Network traffic such as IP traffic (including IP messaging events traffic) is growing voluminously and with such growth comes attendant increases in challenges and security threats.
There are well known methods for collection of such data from the network including for example mass collection of statistics on IP traffic from the network.
However identifying such threats within such voluminous traffic much of which is normal benign traffic, presents major challenges, including performance challenges.
Also collecting all data has drawbacks in terms of being able to receive targeted pertinent information for analysis. It is neither desirable or practical for resource constrained services such as for example security services, which can be required to do resource intensive data analysis and detailed processing, to receive all traffic, in the context of such voluminous traffic. Rather there is a need to have traffic that is of interest to such a service to be selectively sent to it, and the bulk of the traffic not being sent to the resource constrained service but being offloaded to more capacious communication channels or pipes.
Further the threat landscape is constantly evolving and what is increasingly demanded, including from operators (such as mobile or fixed telecom operators), enterprises and consumers is a more comprehensive approach to threat detection, control and mitigation.
Static routing is well known in the art for splitting traffic between different destinations, and can be used to differentiate communications based on routing rules defining interfaces to be used for different IP subnets of traffic. Examples of such systems are disclosed in US patent publication numbers US2004/268147; US2006/037075; US2008/282080 and US2010/223669. The systems do not however allow steering decisions about traffic to be made dynamically either in response to traffic type, originating application, general security threat levels prevalent at the time or other factors. Thus there is a lack of dynamic control as to which data is sent over which communications channel.
Therefore there is a need for dynamic methods to target and collect suspicious traffic and dynamic methods for security threat detection, mitigation and control.
It is therefore an object of the invention to provide a dynamic traffic steering system and method in a network.