A security management system includes a fusion engine which "fuses" or assembles information from multiple data sources and analyzes this information in order to detect relationships between raw events that may indicate malicious behavior and to provide an organized presentation of information to consoles without slowing down the processing performed by the data sources. The multiple data sources can comprise sensors or detectors that monitor network traffic or individual computers or both. The sensors can comprise devices that may be used in intrusion detection systems (IDS). The data sources can also comprise firewalls, audit systems, and other like security or IDS devices that monitor data traffic in real-time. The present invention can identify relationships between one or more real-time, raw computer events as they are received in real-time. The fusion engine can also assess and rank the risk of real-time raw events as well as mature correlation events.

 
Web www.patentalert.com

< Asynchronous messaging using a node specialization architecture in the dynamic routing network

< Ternary content addressable memory based multi-dimensional multi-way branch selector and method of operating same

> Method and apparatus for compiling source code to configure hardware

> Portable operating environment for information devices

~ 00281