Systems and methods for providing network security monitoring
First Claim
1. A system for providing security monitoring in a computer network, comprising:
- one or more computing devices;
a network device element configured to receive a data packet;
a ghost network, implemented on the one or more computing devices, configured to replicate functionality of one or more network nodes in the computer network; and
a security monitoring device, implemented on the one or more computing devices, comprising;
a data collector configured to gather and process network configuration data, wherein the ghost network is generated automatically based on the gathered network configuration data, and wherein the network configuration data comprises network addresses, subnets of interfaces of the one or more network nodes, access control lists, and routing tables;
a configuration manager configured to;
identify a service accessible via a network port of a network node in the computer network;
change configuration of the identified service based on the gathered network configuration data; and
configure a trap for network traffic directed to the identified service including one or more criterion, the one or more criterion selected based on the gathered network configuration data; and
a monitor configured to;
determine whether the data packet meets the one or more criterion of the trap; and
redirect the data packet to the ghost network when the data packet meets the one or more criterion of the trap.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are disclosed for providing security monitoring in a computer network, in an embodiment, a service accessible via a network port of a network node within the network is identified. The assigned port number for the identified service is changed to a second port number and a trap is configured including one or more criterion. A trap may be configured to capture network traffic that meets the one or more criterion of the trap. A data packet is then received. It is determined whether data packet meets the one or more criterion of the configured trap, and if so, the data packet is redirected to a ghost network. The ghost network may replicate network services, applications, and infrastructure in the computer network. The ghost network may additionally gather activity data based on the redirected data packet.
-
Citations
29 Claims
-
1. A system for providing security monitoring in a computer network, comprising:
-
one or more computing devices; a network device element configured to receive a data packet; a ghost network, implemented on the one or more computing devices, configured to replicate functionality of one or more network nodes in the computer network; and a security monitoring device, implemented on the one or more computing devices, comprising; a data collector configured to gather and process network configuration data, wherein the ghost network is generated automatically based on the gathered network configuration data, and wherein the network configuration data comprises network addresses, subnets of interfaces of the one or more network nodes, access control lists, and routing tables; a configuration manager configured to; identify a service accessible via a network port of a network node in the computer network; change configuration of the identified service based on the gathered network configuration data; and configure a trap for network traffic directed to the identified service including one or more criterion, the one or more criterion selected based on the gathered network configuration data; and a monitor configured to; determine whether the data packet meets the one or more criterion of the trap; and redirect the data packet to the ghost network when the data packet meets the one or more criterion of the trap. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for providing security monitoring in a computer network, comprising:
-
gathering and processing network configuration data, wherein the network configuration data comprises network addresses, subnets of interfaces of one or more network nodes, access control lists, and routing tables; identifying a service accessible via a network port of a network node; changing configuration of the identified service based on the gathered network configuration data; configuring a trap for network traffic directed to the identified service including one or more criterion, the one or more criterion selected based on the gathered network configuration data; receiving a data packet at a monitor; determining whether the data packet meets the one or more criterion of the trap; and redirecting the data packet to a ghost network when the data packet meets the one or more criterion of the trap, wherein the ghost network replicates functionality provided by the network node, and wherein the ghost network is generated automatically based on the gathered network configuration data. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A non-transitory computer-readable storage device having instructions stored thereon that, when executed by at least one computing device, causes the at least one computing device to perform operations comprising:
-
gathering and processing network configuration data, wherein the network configuration data comprises network addresses, subnets of interfaces of one or more network nodes, access control lists, and routing tables; identifying a service accessible via a network port of a network node; changing configuration of the identified service based on the gathered network configuration data; configuring a trap including one or more criterion; receiving a data packet at a monitor; determining whether the data packet meets the one or more criterion of the trap; and redirecting the data packet to a ghost network when the data packet meets the one or more criterion of the trap, wherein the ghost network replicates functionality provided by the network node, and wherein the ghost network is generated automatically based on the gathered network configuration data.
-
Specification