TR2023018043A2 - A SYSTEM PROVIDING AUTOMATIC SECURITY IN NETWORK MANAGEMENT - Google Patents

Abstract

This invention relates to a system (1) in network management that ensures that network devices and software are automatically updated with the latest security patches and updates to help protect the network from vulnerabilities that attackers can use.

Description

DESCRIPTION A SYSTEM PROVIDING AUTOMATED SECURITY IN AG MANAGEMENT Technical Field This invention aims to protect the network from vulnerabilities that attackers can use in network management. the latest security updates to help protect network devices and software. A system that allows automatic patching and updates It's about the system. Prior Art Security vulnerabilities that may arise against attackers in network management are constantly being investigated. is being followed. Network devices and software various updates and security It is tried to be protected against all kinds of security vulnerabilities with patches. Especially Patches to network devices and software in large and complex network environments Tasks of Network Operations Center (NOC) teams are done manually It is quite challenging. Predicting the effect of patches is among the existing studies in the art. process by prioritizing, prioritizing, and reducing the risk of service interruption. No system has been found that helps automate and facilitate.

For this reason, the studies and deficiencies in the current technique are taken into consideration. security measures that can be used by attackers in network management. to help protect network devices and software from vulnerabilities automatically with the latest security patches and updates. It is understood that a system that provides

USÖ477703B1 obtained as a result of the research in the state of the art software update system in the United States patent document No. is mentioned.

The invention subject to the patent document in question will be installed on the computer system. A patch selection system that provides a method and apparatus for identifying software patches. is the intermediary; In this vehicle, the software applications installed on the computer system are versions as well as currently installed patches, products and versions. is defined. Initial list of recommended patches, installed products and datasheet selected It is created based on the combination of a verified list of products; bad or Create a final list by modifying the first list to remove outdated patches. is created.

Brief Description of the Invention The purpose of this invention is to provide security measures that can be used by attackers in network management. to help protect network devices and software from vulnerabilities automatically with the latest security patches and updates. To realize a system that provides

Another purpose of the invention is to enable network operations teams to access network devices and software. informed decisions about when to apply patches and how to apply them network devices and software to help them receive software patches. To realize a system that estimates the impact and priority on

Detailed Description of the Invention In order to achieve the purpose of this invention, "Automatic System in Network Management" "A System That Provides Security" is shown in the figure below; Figure 1 is the schematic view of the system subject to the invention.

The parts in the figure are numbered one by one, and the corresponding numbers are is given below: 1. System 2. Database 3. Server In network management, the security vulnerabilities that attackers can exploit the latest security updates to help protect network devices and software. A system that allows automatic patching and updates - types of devices on the network, current software versions, history of failures patches are configured to record data in the form of network traffic status. at least one database (2), -communication with the database (2) using any remote communication protocol to classify the data in the database (2) and to determine when and where patches should be applied. patches using machine learning approaches to determine how to apply them. predicting the impact, prioritizing, changing network conditions and patch results periodically feeding and analyzing data in the database (2) At least one device configured to automatically provide patch management by It contains server (3).

The database (2), router, switch, security system in the system (1) that is the subject of the invention type of through-wall network devices, manufacturer of the network device, specific model of the device information, version of the software currently running on the device, severity level, release date Details of the patch, including its description and description, can be found in the previous patch for the same network device. Information about whether the patches were successful or caused problems, current network traffic load, CPU usage, memory usage and error rates on the device Measurements related to device performance in the form of, the location of the device in the network topology, whether a patch has dependencies on other patches or configurations information, the importance of the device to the organization's operations, the day and time when application is planned, planned maintenance where patches can be applied periods, known security vulnerabilities on the device that the patch addresses, network changes It is configured to record historical information about and effects.

The server (3) in the system (1) subject to the invention accesses the data on the database (2). It is configured to access and save data on the database (2).

