a particular network security data collector program, of the first set of network security data collector programs, generates computer network security analysis data based on the acquired data; and
  
  one or more data processors upon which the virtualization environment and the one or more network security data collector programs execute;
  
  wherein the virtualization environment facilitates downloading from the remote location of a second set of network security data collector programs, the second set of network security data collector programs being different from the first set of network security data collector programs,wherein the second set of network security data collector programs includes one or more of the security-related software programs from the library;
  
  wherein downloading the second set of network security data collector programs allows different computer network security analysis data, related to the computer networked environment, to be generated by the second set of network security data collector programs and stored in the computer-readable storage medium,wherein downloading the second set of network security data collector programs occurs based on an identification of a new security threat to the computer networked environment, wherein the one or more of the security-related software programs are selected based on the new security threat;
  
  the apparatus further comprising software instructions for execution upon the one or more data processors for detecting a fault condition with respect to a blade containing a particular virtual machine that is configured to perform one or more computer network security operations with respect to the computer networked environment,wherein upon detection of a fault condition, the virtual machine is transferred to another blade within the apparatus, andwherein the transferring of the virtual machine allows the virtual machine to continue to operate in a degraded performance mode.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The apparatus of claim 1, further comprising:
    - a self-contained physical unit that contains the one or more computer network interfaces, the computer-readable storage medium, and the one or more data processors.
  - 3. The apparatus of claim 1, wherein the first set of network security data collector programs includes at least one of:
    - an intrusion detection program,a vulnerability assessment program,a network attack/penetration testing systems program,a network traffic pattern behavior analysis program,a network traffic/packet capture with session reconstruction and playback program,a malware analysis program, ora remote forensics program.
  - 4. The apparatus of claim 1, wherein downloading the second set of network security data collector programs includes receiving, from the remote location, an instruction to remove one or more security-related software programs, associated with the configuration, from the computer-readable storage medium.
  - 5. The apparatus of claim 4, wherein the one or more security-related software programs are removed in order to decrease security operating cost for a company at whose site the apparatus is deployed.
  - 6. The apparatus of claim 1, wherein the one or more computer network interfaces include interfaces to a plurality of networks;
    - wherein a first network, of the plurality of networks, is for receiving and routing client span/tap traffic;
      
      wherein a second network, of the plurality of networks, is a private management network that allows intra-virtual machine (“
      
      VM”
      
      ) communication and communication between other devices; and
      
      wherein a third network, of the plurality of networks, is a network for connection to the client site for scanning and testing and external connectivity.
  - 7. The apparatus of claim 1, wherein the virtualization environment comprises a cluster of virtual servers and a network attached storage device.
  - 8. The apparatus of claim 1, wherein the computer-readable storage medium stores a configuration of one or more analytic engines;
    - wherein the one or more analytic engines execute upon the one or more data processors in order to perform data fusion with respect to the computer network security analysis data that is generated by two or more network security data collector programs.
  - 9. The apparatus of claim 8, wherein the one or more analytic engines and the two or more network security data collector programs generate security-related analysis data that is sent to the remote location for security-related analysis.
  - 10. The apparatus of claim 9, wherein the security-related analysis data that is generated by the one or more analytic engines and the two or more network security data collector programs are displayed on computer graphical user interfaces at the remote location for the security-related analysis.
  - 11. The apparatus of claim 10, wherein a network communication is terminated by the remote location in response to the security-related analysis data that is generated by the one or more analytic engines or the two or more network security data collector programs.
  - 12. The apparatus of claim 8, wherein a network communication is automatically terminated by a program operating within the virtualization environment in response to the security-related analysis data that is generated by the one or more analytic engines or the two or more network security data collector programs.
  - 13. The apparatus of claim 12, wherein the program operating within the virtualization environment further sends a security-related threat notification to the remote location in response to the security-related analysis data that is generated by the one or more analytic engines and the two or more network security data collector programs.
  - 14. The apparatus of claim 1, wherein the one or more computer network interfaces are configured to automatically connect to the remote location after initial deployment of the apparatus;
    - wherein the one or more computer network interfaces are configured to receive data, from the remote location, that allows the remote location to remotely manage one or more virtual machines that operate within the virtualization environment.

