The approaches described in this section could be pursued, but are not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
Computer networks of the type commonly used by large business enterprises typically consist of a network of networks spanning geographical distances ranging from different buildings to different continents. Each individual network may contain various devices such as routers, switches, Wireless Access Points, etc.
Each network device offers a variety of services, which may include SNMP, FTP and Telnet services. While these services provide for accessing the network device, they also serve as open doors to the network device for malicious access. While security measures such as SNMP community strings, firewalls, IDS (Intrusion Detection Systems), ACLs (Access Control Lists), and VPNs (Virtual Private Networks) try to prevent malicious use by hackers, the level of security in the network is not always known, especially as the security configurations on various network devices across the network change.
Further, a network may contain security devices from different vendors requiring different configurations.
In addition, the adoption of new legal requirements relating to privacy and control of personal information has led network administrators to have increased concern about whether network devices and networks as a whole comply with the legal requirements. The failure of a network to achieve legislative compliance may mean that an enterprise as a whole is non-compliant. For example, network administrators wish to determine whether networks are in compliance with the following legislation, for example: Gramm-Leach-Bliley Act; HIPAA; Sarbanes-Oxley Act; USA PATRIOT Act; California SB 1386; and FDA 21 CFR Part 11.
The adoption of the foregoing legislation means that what was once just good business sense now may be a legal requirement. Rather than just risking the loss of customers, companies now face fines and other ramifications when networks are non-compliant. The risk of government involvement, in turn, would lead an increased risk that current and potential customers of an enterprise would know about its security failures.
These requirements also come at a time in which enterprises are opening their networks up to an ever-growing community of outside users. This means that companies must identify, authorize, and track users. Any attempted security breaches must be spotted and dealt with. In other words, security event management has become an integral part of legal compliance.
Bringing security up to regulatory standards can require many different changes in networks, such as consolidating databases that contain sensitive information and installing better identification and authorization software. Regulatory compliance requires that companies know their users and systems, and security event management lies at the heart of this process. However, past solutions and approaches are not designed to meet the foregoing challenges. Therefore, there is a clear need for improved network security audit approaches.