Patent · US Active

Threat detection in a network security system

US7861299B1 · kind B1 · utility

19Cited by

40References

29Claims

0Family size

Assignee

ArcSight Inc · US

Inventors

Kenny Tidwell · Los Altos, US
Kumar Saurabh · Sunnyvale, US
Debabrata Dash · Richardson, US
Hugh S. Njemanze · Los Altos, US
Pravin Kothari · San Jose, US

Key dates

Filing date	Aug 9, 2007
Grant date	Dec 28, 2010
Priority date	—
Expiry date	Sep 29, 2028

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1425
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A network security system is provided that receives information from various sensors and can analyze the received information. In one embodiment of the present invention, such a system receives a security event from a software agent. The received security event includes a target address and an event signature, as generated by the software agent. The event signature can be used to determine a set of vulnerabilities exploited by the received security event, and the target address can be used to identify a target asset within the network. By accessing a model of the target asset, a set of vulnerabilities exposed by the target asset can be retrieved. Then, a threat can be detected by comparing the set of vulnerabilities exploited by the security event to the set of vulnerabilities exposed by the target asset.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.