15. A method, comprising:
- acquiring, by one or more processors of a security device, data that is related to a computer networked environment;
  
  storing, on a computer-readable storage medium associated with the security device, a virtualization environment that includes a configuration of a first set of network security data collector programs;
  
  generating, by the one or more processors of the security device, via the one or more network security data collector programs of the first set of network security data collector programs, computer network security analysis data, the computer network security analysis data being based on the acquired data that is related to the computer networked environment, wherein the generated computer security analysis data indicates a security threat;
  
  sending, by the one or more processors of the security device, the generated computer network security analysis data to a remote device, the remote device being physically separate from the security device;
  
  receiving, based on the sent computer network security analysis data, by the security device, and from the remote device, a second set of network security data collector programs, the second set of network security data collector programs being different from the first set of network security data collector programs, wherein the second set of network security data collector programs are selected based on an identification of the security threat;
  
  replacing, by the security device, the first set of network security data collector programs with the second set of network security data collector programs;
  
  acquiring, after replacing the first set of network security data collector programs and by the security device, additional data related to the computer networked environment;
  
  generating, by the one or more processors of the security device, via the second set of network security data collector programs, additional computer network security analysis data, the additional computer network security analysis data being based on the additional acquired data that is related to the computer networked environment;
  
  detecting a fault condition with respect to a blade, of a particular apparatus comprising a plurality of blades, containing a particular virtual machine that is configured to perform one or more computer network security operations with respect to the computer networked environment; and
  
  transferring, based on detecting the fault condition, the particular virtual machine to another blade of the particular apparatus,wherein the transferring of the virtual machine allows the virtual machine to continue to operate in a degraded performance mode.
- View Dependent Claims (16)
- - 16. The method of claim 15, wherein acquiring the data includes performing a full traffic capture of data sent and received by the computer networked environment.

17. A non-transitory computer-readable medium, comprising:
- a plurality of computer-executable instructions that, when executed by one or more processors of a security device, cause the one or more processors to;
  
  acquire data that is related to a computer networked environment;
  
  store a virtualization environment that includes a first configuration of a first set of network security data collector programs;
  
  generate, via the one or more network security data collector programs of the first set of network security data collector programs, computer network security analysis data, the computer network security analysis data being based on the acquired data that is related to the computer networked environment, wherein the generated computer security analysis data indicates a security threat;
  
  send the generated computer network security analysis data to a remote device, the remote device being physically separate from the security device;
  
  receive, based on the sent computer network security analysis data, from the remote device, a second set of network security data collector programs, the second set of network security data collector programs being different from the first set of network security data collector programs, wherein the second set of network security data collector programs are selected based on an identification of the security threat;
  
  generate, via the second set of network security data collector programs, additional computer network security analysis data related to the computer networked environment;
  
  detect a fault condition with respect to a blade, of a particular apparatus comprising a plurality of blades, containing a particular virtual machine that is configured to perform one or more computer network security operations with respect to the computer networked environment; and
  
  transfer, based on detecting the fault condition, the particular virtual machine to another blade of the particular apparatus,wherein the transferring of the virtual machine allows the virtual machine to continue to operate in a degraded performance mode.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
Day, Christopher Wayne, Rounsavall, Robert Lee II
Primary Examiner(s)
Lesniewski, Victor
Assistant Examiner(s)
Zaidi, Syed

Application Number

US12/559,644
Time in Patent Office

1,939 Days
Field of Search

726/22, 726/23, 713/201
US Class Current

726/22
CPC Class Codes

H04L 63/1408 by monitoring network traff...

H04L 63/1441 Countermeasures against mal...

Reconfigurable virtualized remote computer security system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Reconfigurable virtualized remote computer security system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links