Systems and methods for network analysis and reporting
First Claim
Patent Images
1. A computer-implemented method comprising:
- collecting, by a computer system, data from a plurality of different types of sources, wherein the collected data includes network data and asset data;
identifying, by the computer system based on the network data, a network traffic event and a plurality of network assets related to the network traffic event;
identifying, by the computer system based on the asset data, connections between the plurality of network assets, wherein at least one of a characteristic of a connection between network assets or a characteristic of a network asset is identified based at least partially on an attribute selected from the collected data;
in response to detecting, based on the collected data, a change in an attribute of a first network asset associated with a first logical zone, moving the first network asset from the first logical zone to a second logical zone, the moving comprising updating a database to indicate that the first network asset is a member of the second logical zone, and wherein based on membership in the second logical zone, communication between the first network asset and other network assets is blocked;
generating, by the computer system, a flow information graph that depicts the plurality of network assets and the connections between the plurality of network assets, wherein the plurality of network assets includes the first network asset, and the flow information graph depicts network traffic that is allowed between network assets and network traffic that is blocked between network assets;
presenting the flow information graph via a display of a user interface in communication with the computer system, wherein the flow information graph depicts connections between the network assets using selectable directional flow lines; and
in response to selection, by a user via the user interface, of a respective flow line associated with a connection from the plurality of connections, displaying the characteristics of the selected connection including displaying rules for allowing and blocking traffic over the selected connection.
4 Assignments
0 Petitions
Accused Products
Abstract
Among other things, embodiments of the present disclosure can collect and analyze asset and network data from multiple sources, and use such data to present a more complete and accurate representation of the network connections between various systems and software applications and the policies dictating the operation of security controls on a network compared to conventional systems.
88 Citations
17 Claims
-
1. A computer-implemented method comprising:
-
collecting, by a computer system, data from a plurality of different types of sources, wherein the collected data includes network data and asset data; identifying, by the computer system based on the network data, a network traffic event and a plurality of network assets related to the network traffic event; identifying, by the computer system based on the asset data, connections between the plurality of network assets, wherein at least one of a characteristic of a connection between network assets or a characteristic of a network asset is identified based at least partially on an attribute selected from the collected data; in response to detecting, based on the collected data, a change in an attribute of a first network asset associated with a first logical zone, moving the first network asset from the first logical zone to a second logical zone, the moving comprising updating a database to indicate that the first network asset is a member of the second logical zone, and wherein based on membership in the second logical zone, communication between the first network asset and other network assets is blocked; generating, by the computer system, a flow information graph that depicts the plurality of network assets and the connections between the plurality of network assets, wherein the plurality of network assets includes the first network asset, and the flow information graph depicts network traffic that is allowed between network assets and network traffic that is blocked between network assets; presenting the flow information graph via a display of a user interface in communication with the computer system, wherein the flow information graph depicts connections between the network assets using selectable directional flow lines; and in response to selection, by a user via the user interface, of a respective flow line associated with a connection from the plurality of connections, displaying the characteristics of the selected connection including displaying rules for allowing and blocking traffic over the selected connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A tangible, non-transitory computer-readable medium storing instructions that, when executed, cause a computer system to:
-
collect data from a plurality of different types of sources, wherein the collected data includes network data and asset data; identify, based on the network data, a network traffic event and a plurality of network assets related to the network traffic event; identify, based on the asset data, connections between the plurality of network assets, wherein at least one of a characteristic of a connection between network assets or a characteristic of a network asset is identified based at least partially on an attribute selected from the collected data; in response to detecting, based on the collected data, a change in an attribute of a first network asset associated with a first logical zone, move the first network asset from the first logical zone to a second logical zone, the moving comprising updating a database to indicate that the first network asset is a member of the second logical zone, and wherein based on membership in the second logical zone, communication between the first network asset and other network assets is blocked; generate a flow information graph that depicts the plurality of network assets and the connections between the plurality of network assets, wherein the plurality of network assets includes the first network asset, and the flow information graph depicts network traffic that is allowed between network assets and network traffic that is blocked between network assets; present the flow information graph via a display of a user interface in communication with the computer system, wherein the flow information graph depicts connections between the network assets using selectable directional flow lines; and in response to selection, by a user via the user interface, of a respective flow line associated with a connection from the plurality of connections, display the characteristics of the selected connection including displaying rules for allowing and blocking traffic over the selected connection.
-
-
17. A computer system comprising:
-
a processor; and memory in communication with the processor and storing instructions that, when executed by the processor, cause the computer system to; collect data from a plurality of different types of sources, wherein the collected data includes network data and asset data; identify, based on the network data, a network traffic event and a plurality of network assets related to the network traffic event; identify, based on the asset data, connections between the plurality of network assets, wherein at least one of a characteristic of a connection between network assets or a characteristic of a network asset is identified based at least partially on an attribute selected from the collected data; in response to detecting, based on the collected data, a change in an attribute of a first network asset associated with a first logical zone, move the first network asset from the first logical zone to a second logical zone, the moving comprising updating a database to indicate that the first network asset is a member of the second logical zone, and wherein based on membership in the second logical zone, communication between the first network asset and other network assets is blocked; generate a flow information graph that depicts the plurality of network assets and the connections between the plurality of network assets, wherein the plurality of network assets includes the first network asset, and the flow information graph depicts network traffic that is allowed between network assets and network traffic that is blocked between network assets; and present the flow information graph via a display of a user interface in communication with the computer system, wherein the flow information graph depicts connections between the network assets using selectable directional flow lines; and in response to selection, by a user via the user interface, of a respective flow line associated with a connection from the plurality of connections, display the characteristics of the selected connection including displaying rules for allowing and blocking traffic over the selected connection.
-
Specification