logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 7089428 B1

PDFFull Text
Date of Patent:
Aug. 08, 2006

Filed:

Apr. 27, 2001

Method and system for managing computer security information

Applicants:

Timothy P. Farley, Atlanta, GA (US);

John M. Hammer, Norcross, GA (US);

Bryan Douglas Williams, Lawrenceville, GA (US);

Philip Charles Brass, Roswell, GA (US);

George C. Young, Norcross, GA (US);

Derek John Mezack, Marietta, GA (US);

Inventors:

Timothy P. Farley, Atlanta, GA (US);

John M. Hammer, Norcross, GA (US);

Bryan Douglas Williams, Lawrenceville, GA (US);

Philip Charles Brass, Roswell, GA (US);

George C. Young, Norcross, GA (US);

Derek John Mezack, Marietta, GA (US);

Assignee:

Internet Security Systems, Inc., Atlanta, GA (US);

Attorney:

King & Spalding LLP

Primary Examiner:

Gilberto Barron Jr

Assistant Examiner:

Grigory Gurshman

Int. Cl.
CPC ...
G06F 11/30 (2006.01); G06F 12/14 (2006.01); H04L 9/00 (2006.01); H04L 9/32 (2006.01);
U.S. Cl.
CPC ...
Abstract

A security management system includes a fusion engine which 'fuses' or assembles information from multiple data sources and analyzes this information in order to detect relationships between raw events that may indicate malicious behavior and to provide an organized presentation of information to consoles without slowing down the processing performed by the data sources. The multiple data sources can comprise sensors or detectors that monitor network traffic or individual computers or both. The sensors can comprise devices that may be used in intrusion detection systems (IDS). The data sources can also comprise firewalls, audit systems, and other like security or IDS devices that monitor data traffic in real-time. The present invention can identify relationships between one or more real-time, raw computer events as they are received in real-time. The fusion engine can also assess and rank the risk of real-time raw events as well as mature correlation events.

Find Patent Forward Citations

Loading…