NETWORK TRAFFIC FILTERING AND ROUTING FOR THREAT ANALYSIS

摘要

Implementations disclosed herein provide a managed security service that distributes processing tasks among a number of network security modules working in parallel to process component portions of a replayed network traffic stream. If a network security module detects a potential security threat, the network security module may generate a delivery request specifying other information potentially useful in further investigation of the potential security threat. The delivery request is communicated to a plurality of other processing entities, such as the other network security modules, and any processing entity currently receiving the requested information may respond to the delivery request. Once a source of the requested information is determined, the requested information is routed to the origin of the request.

主权项

1. One or more tangible computer-readable storage media encoding computer-executable instructions for executing a computer process that facilitates shattering and dynamic redirection of network traffic for threat investigation, the computer process comprising:
receiving, at a first processing module, a subset of a network traffic stream; identifying a potential security threat in the received subset; communicating a delivery request to a plurality of other processing modules, each of the other processing modules simultaneously receiving and processing data of the network traffic stream, wherein the delivery request defines a requested portion of the network traffic stream including information for investigating the potential security threat that is not currently received by the first processing module; and responsive to the delivery request, routing the requested portion of the replayed network stream to the first processing module.