System and method for securing a network

US 9,648,039 B1
Filed: 01/24/2008
Issued: 05/09/2017
Est. Priority Date: 01/24/2008
Status: Active Grant

First Claim

Patent Images

1. A method for securing a secured area that includes a network connecting a plurality of computers that comprise a plurality of processors, said method comprising:

defining a plurality of rules pertaining to said secured area, wherein the plurality of rules are stored on one of said computers;

validating one or more source and destination IP address pairs listed in a communications log from internal packet flow data on the network from one or more communication sources inside of the secured area of the network for compliance with said plurality of rules, wherein said plurality of rules includes consideration of the source IP address and defines permissibility of communication from the source IP address to the destination IP address;

generating a threat assessment metric based on the permissibility of communication from the source IP address to the destination IP address;

comparing the threat assessment metric with a predetermined threshold value to determine whether said given communications source is in compliance with said plurality of rules; and

wherein said secured area comprises a plurality of domains and a plurality of networks, said method further comprising defining hierarchical domains on the networks, wherein the network said security rules are hierarchical network security rules, and wherein hierarchical network security rules are associated with hierarchical domains on the networks, and wherein a first domain is defined as a subset of a second domain and wherein associating one or more rules with said second domain automatically associates the one or more rules with said first domain.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Communications can be proactively monitored using a system that is rules-based instead of anomaly-based or signature-based. Large quantities of information can be processed to deliver actionable information in a timely and prioritized fashion. The system can include a graphical dashboard interface to facilitate the management of a network or a network of overlapping networks. The system can be used to monitor, validate, and tune all or substantially all security controls within the secured area that include all of the networks for a particular enterprise. Unique address identification heuristics and source address identification heuristics can be incorporated into the system.

12 Citations

View as Search Results

12 Claims

1. A method for securing a secured area that includes a network connecting a plurality of computers that comprise a plurality of processors, said method comprising:
- defining a plurality of rules pertaining to said secured area, wherein the plurality of rules are stored on one of said computers;
  
  validating one or more source and destination IP address pairs listed in a communications log from internal packet flow data on the network from one or more communication sources inside of the secured area of the network for compliance with said plurality of rules, wherein said plurality of rules includes consideration of the source IP address and defines permissibility of communication from the source IP address to the destination IP address;
  
  generating a threat assessment metric based on the permissibility of communication from the source IP address to the destination IP address;
  
  comparing the threat assessment metric with a predetermined threshold value to determine whether said given communications source is in compliance with said plurality of rules; and
  
  wherein said secured area comprises a plurality of domains and a plurality of networks, said method further comprising defining hierarchical domains on the networks, wherein the network said security rules are hierarchical network security rules, and wherein hierarchical network security rules are associated with hierarchical domains on the networks, and wherein a first domain is defined as a subset of a second domain and wherein associating one or more rules with said second domain automatically associates the one or more rules with said first domain.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the threat assessments is associated with a unique addresses, and, wherein a hash table is used to identify unique addresses from the communication data, wherein at least one threat assessment is numerical, wherein no unique address is associated.
  - 3. The method of claim 1, further comprising:
    - displaying a safe domain in a first color, displaying a domain associated with a threat or a vulnerability as a second color, displaying a domain associated with a threat and a vulnerability as a third color, and providing a graphical representation of at least a subset of the threats and risks within an enterprise.
  - 4. The method of claim 1, further comprising authorizing a communication on a per port level, and validating the type of communication as being either authorized or unauthorized.
  - 5. The method of claim 1, wherein the threat assessments is associated with a unique addresses, further comprising receiving at least a subset of the communications data from a plurality of communication logs, normalizing the communication data before identifying the unique addresses, and receiving global threat information, wherein at least one numerical threat assessment is influenced by the global threat information.
  - 6. The method of claim 1, further comprising automatically creating numerical threat assessments and automatically prioritizing potential threats in substantial accordance with the numerical threat assessments, wherein numerical threat assessments are created for an authorized communication and an unauthorized communications.
  - 7. The method of claim 1, further comprising associating the threat assessment with a unique destination IP address, wherein the identification of a particular unique destination IP addresses is not influenced by the frequency of communications originating from that unique address and wherein a voting heuristic is used to influence the identification of the unique addresses.
  - 8. The method of claim 1, further comprising associating the threat assessment with a unique destination IP address and distinguishing between unique destination IP addresses that are sources and unique destination IP addresses that are not sources by invoking a source destination identification heuristic.
  - 9. The method of claim 1, further comprising interrogating an unauthorized communication to set a malicious intent assessment, creating a plurality of threat assessments, identifying an enterprise risk, and displaying at least a subset of said treat assessments and said enterprise risk in a graphical format on a security dashboard interface.
  - 10. The method of claim 1, wherein a said security dashboard interface can provides for presenting a plurality of identified threats and a plurality of identified risks in order of importance, and wherein said security dashboard interface can further provides for generating a enterprise risk propagation prediction and identify one or more preventative measures on a domain by domain basis.
  - 11. The method of claim 1, further comprising:
    - creating threat assessments that are associated with all or substantially of the monitored communications;
      
      assessing vulnerability attributes and using the vulnerability attributes in conjunction with the threat assessments to create risk assessments that are associated with the threats that are associated with threat assessments;
      
      automatically prioritizing risk assessments; and
      
      displaying the threats in accordance with the magnitude of the corresponding risk assessment.
  - 12. The method of claim 1, further comprising creating a graphical policy compliance report automatically without human intervention, wherein said graphical policy compliance report is a two dimensional matrix.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RazorThreat, Inc.
Original Assignee
RazorThreat, Inc.
Inventors
Lipinski, Michael J., Einwechter, Nathan
Primary Examiner(s)
Hailu, Teshome

Application Number

US12/019,482
Time in Patent Office

3,393 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 21/6218   to a system of files or obj...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

System and method for securing a network

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for securing a network

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links