This application relates generally to network security and, more particularly, to network security software tools having novel information retrieval and display capabilities.
Communication networks have become ubiquitous. As such networks grow in size and complexity, so does the volume of threats directed toward those networks. Viruses, denial of service attacks and other unanticipated vulnerabilities that could permit unauthorized access to network resources have become pervasive and, with the increasing volume of traffic across communication networks, have become harder to detect.
Threat management software tools that alert system administrators to events that may present a threat to communications networks have become more popular. Such tools monitor network traffic for various forms of suspicious behavior, for example, if a computer at a particular IP address is scanning a large number of other IP addresses. Such behavior could indicate the presence of a worm or virus or an attempt to gain unauthorized access to a computer at one of the target IP addresses. One skilled in the art will recognize that myriad different threats to network data and communications exist that require detection and prevention.
One limitation with current threat management tools is that they are often unwieldy to use. For example, when an alert is generated, it is very important to be able to identify the location of a particular IP address within a network as well as the identity of the person who is assigned to that IP address. Some or all of such information may be only available in a stand alone database either internal or external to an organization. However, current threat management tools are not integrated with internal and external databases. Therefore, when an alert indicating suspicious activity originating or destined for a particular IP address is received, it is often difficult to accurately analyze the threat, requiring a security analyst to undertake a manual search of various sources of information in an attempt to resolve the threat. While the IP address may be associated with a particular user, the location of the user's computer and the identity of the user are typically not readily available. This results in frustration on the part of security analysts and delays in addressing security threats as they arose.