Network security management is becoming a more difficult problem as networks grow in size and become a more integral part of organizational operations. Attacks on networks are growing both due to the intellectual challenge such attacks represent for hackers and due to the increasing payoff for the serious attacker. Furthermore, the attacks are growing beyond the current capability of security management tools to identify and quickly respond to those attacks. As various attack methods are tried and ultimately repulsed, the attackers will attempt new approaches with more subtle attack features. Thus, maintaining network security is on-going, ever changing, and an increasingly complex problem.
Computer network attacks can take many forms and any one attack may include many security events of different types. Security events are anomalous network conditions each of which may cause an anti-security effect to a computer network. Security events include stealing confidential or private information; producing network damage through mechanisms such as viruses, worms, or Trojan horses; overwhelming the network's capability in order to cause denial of service, and so forth.
There are many methods of detecting and protecting against hackers. For example, passwords, heuristic analysis of network activity, etc. may be used for such purpose. Recently, there has been work to generate central databases of hacker-related information that may be used to identify patterns indicative of intrusion activity, and respond accordingly. One example of such databases may found by reference to www.hackerwatch.org.
Unfortunately, information is manually collected and submitted to central hacker databases such as www.hackerwatch.org. While the aforementioned patterns may be identified automatically using a computer, responses to such pattern identification is also a manual process involving notification of the appropriate agencies, and reporting to the public via various security services.
There is thus a need for a system and method of automatically collecting hacker-related information in a central database, and then utilizing such information in an automated response.