| 发明名称 |
RICH METADATA-BASED NETWORK SECURITY MONITORING AND ANALYSIS |
| 摘要 |
Network security monitoring for external threats is provided that is based on rich metadata collected from internal network traffic that is analyzed for anomalies against a behavior baseline to detect the external threats. Rich metadata includes but is not limited to the information typically found in the headers of every layer of telecommunication protocols describing the communication between network entities. |
| 申请公布号 |
US2016191549(A1) |
申请公布日期 |
2016.06.30 |
| 申请号 |
US201514876553 |
申请日期 |
2015.10.06 |
| 申请人 |
Glimmerglass Networks, Inc. |
发明人 |
Nguyen An;He Xiongwei;Miille Jerry;Ernst Steve;Wong Jason C. |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for monitoring a computer network for external threats comprising:
employing a data processing application element on a processing apparatus with nonvolatile storage and a DNS server for:
tapping into network traffic at critical points of an internal data network;providing direct links to bring tapped traffic to metadata probes;causing the metadata probes to automatically extract rich metadata of traffic flow, the rich metadata being at least information found in headers of every layer of protocols associated with digital communication and describing communication between network entities;aggregating the extracted metadata into a data cluster; andproviding an insight report on the data cluster to an output element for use by security analysts for analyzing dataflow for the external threats. |
| 地址 |
Hayward CA US |
