Policy based capture with replay to virtual machine

  • US 8,291,499 B2
  • Filed: 03/16/2012
  • Issued: 10/16/2012
  • Est. Priority Date: 04/01/2004
  • Status: Active Grant
First Claim
Patent Images

1. An unauthorized activity capture system comprising:

  • a tap configured to copy network data from a communication network; and

    a controller coupled to the tap and configured to receive the copy of the network data from the tap, compare the copy of the network data to at least one policy to determine if the copy of the network data has one or more characteristics of a computer worm, flag at least a portion of the copy of the network data as suspicious by flagging the at least a portion of the copy of the network data for replay in an analysis environment based upon the determination that the at least a portion of the compared copy of the network data has one or more characteristics of a computer worm, and replay transmission of the suspicious, flagged network data copied from the communication network to a destination device.

View all claims
    ×
    ×

    Thank you for your feedback

    ×
    ×