Abstract: The invention is a declarative language system and comprises a language as a tool for expressing network security policy in a formalized way. It allows the specification of security policy across a wide variety of networking layers and protocols. Using the language, a security administrator assigns a disposition to each and every network event that can occur in a data communications network. The event's disposition determines whether the event is allowed (i.e. conforms to the specified policy) or disallowed and what action, if any, should be taken by a system monitor in response to that event. Possible actions include, for example, logging the information into a database, notifying a human operator, and disrupting the offending network traffic.
Type:
Grant
Filed:
June 15, 2004
Date of Patent:
January 13, 2009
Assignee:
Securify, Inc.
Inventors:
Luis Filipe Pereira Valente, Geoffrey Howard Cooper, Robert Allen Shaw, Kieran Gerard Sherlock
Abstract: A system and method for a vulnerability assessment mechanism that serves to actively scan for vulnerabilities on a continuous basis and interpret the resulting traffic in context of policy is provided. Vulnerability information is presented within an enterprise manager system enabling the user to access vulnerability information, recommended remediation procedures, and associated network traffic. A studio mechanism is used to add scanners to the appropriate policies and control the scope and distribution of scans within the target network.
Type:
Grant
Filed:
April 29, 2004
Date of Patent:
November 11, 2008
Assignee:
Securify, Inc.
Inventors:
Geoffrey Cooper, Luis Filipe Pereira Valente, Derek P. Pearcy, Harry Alexander Richardson
Abstract: A method and apparatus for a network monitor internals mechanism that serves to translate packet data into multiple concurrent streams of network event data is provided. The data translation is accomplished by interpreting both sides of each protocol transaction.
Type:
Grant
Filed:
June 14, 2001
Date of Patent:
September 18, 2007
Assignee:
Securify, Inc.
Inventors:
Geoffrey Cooper, Robert Allen Shaw, Luis Filipe Pereira Valente, Kieran Gerard Sherlock
Abstract: A system and method for generating a human readable, e.g. English language, description of a formal specification of network security policy that allows non-technical staff within a user's organization to comprehend the policy. The description is simple enough to be understood, yet captures salient details of the policy.
Type:
Grant
Filed:
June 8, 2001
Date of Patent:
May 16, 2006
Assignee:
Securify, Inc.
Inventors:
Geoffrey Cooper, Kieran G. Sherlock, Bob Shaw, Luis Valente
Abstract: A method and apparatus ascertain which credential and which condition both from a network security policy best describe, respectively, information about initiator and target principals involved in an interaction, and tests performed on a state of an associated protocol event.
Type:
Grant
Filed:
June 14, 2001
Date of Patent:
March 22, 2005
Assignee:
Securify, Inc.
Inventors:
Geoffrey Cooper, Kieran G. Sherlock, Bob Shaw, Luis Valente
Abstract: The invention is a declarative language system and comprises a language as a tool for expressing network security policy in a formalized way. It allows the specification of security policy across a wide variety of networking layers and protocols. Using the language, a security administrator assigns a disposition to each and every network event that can occur in a data communications network. The event's disposition determines whether the event is allowed (i.e. conforms to the specified policy) or disallowed and what action, if any, should be taken by a system monitor in response to that event. Possible actions include, for example, logging the information into a database, notifying a human operator, and disrupting the offending network traffic.
Type:
Grant
Filed:
January 7, 2000
Date of Patent:
August 17, 2004
Assignee:
Securify, Inc.
Inventors:
Luis Filipe Pereira Valente, Geoffrey Howard Cooper, Robert Allen Shaw, Kieran Gerard Sherlock