Security system for protecting networks from vulnerability exploits

摘要

A system for protecting networks from vulnerability exploits comprises a security engine operable to receive a packet destined for a user's network and forward the packet to at least one host virtual machine for processing. The security engine is further operable to forward the stored packet to the user's internal network based upon a result of the processed packet. A method of securing a network from vulnerability exploits is described. The method comprises receiving a packet destined for a user's internal network; forwarding the packet to at least one virtual machine based upon a virtual machine configuration table; processing the forwarded packet on the at least one virtual machine; and releasing the packet to the user's internal network based upon results of the processing.

主权项

1. A security engine comprising:
a data store on which is stored a virtual machine configuration table that maintains a list of configured virtual machine instances; a packet buffer store logic that is to,
receive a plurality of packets;store the received plurality of packets;forward the received plurality of packets to the plurality of virtual machines based upon information contained in the virtual machine configuration table, wherein the virtual machines are to process the plurality of packets and to generate status information regarding whether or not the plurality of packets negatively affected the virtual machines to the security engine;receive the status information; andprocess the received status information to determine whether or not to release the received plurality of packets into an internal network.