| 发明名称 | Automated security analytics platform with pluggable data collection and analysis modules | ||
| 摘要 | Pluggable network security modules provide a collaborative response across plural networks by allowing modules associated with detection and neutralization of a network security threat to plug into a network security platform of other networks. Plugging the security modules in provides an automated insertion of detection and neutralization tools into the network security platform to respond to potential threats based upon proven successful responses at other networks. | ||
| 申请公布号 | US8973132(B2) | 申请公布日期 | 2015.03.03 |
| 申请号 | US201213677139 | 申请日期 | 2012.11.14 |
| 申请人 | Click Security, Inc. | 发明人 | Smith Brian;Kolbly Donovan;Willebeek-LeMair Marc |
| 分类号 | G06F21/00;H04L29/06;G06F17/00;G06F15/173 | 主分类号 | G06F21/00 |
| 代理机构 | Terrile, Cannatti, Chambers & Holland, LLP | 代理人 | Terrile, Cannatti, Chambers & Holland, LLP ;Holland Robert W. |
| 主权项 | 1. A method for maintaining network security, the method comprising: distributing a network security platform to each of plural networks, each network security platform having a sensor execution environment and an analysis execution environment; monitoring network activity for each of the plural networks with plural sensor modules running on the sensor execution environment of each of the plural network security platforms, the plural sensor modules storing monitored network activity in random access memory accessible by the analysis execution environment, the storing performed by a rowcreate events in one or more tables of the analysis execution environment; detecting a network threat with one or more of plural analysis modules running on the analysis execution environment of one of the network security platforms, the analysis modules having access to the one or more of tables, each table having plural rows, the analysis modules further having one or more bindings, each binding having at least one handler associated with at least one table for responding to predetermined network activity indicated by a binding of the analysis module to the one or more tables, the sensor module providing a monitored network activity to the one or more tables, the detecting performed by analysis of the stored monitored network activity at the one network security platform, the analysis initiated by one or more of the rowcreate events, wherein one or more of the bindings of the one or more analysis modules to the one or more of the rowcreate events invokes the one or more analysis modules to execute logic that analyzes network activity stored by the rowcreate event; in response to the detecting, generating an output by the one or more analysis modules and performing a rowupdate to one or more of the tables with the output, the rowupdate of the output binding to another of the analysis modules to invoke logic that neutralizes the network threat; and in response to detecting the network threat, distributing the one or more of plural analysis modules associated with the detection of the threat to the analysis execution environment of one or more other of the network security platforms. | ||
| 地址 | Austin TX US | ||