Subscriber based protection system
First Claim
1. A system comprising:
- one or more network devices including a first network device configured to receive a portion of network traffic, the first network device comprises one or more virtual machines that, based on a subscribed protection level, performs operations in response to a processing of the received portion of the analyzed network traffic, the first network device being further configured to (i) monitor behaviors of the one or more virtual machines during processing of the portion of the analyzed network traffic, (ii) detect whether at least a behavior of the behaviors is anomalous, and (iii) generate an identifier for malware being part of the portion of the analyzed network in response to at least the detected behavior; and
a management system communicatively coupled to the one or more network devices, the management system to control a setting of the subscribed protection level for the first network device that controls a frequency of receipt of identifiers associated with analyzed network traffic from a second network device of the one or more network devices by the first network device, the second network device being different from the first network device.
5 Assignments
0 Petitions
Accused Products
Abstract
A system features one or more network devices communicatively coupled to a management system. Configured to receive a portion of the network traffic, a first network device features one or more virtual machines that, based on a subscribed protection level, (i) perform network activities in response to a processing of the received portion of the analyzed network traffic, (ii) monitor behaviors of the one or more virtual machines during processing of the portion of the analyzed network traffic, (iii) determine whether the behaviors are anomalous, and (iv) generate an identifier for the portion of the analyzed network traffic associated with monitored behaviors being anomalous. The management system controls a setting of the protection level for the first network device to alter a frequency of receipt of identifiers associated with analyzed network traffic from a second network device of the one or more network devices different from the first network device.
747 Citations
21 Claims
-
1. A system comprising:
-
one or more network devices including a first network device configured to receive a portion of network traffic, the first network device comprises one or more virtual machines that, based on a subscribed protection level, performs operations in response to a processing of the received portion of the analyzed network traffic, the first network device being further configured to (i) monitor behaviors of the one or more virtual machines during processing of the portion of the analyzed network traffic, (ii) detect whether at least a behavior of the behaviors is anomalous, and (iii) generate an identifier for malware being part of the portion of the analyzed network in response to at least the detected behavior; and a management system communicatively coupled to the one or more network devices, the management system to control a setting of the subscribed protection level for the first network device that controls a frequency of receipt of identifiers associated with analyzed network traffic from a second network device of the one or more network devices by the first network device, the second network device being different from the first network device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A network device adapted for communicative coupling with a management system, the network device comprising:
-
one or more virtual machines configured to perform operations in response to a processing of a portion of received network traffic; and a controller device communicatively coupled to the one or more virtual machines, the controller device to (i) monitor behaviors of the one or more virtual machines during processing of the portion of the received network traffic and (ii) determine, based on the monitored behaviors, whether a first computer system communicatively coupled to the network device is subject to an attack, wherein a level of service provided by the network device in protecting a network including at least the first computer system against the attack is set by the management system based on a selected subscription rate for the network device, the selected subscription rate controls a frequency in receipt of identifiers associated with malware detected by a second network device different than the network device. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A system for detecting and blocking malware, comprising:
-
a network that comprises a plurality of computer systems including a first computer system; a network device including one or more virtual machines configured to perform operations during processing of a portion of received network traffic and a controller, communicatively coupled to the one or more virtual machines, to (i) monitor behaviors of the one or more virtual machines during processing of the portion of the received network traffic and (ii) determine, based on the monitored behaviors, whether the first computer system that is part of the network is subject to an attack; and a management system communicatively coupled to the network device, the management system to continue to provide a level of protection that includes continued activation of the network device in processing a second portion of the received network traffic received subsequent to the portion of the received network traffic based on a receipt of a payment of a subscription fee, the subscription fee being based, at least in part, on a size of the subscriber network. - View Dependent Claims (20, 21)
-
Specification