Patent · US Expired

Threat detection in a network security system

US7260844B1 · kind B1 · utility

132Cited by

16References

21Claims

0Family size

Assignee

ArcSight Inc · US

Inventors

Kenny Tidwell · Los Altos, US
Kumar Saurabh · Sunnyvale, US
Debabrata Dash · Richardson, US
Hugh S. Njemanze · Los Altos, US
Pravin Kothari · San Jose, US

Key dates

Filing date	Sep 3, 2003
Grant date	Aug 21, 2007
Priority date	—
Expiry date	Aug 21, 2025

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1425
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A network security system is provided that receives information from various sensors and can analyse the received information. In one embodiment of the present invention, such a system receives a security event from a software agent. The received security event includes a target address and an event signature, as generated by the software agent. The event signature can be used to determine a set of vulnerabilities exploited by the received security event, and the target address can be used to identify a target asset within the network. By accessing a model of the target asset, a set of vulnerabilities exposed by the target asset can be retrieved. Then, a threat can be detected by comparing the set of vulnerabilities exploited by the security event to the set of vulnerabilities exposed by the target asset.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.