Patent · US Active

Identities correlation infrastructure for passive network monitoring

US8584195B2 · kind B2 · utility

219Cited by

3References

27Claims

0Family size

Assignee

McAfee, LLC · US

Inventors

Kieran Gerard Sherlock · Palo Alto, US
Geoffrey Cooper · Palo Alto, US
John Richard Guzik · Sunnyvale, US
Derek Patton Pearcy · San Francisco, US
Luis Valente · Palo Alto, US

Key dates

Filing date	Sep 12, 2007
Grant date	Nov 12, 2013
Priority date	—
Expiry date	Mar 7, 2031

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/552
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

User names and user groups serve as the basis of a formal policy in a network. A passive monitor examines network traffic in near real time and indicates: which network traffic is flowing on the network as before; which users or user groups were logged into workstations initiating this network traffic; and which of this traffic conforms to the formal policy definition. In one embodiment of the invention, users and user groups are determined by querying Microsoft® Active Directory and Microsoft® Windows servers, to determine who is logged onto the Microsoft® network. Other sources of identity information are also possible. The identity information is then correlated with the network traffic, so that even traffic that does not bear on the Microsoft® networking scheme is still tagged with identity

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.