Methods and apparatus for monitoring and reporting network activity of applications on a group of host computers
US7891000B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Aug 5, 2005 |
| Grant date | Feb 15, 2011 |
| Priority date | — |
| Expiry date | Mar 1, 2029 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L69/16
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A security management system provides rules for monitoring network activity of applications to groups of host, computers, specifically activity indicating that communications mechanisms have been established (i.e. open TCP ports) but are receiving little or no use (i.e., few connection acceptances). Agents on the hosts utilize monitoring software inserted between the applications and the network protocol stacks. The agents store network activity data gathered during the monitoring in local storage, and periodically upload the data to a centralized server in a compressed and optionally encrypted fashion. The server uses the uploaded data from all hosts to update a security management database reflecting the network activity of all the hosts. Reports may be generated to identify activity that may present security risks, such as open but inactive ports, to enable a network administrator to take remedial action such as de-activating or de-installing applications.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.