Using a flow database to automatically configure network traffic visibility systems

US 11,343,143 B2
Filed: 12/22/2016
Issued: 05/24/2022
Est. Priority Date: 12/22/2016
Status: Active Grant

First Claim

Patent Images

1. A network monitoring device for configuring managed objects in a monitored network having a plurality of objects comprising:

a storage repository for storing network traffic flow information;

one or more network interfaces communicatively coupled to the monitored network having a plurality of network nodal devices;

providing a Graphical User Interface (GUI) responsive to a user interfacing for interactive analysis of flow record; and

a processor coupled to each of the storage repository, one or more network interfaces and GUI, wherein the processor upon execution of instructions is configured to;

receive from the storage repository a plurality of flow records from the plurality of network nodal devices;

analyze the plurality of flow records according to user-specified criteria to identify one or more network traffic patterns relating to network security violations;

identify a plurality of network entities associated with the one or more identified network traffic patterns;

determine a single managed data object comprising the identified plurality of network entities;

determine if there is a pre-existing single managed data object associated with the identified plurality of network entities;

generate a single managed data object comprising the identified plurality of network entities if it is determined there is not a pre-existing managed data object associated with the identified plurality of network entities;

suggest configuration changes for the single managed data object having the identified plurality of network entities associated with the one or more identified network traffic patterns; and

re-configure the single managed data object with the suggested configuration changes without user intervention to mitigate network security violations, whereby the single managed data object is split into at least two separate managed data objects, wherein each separate managed data object relates to a respective network attack vector.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for configuring a network monitoring device is provided. A plurality of flow records is received. The plurality of flow records is analyzed according to user-specified criteria to identify one or more network traffic patterns. A plurality of network entities associated with the one or more identified network traffic patterns is identified. A managed object including the identified plurality of network entities is generated.

10 Citations

View as Search Results

6 Claims

1. A network monitoring device for configuring managed objects in a monitored network having a plurality of objects comprising:
- a storage repository for storing network traffic flow information;
  
  one or more network interfaces communicatively coupled to the monitored network having a plurality of network nodal devices;
  
  providing a Graphical User Interface (GUI) responsive to a user interfacing for interactive analysis of flow record; and
  
  a processor coupled to each of the storage repository, one or more network interfaces and GUI, wherein the processor upon execution of instructions is configured to;
  
  receive from the storage repository a plurality of flow records from the plurality of network nodal devices;
  
  analyze the plurality of flow records according to user-specified criteria to identify one or more network traffic patterns relating to network security violations;
  
  identify a plurality of network entities associated with the one or more identified network traffic patterns;
  
  determine a single managed data object comprising the identified plurality of network entities;
  
  determine if there is a pre-existing single managed data object associated with the identified plurality of network entities;
  
  generate a single managed data object comprising the identified plurality of network entities if it is determined there is not a pre-existing managed data object associated with the identified plurality of network entities;
  
  suggest configuration changes for the single managed data object having the identified plurality of network entities associated with the one or more identified network traffic patterns; and
  
  re-configure the single managed data object with the suggested configuration changes without user intervention to mitigate network security violations, whereby the single managed data object is split into at least two separate managed data objects, wherein each separate managed data object relates to a respective network attack vector.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The network monitoring device as recited in claim 1, wherein relationships between the plurality of network entities and the one or more identified network traffic patterns are derived based upon any of communications between the entities.
  - 3. The network monitoring device as recited in claim 1, wherein the user-specified criteria are associated with one or more network attacks and wherein the identified plurality of network entities comprises network entities targeted by the one or more network attacks.
  - 4. The network monitoring device as recited in claim 1, wherein the processor is further configured and operable to analyze the plurality of flow records and is further configured and operable to, for each one of the plurality of flow records, estimate a path that network traffic that belongs to that flow at least likely flows through and wherein the identified plurality of network entities includes one or more network entities along the estimated path.
  - 5. The network monitoring device as recited in claim 1, wherein the processor is further configured and operable to analyze the plurality of flow records is further configured and operable to, for each one of the plurality of flow records, determine a portion of network traffic that belongs to that flow.
  - 6. The network monitoring device as recited in claim 1, wherein the processor is further configured to depict the suggested configuration changes on the GUI to present information conveying effects of the suggested configuration changes of the single managed data object devices to a user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arbor Networks Incorporated (NetScout Systems Incorporated)
Original Assignee
Arbor Networks Incorporated (NetScout Systems Incorporated)
Inventors
Hay, Ronald G., Winquist, James E., Mortensen, Andrew D., Northway, Jr., William M., Huston, III, Lawrence B.
Primary Examiner(s)
Whipple, Brian

Application Number

US15/389,006
Publication Number

US 20180183714A1
Time in Patent Office

1,979 Days
Field of Search
US Class Current
CPC Class Codes

H04L 41/0816 the condition being an adap...

H04L 67/1097 for distributed storage of ...

Using a flow database to automatically configure network traffic visibility systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

10 Citations

6 Claims

Specification

Solutions

Use Cases

Quick Links

Using a flow database to automatically configure network traffic visibility systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

6 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links