US2020014709A1PendingUtilityA1

Configuration management for network activity detectors

60
Assignee: EVENGX LLCPriority: Mar 12, 2013Filed: Sep 17, 2019Published: Jan 9, 2020
Est. expiryMar 12, 2033(~6.7 yrs left)· nominal 20-yr term from priority
Inventors:John S. Flowers
H04L 63/1416H04L 63/20H04L 63/0209H04L 63/0227
60
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Network activity detectors, such as firewalls, communicate with one another to form a Unified Threat Management System. A first network activity detector sends a request for configuration settings to a second network activity detector. The second network activity detector sends a set of configuration settings in response to the request. The configuration settings include information for detecting digital security threats and/or for responding to detected digital security threats. In this way, configuration settings are propagated from one network activity detector to another so that network activity detectors within a UTMS system are configured consistently, e.g., have up-to-date information for detecting and/or responding to digital security threats.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method of promoting security of a computer network, the method comprising:
 sending, by a first network activity detector of a first device coupled with a network, a request for configuration information to a second network activity detector of a second device identified as being a source of configuration information, wherein the second device is coupled with the network, wherein the configuration information includes a set of information for detecting digital security threats, wherein the first device is separate and distinct from the second device;   receiving, by the first network activity detector, the configuration information from the second network activity detector; and   sending, by the first network activity detector, the configuration information to a third network activity detector of a third device, wherein the third device is separate and distinct from the first device and the second device.   
     
     
         2 . The method of  claim 1 , wherein the request is sent using a UDP network packet. 
     
     
         3 . The method of  claim 1 , wherein:
 the configuration information sent by the first network activity detector to the third network activity detector is at least partially encrypted; and   the encryption of the configuration information is based on one or more of a MAC address of the third network activity detector, a process identifier of an operating environment running on the third network activity detector, and a serial number of a processor of the third network activity detector.   
     
     
         4 . The method of  claim 1 , further comprising creating another set of configuration information. 
     
     
         5 . The method of  claim 1 , further comprising:
 receiving, from the third network activity detector, a request for the configuration information; and
 instructing, by the first network activity detector, the third network activity detector to send future requests for configuration information to a fourth network activity detector, 
 wherein the fourth network activity detector is different from the first network activity detector. 
   
     
     
         6 . The method of  claim 5 , further comprising:
 instructing, by the first network activity detector, the fourth network activity detector to respond to requests for configuration information.   
     
     
         7 . A non-transitory computer-readable storage medium having computer-executable instructions, wherein the computer-executable instructions, when executed by one or more computer processors, cause the one or more computer processors to promote security of a computer network, the computer-executable instructions comprising instructions for:
 sending, by a first network activity detector of a first device coupled with the network, a request for configuration information to a second network activity detector of a second device identified as being a source of configuration information, wherein the second device is coupled with the network, wherein the configuration information includes a set of information for detecting digital security threats and wherein the first device is separate and distinct from the second device;   receiving, from the second network activity detector, by the first network activity detector, the configuration information; and   sending, by the first network activity detector, the configuration information to a third network activity detector of a third device, wherein the third device is separate and distinct from the first device and the second device.   
     
     
         8 . The non-transitory computer-readable storage medium of  claim 7 , wherein the request is sent using a UDP network packet. 
     
     
         9 . The non-transitory computer-readable storage medium of  claim 7 , wherein:
 the configuration information sent by the first network activity detector to the third network activity detector is at least partially encrypted; and   the encryption is based on one or more of a MAC address of the third network activity detector, a process identifier of an operating environment running on the third network activity detector, and a serial number of a processor of the third network activity detector.   
     
     
         10 . The non-transitory computer-readable storage medium of  claim 7 , wherein the computer-executable instructions further comprises instructions for creating another set of configuration information. 
     
     
         11 . The non-transitory computer-readable storage medium of  claim 7 , wherein the computer-executable instructions further comprises instructions for:
 receiving, from the third network activity detector, a request for the configuration information; and   instructing, by the first network activity detector, the third network activity detector to send future requests for configuration information to a fourth network activity detector,   wherein the fourth network activity detector is different from the first network activity detector.   
     
     
         12 . The non-transitory computer-readable storage medium of  claim 11 , wherein the computer-executable instructions further comprises instructions for:
 instructing, by the first network activity detector, the fourth activity detector to respond to requests for configuration information.   
     
     
         13 . The computer-readable storage medium of  claim 7 , wherein the second network activity detector is in a predefined operating mode. 
     
     
         14 . A first network activity detector of a first device, the first network activity detector comprising:
 a network interface configured to couple with a network; and   a processor configured to:
 send a request for configuration information across the network to a second network activity detector of a second device identified as being a source of configuration information, wherein the configuration information includes a set of information for detecting digital security threats, and wherein the first device is separate and distinct from the second device, 
 receive the configuration information from the second network activity detector; and 
 send the configuration information to a third network activity detector of a third device, the third device being separate and distinct from the first and second devices. 
   
     
     
         15 . The first network activity detector of  claim 14 , wherein the request is sent using a UDP network packet. 
     
     
         16 . The first network activity detector of  claim 14 , wherein the network activity detector is a first network activity detector, and wherein:
 the configuration information sent by the first network activity detector to the third network activity detector is at least partially encrypted; and   the encryption is based on one or more of a MAC address of the third network activity detector, a process identifier of an operating environment running on the third network activity detector, and a serial number of a processor of the third network activity detector.   
     
     
         17 . The first network activity detector of  claim 14 , wherein the processor is further configured to create another set of configuration information. 
     
     
         18 . The first network activity detector of  claim 14 , wherein the network activity detector is a first network activity detector and the processor of the first network activity detector is further configured to:
 receive, from the third network activity detector, a request for the configuration information; and   instruct, by the first network activity detector, the third network activity detector to send future requests for configuration information to a fourth network activity detector,   wherein the fourth network activity detector is different from the first network activity detector.   
     
     
         19 . The first network activity detector of  claim 18 , wherein the processor is further configured to:
 instruct, by the first network activity detector, the fourth activity detector to respond to requests for configuration information.   
     
     
         20 . The network activity detector of  claim 15 , wherein the second network activity detector is in a predefined operating mode.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.