Abstract: A network device used to provide network security includes an interface configured to receive data transmitted over a network. The network device also includes a firewall, intrusion detection logic and forwarding logic. The firewall, intrusion detection logic and forwarding logic process the received data to determine whether the data contains malicious content. When the data contains malicious content, the data may be dropped before it reaches a user device to which the received data was sent. Optionally, the network device may interact with an external device in order to make the forwarding decision. In addition, the network device may subscribe to services offered by the external device to receive updated security information.

Abstract: An approach for providing managed security services is disclosed. A database, within a server or a pre-existing anomalous event detection system, stores a rule set specifying a security policy for a network associated with a customer. An anomalous detection event module is deployed within a premise of the customer and retrieves rule sets from the database. The anomalous detection event module monitors a sub-network of the network based on the rule sets. The anomalous event detection module is further configured to self-organize by examining components of the network and to monitor for anomalous events according to the examined components, and to self-provision by selectively creating another instance of the anomalous detection event module to monitor another sub-network of the network.

Abstract: A system for malicious code detection includes a front-end processor, multiple scanning computer systems, and a detection management system. During operation, the multiple scanning computer systems scan content for malicious code and generate an alarm when the content contains malicious code. The front-end processor receives a flow of content from an external network and distributes copies of the flow to each of the multiple scanning computer systems in parallel for scanning. The detection management system employs a countermeasure on the flow if at least one of the scanning computer systems generates the alarm.

Abstract: A network device used to provide network security includes an interface configured to receive data transmitted over a network. The network device also includes a firewall, intrusion detection logic and forwarding logic. The firewall, intrusion detection logic and forwarding logic process the received data to determine whether the data contains malicious content. When the data contains malicious content, the data may be dropped before it reaches a user device to which the received data was sent. Optionally, the network device may interact with an external device in order to make the forwarding decision. In addition, the network device may subscribe to services offered by the external device to receive updated security information.

Abstract: An approach for providing managed security services is disclosed. A database, within a server or a pre-existing anomalous event detection system, stores a rule set specifying a security policy for a network associated with a customer. An anomalous detection event module is deployed within a premise of the customer and retrieves rule sets from the database. The anomalous detection event module monitors a sub-network of the network based on the rule sets. The anomalous event detection module is further configured to self-organize by examining components of the network and to monitor for anomalous events according to the examined components, and to self-provision by selectively creating another instance of the anomalous detection event module to monitor another sub-network of the network.