Multi-node affinity-based examination for computer network security remediation
First Claim
1. A method, comprising:
- receiving a query that comprises a selection of Internet protocol (IP) addresses belonging to nodes within a network;
obtaining characteristics for the nodes;
determining communications between the nodes and communications between the nodes and any other nodes not included in the selection of IP addresses;
determining a primary affinity indicative of the communications between the nodes and a secondary affinity indicative of the communications between the nodes and the other nodes not included in the selection of IP addresses, the primary affinity and the secondary affinity further indicative of a frequency of communications between nodes;
generating a graphical user interface (GUI) that comprises representations of the nodes in the selection of IP addresses and the other nodes not included in the selection of IP addresses;
placing links between the representations of the nodes in the selection of IP addresses and the representations of the other nodes not included in the selection of IP addresses based on the primary affinity and the secondary affinity;
providing the GUI to a user;
applying at least one of a cyber security policy or a network ruleset;
altering the representations for nodes that fail to comply with the cyber security policy or the network ruleset such that the representations are visually distinct compared to the nodes that comply with the cyber security policy or the network ruleset;
receiving user input associated with either one of the nodes or one of the links; and
sending a message in response to the user input, the message including instructions to bring at least one of the nodes that fail to comply with the cyber security policy or the network ruleset into compliance with the cyber security policy or the network ruleset.
2 Assignments
0 Petitions
Accused Products
Abstract
Multi-node affinity-based examination for computer network security remediation is provided herein. Exemplary methods may include receiving a query that includes a selection of Internet protocol (IP) addresses belonging to nodes within a network, obtaining characteristics for the nodes, determining communications between the nodes and communications between the nodes and any other nodes not included in the selection, determining a primary affinity indicative of communication between the nodes and a secondary affinity indicative of communication between the nodes and the other nodes not included in the selection, and generating a graphical user interface (GUI) that includes representations of the nodes in the range and the other nodes outside the range, placing links between the nodes in the selection and the other nodes not included in the selection based on the primary affinity and the secondary affinity, and providing the graphical user interface to a user.
-
Citations
18 Claims
-
1. A method, comprising:
-
receiving a query that comprises a selection of Internet protocol (IP) addresses belonging to nodes within a network; obtaining characteristics for the nodes; determining communications between the nodes and communications between the nodes and any other nodes not included in the selection of IP addresses; determining a primary affinity indicative of the communications between the nodes and a secondary affinity indicative of the communications between the nodes and the other nodes not included in the selection of IP addresses, the primary affinity and the secondary affinity further indicative of a frequency of communications between nodes; generating a graphical user interface (GUI) that comprises representations of the nodes in the selection of IP addresses and the other nodes not included in the selection of IP addresses; placing links between the representations of the nodes in the selection of IP addresses and the representations of the other nodes not included in the selection of IP addresses based on the primary affinity and the secondary affinity; providing the GUI to a user; applying at least one of a cyber security policy or a network ruleset; altering the representations for nodes that fail to comply with the cyber security policy or the network ruleset such that the representations are visually distinct compared to the nodes that comply with the cyber security policy or the network ruleset; receiving user input associated with either one of the nodes or one of the links; and sending a message in response to the user input, the message including instructions to bring at least one of the nodes that fail to comply with the cyber security policy or the network ruleset into compliance with the cyber security policy or the network ruleset. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system, comprising:
-
a query processing module that; receives a query that comprises a selection of Internet protocol (IP) addresses belonging to nodes within a network; a data gathering module that; obtains characteristics for the nodes; and determines communications between the nodes and communications between the nodes and any other nodes not included in the selection of IP addresses; an affinity analysis module that; determines a primary affinity indicative of the communications between the nodes and a secondary affinity indicative of the communications between the nodes and the other nodes not included in the selection of IP addresses, the primary affinity and the secondary affinity further indicative of a frequency of communications between nodes; a graphics engine that; generates a graphical user interface (GUI) that comprises representations of the nodes in the selection of IP addresses and the other nodes not included in the selection of IP addresses; places links between the representations of the nodes in the selection of IP addresses and the representations of the other nodes not included in the selection of IP addresses based on the primary affinity and the secondary affinity; and provides the GUI to a user; and a security module that; applies at least one of a cyber security policy or a network ruleset; receives user input associated with either one of the nodes or one of the links; and sends a message in response to the user input, the message including instructions to bring at least one of the nodes that fail to comply with the cyber security policy or the network ruleset into compliance with the cyber security policy or the network ruleset. - View Dependent Claims (16, 17, 18)
-
Specification