1. Field of the Invention
Embodiments of the present invention generally relate to anomaly detection systems and, more particularly, to a method and apparatus for suppressing duplicate alarms in a communications network, such as an enterprise environment.
2. Description of the Related Art
Presently, the volume of detected security events within an enterprise environment network can produce an overwhelming quantity of alarms. However, a significant portion of these alarms are recurring duplicates. Therefore, these duplicate alarm messages need to be intelligently suppressed from being processed and/or displayed at a central management console. Failure to do so may create a denial of service condition against a cyber security team, or alternatively overwhelm a network operator viewing a monitoring display. For example, during the outbreak of a cyber security event such as a virus or worm, the number of alarms may be excessive and can overwhelm a cyber security team. Similarly, many commercial system vendors often provide scrolling windows to receive and view the flow of alarm messages. Some vendors provide “freeze” and “continue” buttons to halt the scrolling alarms so they can be examined. However, these solutions are not completely effective because the duplicated alarms make it difficult for other alarm messages to be discerned.
Thus, there is a need in the art for a method and apparatus for suppressing duplicate alarms.