×

Systems and methods for providing network security monitoring

  • US 9,240,976 B1
  • Filed: 01/06/2015
  • Issued: 01/19/2016
  • Est. Priority Date: 01/06/2015
  • Status: Active Grant
First Claim
Patent Images

1. A system for providing security monitoring in a computer network, comprising:

  • one or more computing devices;

    a network device element configured to receive a data packet;

    a ghost network, implemented on the one or more computing devices, configured to replicate functionality of one or more network nodes in the computer network; and

    a security monitoring device, implemented on the one or more computing devices, comprising;

    a data collector configured to gather and process network configuration data, wherein the ghost network is generated automatically based on the gathered network configuration data, and wherein the network configuration data comprises network addresses, subnets of interfaces of the one or more network nodes, access control lists, and routing tables;

    a configuration manager configured to;

    identify a service accessible via a network port of a network node in the computer network;

    change configuration of the identified service based on the gathered network configuration data; and

    configure a trap for network traffic directed to the identified service including one or more criterion, the one or more criterion selected based on the gathered network configuration data; and

    a monitor configured to;

    determine whether the data packet meets the one or more criterion of the trap; and

    redirect the data packet to the ghost network when the data packet meets the one or more criterion of the trap.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×