Patent application number | Description | Published |
20090185507 | METHOD AND SYSTEM FOR DETERMINING TOPOLOGY OF A DYNAMIC NETWORK - The present invention provides a method and an apparatus for determining topology of a dynamic network in respect of which there is maintained network data containing (a) node data representing a set of nodes, (b) address data representing a respective MAC (Media Access Control) address of each node, and (c) connectivity data representing a respective connectivity of each node. The dynamic network is cyclically monitored so as to determine during each cycle new nodes that have been connected to the dynamic network since a previous cycle and vanished nodes that have been disconnected from the dynamic network since the previous cycle. The respective connectivity of each new node is determined by identifying a port in a switch to which the respective new node is connected. The network data is augmented so as to include node data representative of the new nodes, and the respective address data and connectivity data of each new node, while node data representative of each vanished node is removed from the network data, as well the respective address data and connectivity data thereof. At the end of each cycle the respective connectivity data of all nodes in the set are indicative of the respective network topology. | 07-23-2009 |
20100027551 | METHOD AND SYSTEM FOR RESTRICTING A NODE FROM COMMUNICATING WITH OTHER NODES IN A BROADCAST DOMAIN OF AN IP (INTERNET PROTOCOL) NETWORK - Method and system for restricting a first node in a broadcast domain of an IP (Internet Protocol) network from communicating with one or more other nodes. Each of the first node and the one or more other nodes has a respective translation table that maps an IP address to a respective physical address of all nodes with which the first node and the one or more other nodes have communicated. Embodiments of the invention describe obtaining communicated data including address resolution messages and accessing an address resolution table representative of address resolution activity in the network. Responsive to the communicated data indicating that the first node is communicating with other nodes, restricting the first node from communicating by generating and conveying a restricting address resolution message using information stored in the address resolution table, the restricting address resolution message including a substitute physical address. | 02-04-2010 |
20100315975 | METHOD AND SYSTEM FOR DETERMINING PHYSICAL CONNECTIVITY IN A DYNAMIC NETWORK - There are provided a system and a method of determining a physical connectivity of a new node connected to a dynamic communication network comprising a plurality of connecting nodes each comprising a plurality of ports. The method comprises: (a) responsive to automatically discovering a new node connected to the dynamic communication network, obtaining address data characterizing a network address of said discovered new node; (b) querying all known connecting nodes and generating a port dataset representing all ports thereof which have registered address data characterizing the network address of said discovered new node; (c) defining, by analyzing the generated port dataset, a port and respective connecting node which said discovered new node is directly connected to. | 12-16-2010 |
Patent application number | Description | Published |
20130275574 | ASSET DETECTION SYSTEM - A pluggable asset detection engine is used to identify devices within a network. The pluggable asset detection engine includes a set of pluggable discovery sensors and is adapted to identify particular address information of a particular computing device within a network, using a first pluggable discovery sensor in the set of discovery sensors, and send an identification of the particular address information of the particular computing device to an asset management system for inclusion of the particular address information in an asset repository managed by the asset management system. | 10-17-2013 |
20130275575 | NETWORK ADDRESS REPOSITORY MANAGEMENT - A first Internet protocol version 6 (IPv6) address of a particular computing device within a network is identified using a first passive discovery sensor performing a first discovery task. A second discovery task is caused to be performed using the first IPv6 address and an attribute of the particular computing device is identified from results of the second discovery task. The first IPv6 address and attribute of the particular device is added to a repository maintaining a record of detected IPv6 addresses within the network. In some instances, a first passive discovery sensor can be one of an event-based discovery sensor, a latent-type discovery sensor, and an indirect-type discovery sensor. | 10-17-2013 |
20130276053 | SYSTEM ASSET REPOSITORY MANAGEMENT - A plurality of system entities described in an asset repository are identified, the asset repository defining a particular hierarchical organization of the plurality of system entities within a computing environment. A particular system entity in the plurality of system entities is tagged with a particular tag. The particular system entity is associated with a particular security policy based on the particular system entity being tagged with the particular tag. The particular security policy is applied to system entities in the asset repository tagged with one or more tags in a particular set of tags including the particular tag. | 10-17-2013 |
20140208413 | SYSTEM AND METHOD FOR AN ENDPOINT HARDWARE ASSISTED NETWORK FIREWALL IN A SECURITY ENVIRONMENT - A method is provided in one example embodiment and includes receiving a traffic flow at a tamper resistant environment from an application, where the tamper resistant environment is separated from a host operating system. The method also includes applying a security token to the traffic flow and sending the traffic flow to a server. In specific embodiments, a security module may add information about the application to traffic flow. A trapping module may monitor for a memory condition and identify the memory condition. The trapping module may also, responsive to identifying the memory condition, initiate a virtual environment for the application, and check the integrity of the traffic flow. | 07-24-2014 |