Abstract: Precorrelation of data applied to use cases by a module intermediate to the data and use cases provides normalized data across multiple sources for more effective analysis. For example, network sensors provide network telemetry to a precorrelation core, which extracts and normalizes the data to correlate actors to events. Universal actor correlation improves visualizations by creating a mesh of events tied to each other through a common actor.
Abstract: Active memory for managing network telemetry information, or other types of information stored as objects, has objects partially-serialized to allow greater amounts of information to store in a memory of a given size with slightly increased retrieval times. Storing additional information in an active memory provides an overall increase in network security platform responsiveness by allowing a greater amount of information to be accessible from the active memory instead of archive.
Abstract: A network security platform stores network telemetry information in an active memory, such as DRAM, and analyzes the network telemetry information to detect and respond to network security threats. Using a common active memory to store sensed network telemetry information and analyze that information provides a real-time dataflow engine for detecting security threats and neutralizing detected threats.
Abstract: Visualization agnostic selection linked portlets provide a tree from a parent to one or more children that present each portlet with its own visualization and data synchronized with a root portlet based upon related filters. Each portlet uses its visualization to display a data set derived by applying its filter in conjunction with the filters of its ancestors. Each portlet then presents data that is at most the same size as its root in a visualization adapted to the child's type and quantity of data.
Abstract: Pluggable network security modules provide a collaborative response across plural networks by allowing modules associated with detection and neutralization of a network security threat to plug into a network security platform of other networks. Plugging the security modules in provides an automated insertion of detection and neutralization tools into the network security platform to respond to potential threats based upon proven successful responses at other networks.
Type:
Grant
Filed:
November 14, 2012
Date of Patent:
March 3, 2015
Assignee:
Click Security, Inc.
Inventors:
Brian Smith, Donovan Kolbly, Marc Willebeek-LeMair
Abstract: Precorrelation of data applied to use cases by a module intermediate to the data and use cases provides normalized data across multiple sources for more effective analysis. For example, network sensors provide network telemetry to a precorrelation core, which extracts and normalizes the data to correlate actors to events. Universal actor correlation improves visualizations by creating a mesh of events tied to each other through a common actor.
Abstract: Active memory for managing network telemetry information, or other types of information stored as objects, has objects partially-serialized to allow greater amounts of information to store in a memory of a given size with slightly increased retrieval times. Storing additional information in an active memory provides an overall increase in network security platform responsiveness by allowing a greater amount of information to be accessible from the active memory instead of archive.
Abstract: A network security platform stores network telemetry information in an active memory, such as DRAM, and analyzes the network telemetry information to detect and respond to network security threats. Using a common active memory to store sensed network telemetry information and analyze that information provides a real-time dataflow engine for detecting security threats and neutralizing detected threats.
Abstract: Pluggable network security modules provide a collaborative response across plural networks by allowing modules associated with detection and neutralization of a network security threat to plug into a network security platform of other networks. Plugging the security modules in provides an automated insertion of detection and neutralization tools into the network security platform to respond to potential threats based upon proven successful responses at other networks.
Type:
Application
Filed:
November 14, 2012
Publication date:
May 15, 2014
Applicant:
Click Security, Inc.
Inventors:
Brian Smith, Donovan Kolbly, Marc Willebeek-LeMair
Abstract: Visualization agnostic selection linked portlets provide a tree from a parent to one or more children that present each portlet with its own visualization and data synchronized with a root portlet based upon related filters. Each portlet uses its visualization to display a data set derived by applying its filter in conjunction with the filters of its ancestors. Each portlet then presents data that is at most the same size as its root in a visualization adapted to the child's type and quantity of data.