05796942 is referenced by 351 patents and cites 9 patents.

A network surveillance system includes a handler process (10) for capturing network packets and filtering invalid packets, a first and second continuously sorted record file (15a, 15b), and a scanner process (30) for scanning all sessions occurring on the network and checking for the presence of certain rules (38). When a rule is met, indicating a security incident, a variety of appropriate actions may be taken, including notifying a network security officer via electronic or other mail or recording or terminating a network session. The surveillance system operates completely independently of any other network traffic and the network file server and therefore has no impact on network performance. According to a further embodiment, the invention may include remote surveillance agents (100a-c) for gathering network packets at a remote location and transferring them to a server (110) for analysis by a network surveillance system.

Title
Method and apparatus for automated network-wide surveillance and security breach intervention
Application Number
8/749352
Publication Number
5796942
Application Date
November 21, 1996
Publication Date
August 18, 1998
Inventor
Daniel Esbensen
Kihei
HI, US
Agent
Thomas E O Connor Jr
Assignee
Computer Associates International
NY, US
IPC
G06F 13/00
G06F 11/00
View Original Source