Regarding the patch activities and results recorded in the server (3) database (2) meaningful data collection by collecting device information, patch details, network metrics and historical data. It is structured to create features. Server (4) determines the effect of patches and priority with ensemble learning algorithm approaches understanding complex relationships in data by classifying data and how different patches relate to the network. It is structured to predict its effects. Server (3) ensures the security of the network Patches that directly affect the security of the network and need to be applied urgently Patches that slightly affect or are necessary to improve performance are usually To fix minor bugs or improve user experience patches that have caused problems on similar devices in the past or Incompatible patches are non-security or performance critical. and patches, which are often optional, have failed similar devices in the past Predicting the effects and priorities of patches by identifying classes in the form of patches It is structured as follows. Server (3) can be used differently in networks with different types of features. It is structured to create a large number of classes. Server (3) machine learning to adapt the model to changing network conditions and patch results. It is configured to periodically retrain with data.

Application of the invention to industry In the system (1) subject to the invention, the server (3) has the latest network devices and software. ensuring it is constantly up to date with security patches and updates Oversees patch management processes for This means that the network can be used by attackers. It helps protect against security vulnerabilities. Server (3) machine learning by predicting the impact of patches, prioritizing them and providing service helps automate and streamline this process, reducing the risk of outages It is possible. Network security teams need to know when and how to apply patches. patches to help users make informed decisions about their network devices. Estimates its impact and priority on For example, a certain device has a certain How does applying the patch affect network security and operations? can understand how it can affect you. Some patches work better on certain device types. It has been determined that some of them are safer in a certain period of time. can.

The system subject to the invention (1) provides network management tools that can be used by attackers. to help protect network devices and security vulnerabilities automatically with the latest security patches and updates for their software ensures its realization.

Around these basic concepts, the subject of invention is “Automated Security in Network Management”. It is possible to develop a wide variety of applications related to "A System That Provides (1)" and the invention cannot be limited to the examples described herein, it is essentially stated in the claims. as stated.

Claims (8)

STEMS . Network management ensures that network devices and software are automatically updated with the latest security patches and updates to help protect the network from vulnerabilities that attackers can use; - containing at least one database (2) configured to record data in the form of device types on the network, current software versions, past failed patches, network traffic status, and - communicating with the database (2) using any remote communication protocol classifying the data in the database (2), which is in a state of being, predicting the impact of patches with machine learning approaches to determine when and how to apply patches, prioritizing them, periodically feeding and analyzing the data in the database (2) by following changing network conditions and patch results, and patching. A system (1) characterized by at least one server (3) configured to automatically provide management. . Details of the patch, including the type of network devices such as routers, switches, firewalls, the manufacturer of the network device, the specific model information of the device, the version of software currently running on the device, severity rating, release date and description, whether previous patches for the same network device were successful or information about whether it causes problems, current network traffic load on the device, measurements of device performance in the form of CPU usage, memory usage, and error rates, the location of the device in the network topology, information about whether a patch has dependencies on other patches or configurations, the importance of the device to the organization's operations, whether the patch should be applied A system (1) as in claim 1, characterized by the planned day and time, planned maintenance periods in which patches can be applied, known security vulnerabilities in the device that the patch fixes, and a database (2) configured to record historical information of network changes and their effects. . A system (1) as in Request 1 or 2, characterized by a server (3) configured to access data on the database (2) and save data on the database (2). . A system (1) as in any of the above claims, characterized by a server (3) configured to create meaningful features by collecting device information, patch details, network measurements and historical data regarding patch activities and results recorded in the database (2). . A system (1) as in any of the above claims, characterized by the server (3) configured to understand the complex relationships in the data and predict the effects of different patches on the network by classifying the impact and priority of patches with ensemble learning algorithm approaches. . Patches that directly affect the security of the network and need to be applied immediately, patches that slightly affect the security of the network or are required to improve performance, patches that are generally made to fix minor bugs or improve the user experience, patches that have caused problems on similar devices in the past or are incompatible with other systems, security or performance A system (1) as in any of the above claims, characterized by a server (3) configured to predict the effects and priorities of patches by detecting classes of patches that are not critical and generally optional, patches that have failed on similar devices in the past. 7. A system (1) as in any of the above claims, characterized by the server (3) configured to create different numbers of servers in networks with different types of features. 8. A system (1) as in any of the above claims, characterized by the server (3) configured to periodically retrain the machine learning model with new data in order to adapt to changing network conditions and patch results.