Managing networks can largely be a matter of risk management and decision support. Network administrators want to minimize the risk of events such as equipment failure while, at the same time, maximize performance such as high bandwidth. These types of management tasks bring with them a number of types of data management problems. For example, for failures in the network, the types of questions that an administrator needs to ask depend upon the current context: such as how, where and when did the event occur. Further, the desired context may change during the course of an inquiry. For example, the question that ultimately leads to an answer to a network problem may be quite different than the one with which the administrator began.
Assuming that detailed information about a network is available, effective navigation through such large amounts of information generally requires hierarchical summarization. For example, the schema for locating an event might be represented using the following: region, city, network, segment, device, operating system and version. Further, the level of detail needed can change during the course of an inquiry. For example, in order to solve a particular problem in the southwest region of a network, the network administrator may need to identify the particular version of the operating system on a specific device in that region of the network. Other problems may not need that level of granularity.
Further, not only do network administrators worry about operational problems with the network, they should also manage the detection of and response to unauthorized intrusions into the network. Such intrusion events need to be addressed to prevent or limit any exposure of critical data. To help in this task, there are a number of conventional intrusion detection systems available that can monitor the network and detect intrusion events. Some of these system can also automatically respond to certain types of intrusion. The NETRANGER product, available from CISCO SYSTEMS, INC., is one example of such an intrusion detection system. Further, there are products that allow an administrator to assess, in general, what vulnerabilities exist in the network. The NETSONAR product, available from CISCO SYSTEMS, INC., is one example of such a network vulnerability assessment system.
Although conventional security systems can ease the task of network administration, it is desirable to provide a system that allows both robust viewing of network configuration and vulnerability details as well as ongoing detection of and response to unauthorized intrusions into the network.