Secure self-organizing and self-provisioning anomalous event detection systems
First Claim
1. A method for supporting managed security services, the method comprising:
- scanning an enterprise network that includes a plurality of interconnected networks to locate a database storing a rule set specifying a security policy for the enterprise network;
accessing the database over a secure communication link to retrieve the rule set; and
monitoring one of the networks according to the retrieved rule set.
10 Assignments
0 Petitions
Accused Products
Abstract
An approach for providing managed security services is disclosed. A database, within a server or a pre-existing anomalous event detection system, stores a rule set specifying a security policy for a network associated with a customer. An anomalous detection event module is deployed within a premise of the customer and retrieves rule sets from the database. The anomalous detection event module monitors a sub-network of the network based on the rule sets. The anomalous event detection module is further configured to self-organize by examining components of the network and to monitor for anomalous events according to the examined components, and to self-provision by selectively creating another instance of the anomalous detection event module to monitor another sub-network of the network.
48 Citations
29 Claims
-
1. A method for supporting managed security services, the method comprising:
-
scanning an enterprise network that includes a plurality of interconnected networks to locate a database storing a rule set specifying a security policy for the enterprise network;
accessing the database over a secure communication link to retrieve the rule set; and
monitoring one of the networks according to the retrieved rule set. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for providing managed security services, the system comprising:
-
a database configured to store a rule set specifying a security policy for a network associated with a customer; and
an anomalous detection event module deployed within a premise of the customer and configured to retrieve the rule set from the database and to monitor a sub-network within the network based on the rule set, wherein the anomalous event detection module is further configured to self-organize by examining components of the network and to monitor for the anomalous event according to the examined components, and to self-provision by selectively creating another instance of the anomalous detection event module to monitor another sub-network of the network. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer-readable medium carrying one or more sequences of one or more instructions for supporting managed security services, the one or more sequences of one or more instructions including instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of:
-
scanning an enterprise network that includes a plurality of interconnected networks to locate a database storing a rule set specifying a security policy for the enterprise network;
accessing the database over a secure communication link to retrieve the rule set; and
monitoring one of the networks according to the retrieved rule set. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A network apparatus for supporting managed security services, the apparatus comprising:
-
means for scanning an enterprise network that includes a plurality of interconnected networks to locate a database storing a rule set specifying a security policy for the enterprise network;
means for accessing the database over a secure communication link to retrieve the rule set; and
means for monitoring one of the networks according to the retrieved rule set. - View Dependent Claims (24, 25, 26, 27, 28, 29)
-
Specification