METHODS AND SYSTEMS FOR IMPROVING ANALYTICS IN DISTRIBUTED NETWORKS
First Claim
1. A system for improving analytics in a distributed network, the system comprising:
- at least one processor operable to;
execute a security policy on a network packet;
collect network information from the network packet; and
generate a result from an analysis;
an analytics module operable to analyze the network information with additional group information from the security policy; and
a security policy module operable to;
define the security policy; and
update the security policy based on the generated result.
5 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for improving analytics in a distributed network are described herein. An example system can comprise at least one processor, an analytics module, and a security policy module. The security policy module is operable to define a security policy. The security policy is executed by the processor on a network packet. Furthermore, the processor collects network information from the network packet. The analytics module is operable to analyze the network information with additional group information from the security policy. The analysis is used by the processor to generate the result. Based on the generated result, the security policy module updates the security policy.
133 Citations
20 Claims
-
1. A system for improving analytics in a distributed network, the system comprising:
-
at least one processor operable to; execute a security policy on a network packet; collect network information from the network packet; and generate a result from an analysis; an analytics module operable to analyze the network information with additional group information from the security policy; and a security policy module operable to; define the security policy; and update the security policy based on the generated result. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for improving analytics in a distributed network, the method comprising:
-
defining a security policy; executing the security policy on a network packet; collecting network information from the network packet; analyzing the network information with additional group information from the security policy; generating a result from the analysis; and updating the security policy based on the generated result. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A system for improving analytics in a distributed network, the system comprising:
-
at least one processor operable to; execute a security policy on a network packet, wherein the security policy is associated with at least one group, the at least one group including at least one host; collect network information from the network packet; generate a result from an analysis; an analytics module operable to; analyze the network information with additional group information from the security policy, wherein the analyzing includes at least one of the following; determining Domain Name System (DNS) information for the network packet; based on the DNS information, determining if a Domain Generation Algorithm (DGA) was used to generate a domain name of a domain associated with the network packet; and based on log information associated with at least one group, checking the network information for security threats; a security policy module operable to; define the security policy; and update the security policy based on the generated result, wherein the updating includes one or more of the following; generating an enforcement policy associated with at least one group; applying Packet Capture (PCAP) to analyze contents of the network packet associated with at least one group; and modifying a monitoring policy associated with the at least one group.
-
Specification