System and method for securing a network
First Claim
1. A method for securing a secured area that includes a network connecting a plurality of computers that comprise a plurality of processors, said method comprising:
- defining a plurality of rules pertaining to said secured area, wherein the plurality of rules are stored on one of said computers;
validating one or more source and destination IP address pairs listed in a communications log from internal packet flow data on the network from one or more communication sources inside of the secured area of the network for compliance with said plurality of rules, wherein said plurality of rules includes consideration of the source IP address and defines permissibility of communication from the source IP address to the destination IP address;
generating a threat assessment metric based on the permissibility of communication from the source IP address to the destination IP address;
comparing the threat assessment metric with a predetermined threshold value to determine whether said given communications source is in compliance with said plurality of rules; and
wherein said secured area comprises a plurality of domains and a plurality of networks, said method further comprising defining hierarchical domains on the networks, wherein the network said security rules are hierarchical network security rules, and wherein hierarchical network security rules are associated with hierarchical domains on the networks, and wherein a first domain is defined as a subset of a second domain and wherein associating one or more rules with said second domain automatically associates the one or more rules with said first domain.
0 Assignments
0 Petitions
Accused Products
Abstract
Communications can be proactively monitored using a system that is rules-based instead of anomaly-based or signature-based. Large quantities of information can be processed to deliver actionable information in a timely and prioritized fashion. The system can include a graphical dashboard interface to facilitate the management of a network or a network of overlapping networks. The system can be used to monitor, validate, and tune all or substantially all security controls within the secured area that include all of the networks for a particular enterprise. Unique address identification heuristics and source address identification heuristics can be incorporated into the system.
12 Citations
12 Claims
-
1. A method for securing a secured area that includes a network connecting a plurality of computers that comprise a plurality of processors, said method comprising:
-
defining a plurality of rules pertaining to said secured area, wherein the plurality of rules are stored on one of said computers; validating one or more source and destination IP address pairs listed in a communications log from internal packet flow data on the network from one or more communication sources inside of the secured area of the network for compliance with said plurality of rules, wherein said plurality of rules includes consideration of the source IP address and defines permissibility of communication from the source IP address to the destination IP address; generating a threat assessment metric based on the permissibility of communication from the source IP address to the destination IP address; comparing the threat assessment metric with a predetermined threshold value to determine whether said given communications source is in compliance with said plurality of rules; and wherein said secured area comprises a plurality of domains and a plurality of networks, said method further comprising defining hierarchical domains on the networks, wherein the network said security rules are hierarchical network security rules, and wherein hierarchical network security rules are associated with hierarchical domains on the networks, and wherein a first domain is defined as a subset of a second domain and wherein associating one or more rules with said second domain automatically associates the one or more rules with said first domain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
Specification