Passive security analysis with inline active security devices

摘要

This specification discloses techniques for facilitating network security analysis and attack response. In at least one implementation, the passive analysis system receives a copy of the network traffic, deeply analyzes the copy of the network traffic, and generates a security data point based on the deep analysis. The passive analysis system then provides a security data point to the active inline security device, which compares incoming network traffic with the security data point to detect a security event. [Selection] Figure 1