METHODS AND SYSTEMS FOR IMPROVING ANALYTICS IN DISTRIBUTED NETWORKS

US 20160269442A1
Filed: 03/13/2015
Published: 09/15/2016
Est. Priority Date: 03/13/2015
Status: Active Grant

First Claim

Patent Images

1. A system for improving analytics in a distributed network, the system comprising:

at least one processor operable to;

execute a security policy on a network packet;

collect network information from the network packet; and

generate a result from an analysis;

an analytics module operable to analyze the network information with additional group information from the security policy; and

a security policy module operable to;

define the security policy; and

update the security policy based on the generated result.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for improving analytics in a distributed network are described herein. An example system can comprise at least one processor, an analytics module, and a security policy module. The security policy module is operable to define a security policy. The security policy is executed by the processor on a network packet. Furthermore, the processor collects network information from the network packet. The analytics module is operable to analyze the network information with additional group information from the security policy. The analysis is used by the processor to generate the result. Based on the generated result, the security policy module updates the security policy.

133 Citations

20 Claims

1. A system for improving analytics in a distributed network, the system comprising:
- at least one processor operable to;
  
  execute a security policy on a network packet;
  
  collect network information from the network packet; and
  
  generate a result from an analysis;
  
  an analytics module operable to analyze the network information with additional group information from the security policy; and
  
  a security policy module operable to;
  
  define the security policy; and
  
  update the security policy based on the generated result.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the security policy is associated with at least one host or one group, the at least one group including at least one host.
  - 3. The system of claim 2, wherein the at least one processor is further operable to extract group information from the security policy, the group information including group security attributes associated with the at least one group.
  - 4. The system of claim 2, wherein analyzing the network information using the analytics module correlated with the security policy includes at least one of the following:
    - analyzing network packets inside the at least one host or one group;
      
      analyzing network packets between two or more hosts or groups; and
      
      analyzing connections between the two or more hosts or groups.
  - 5. The system of claim 1, wherein the updating the security policy based on the generated result includes one or more of the following:
    - permitting a connection;
      
      denying the connectionrearranging at least one group, the rearranging including moving hosts between groups; and
      
      modifying security system parameters for the at least one group.
  - 6. The system of claim 1, wherein the analyzing the network information using the analytics module correlated with the security policy includes at least one of the following:
    - determining Domain Name Server (DNS) information for the network packet;
      
      based on the DNS information, determining if a Domain Generation Algorithm (DGA) was used to generate a domain name of a domain associated with the network packet; and
      
      based on log information associated with at least one group, checking the network information for security threats.
  - 7. The system of claim 6, wherein a result includes at least one of the following:
    - determining that the domain associated with the network packet is valid;
      
      determining that the domain associated with the network packet is invalid; and
      
      determining that the domain associated with the network packet requires an elevated scrutiny.
  - 8. The system of claim 7, wherein the elevated scrutiny includes applying a packet capture (PCAP) to further network packets associated with the domain.
  - 9. The system of claim 1, wherein the generating of the network information related to the network packet is based on log information associated with at least one group.
  - 10. The system of claim 1, wherein the updating the security policy based on the generated result includes one or more of the following:
    - generating an enforcement policy associated with at least one group;
      
      collecting Packet Capture (PCAP) to analyze contents of the network packet associated with the at least one group; and
      
      modifying a monitoring policy associated with the at least one group.

11. A method for improving analytics in a distributed network, the method comprising:
- defining a security policy;
  
  executing the security policy on a network packet;
  
  collecting network information from the network packet;
  
  analyzing the network information with additional group information from the security policy;
  
  generating a result from the analysis; and
  
  updating the security policy based on the generated result.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11, wherein the security policy is associated with at least one host or one group, the at least one group including at least one host.
  - 13. The method of claim 12, further comprising extracting group information from the security policy, the group information including group security attributes associated with the at least one group.
  - 14. The method of claim 12, wherein the analyzing the network information includes at least one of the following:
    - analyzing network packets inside the at least one host or one group;
      
      analyzing network packets between two or more hosts or groups; and
      
      analyzing connections between the two or more hosts or groups.
  - 15. The method of claim 11, wherein the updating the security policy includes one or more of the following:
    - permitting a connection;
      
      denying the connectionrearranging at least one group, the rearranging including moving hosts between groups; and
      
      modifying security system parameters for the at least one group.
  - 16. The method of claim 11, wherein the analyzing includes at least one of the following:
    - determining Domain Name System (DNS) information for the network packet;
      
      based on the DNS information, determining if a Domain Generation Algorithm (DGA) was used to generate a domain name of a domain associated with the network packet; and
      
      based on log information associated with at least one group, checking the network information for security threats.
  - 17. The method of claim 16, wherein a result includes at least one of the following:
    - determining that the domain associated with the network packet is valid;
      
      determining that the domain associated with the network packet is invalid; and
      
      determining that the domain associated with the network packet requires an elevated scrutiny.
  - 18. The method of claim 17, wherein the elevated scrutiny includes applying a packet capture (PCAP) to further network packets associated with the domain.
  - 19. The method of claim 11, wherein the updating the security policy includes one or more of the following:
    - generating an enforcement policy associated with at least one group;
      
      collecting Packet Capture (PCAP) to analyze contents of the network packet associated with the at least one group; and
      
      modifying a monitoring policy associated with the at least one group.

20. A system for improving analytics in a distributed network, the system comprising:
- at least one processor operable to;
  
  execute a security policy on a network packet, wherein the security policy is associated with at least one group, the at least one group including at least one host;
  
  collect network information from the network packet;
  
  generate a result from an analysis;
  
  an analytics module operable to;
  
  analyze the network information with additional group information from the security policy, wherein the analyzing includes at least one of the following;
  
  determining Domain Name System (DNS) information for the network packet;
  
  based on the DNS information, determining if a Domain Generation Algorithm (DGA) was used to generate a domain name of a domain associated with the network packet; and
  
  based on log information associated with at least one group, checking the network information for security threats;
  
  a security policy module operable to;
  
  define the security policy; and
  
  update the security policy based on the generated result, wherein the updating includes one or more of the following;
  
  generating an enforcement policy associated with at least one group;
  
  applying Packet Capture (PCAP) to analyze contents of the network packet associated with at least one group; and
  
  modifying a monitoring policy associated with the at least one group.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
vArmour Networks Inc
Original Assignee
vArmour Networks Inc
Inventors
Shieh, Choung-Yaw

Granted Patent

US 10,193,929 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

METHODS AND SYSTEMS FOR IMPROVING ANALYTICS IN DISTRIBUTED NETWORKS

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

133 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

METHODS AND SYSTEMS FOR IMPROVING ANALYTICS IN DISTRIBUTED NETWORKS

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

133 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others