-
公开(公告)号:US20230129786A1
公开(公告)日:2023-04-27
申请号:US18088284
申请日:2022-12-23
发明人: Blake Harrell Anderson , David McGrew , Vincent E. Parla , Jan Jusko , Martin Grill , Martin Vejman
摘要: In one embodiment, a service receives traffic telemetry data regarding encrypted traffic sent by an endpoint device in a network. The service analyzes the traffic telemetry data to infer characteristics of an application on the endpoint device that generated the encrypted traffic. The service receives, from a monitoring agent on the endpoint device, application telemetry data regarding the application. The service determines that the application is evasive malware based on the characteristics of the application inferred from the traffic telemetry data and on the application telemetry data received from the monitoring agent on the endpoint device. The service initiates performance of a mitigation action in the network, after determining that the application on the endpoint device is evasive malware.
-
公开(公告)号:US11563771B2
公开(公告)日:2023-01-24
申请号:US16693885
申请日:2019-11-25
摘要: In one embodiment, a telemetry exporter in a network establishes a tunnel between the telemetry exporter and a traffic analysis service. The telemetry exporter obtains packet copies of a plurality of packets sent between devices via the network. The telemetry exporter forms a set of traffic telemetry data by discarding at least a portion of one or more of the packet copies, based on a filter policy. The telemetry exporter applies compression to the formed set of traffic telemetry data. The telemetry exporter sends, via the tunnel, the compressed set of traffic telemetry data to the traffic analysis service for analysis.
-
公开(公告)号:US20220350913A1
公开(公告)日:2022-11-03
申请号:US17860217
申请日:2022-07-08
摘要: In one embodiment, a traffic analysis service that monitors a network obtains file metadata regarding an electronic file. The traffic analysis service determines a sensitivity score for the electronic file based on the file metadata. The traffic analysis service detects the electronic file within traffic in the network. The traffic analysis service causes performance of a mitigation action regarding the detection of the electronic file within the traffic, based on the sensitivity score of the electronic file.
-
公开(公告)号:US20220239678A1
公开(公告)日:2022-07-28
申请号:US17722131
申请日:2022-04-15
IPC分类号: H04L9/40
摘要: In one embodiment, a traffic inspection service executed by an intermediary device obtains, from a monitoring agent executed by an endpoint device, keying information for an encrypted traffic session between the endpoint device and a remote entity. The traffic inspection service provides a notification to the monitoring agent that acknowledges receipt of the keying information. The traffic inspection service uses the keying information to decrypt encrypted traffic from the encrypted traffic session. The traffic inspection service applies a policy to the encrypted traffic session between the endpoint device and the remote entity, based on the decrypted traffic from the session.
-
公开(公告)号:US20220210183A1
公开(公告)日:2022-06-30
申请号:US17696081
申请日:2022-03-16
IPC分类号: H04L9/40 , H04L61/4511
摘要: In one embodiment, a device in a network captures domain name system (DNS) response data from a DNS response sent by a DNS service to a client in the network. The device captures session data for an encrypted session of the client. The device makes a determination that the encrypted session is malicious by using the captured DNS response data and the captured session data as input to a machine learning-based or rule-based classifier. The device performs a mediation action in response to the determination that the encrypted session is malicious.
-
公开(公告)号:US11303574B2
公开(公告)日:2022-04-12
申请号:US16910380
申请日:2020-06-24
发明人: Michael Joseph Stepanek , Costas Kleopa , David McGrew , Blake Harrell Anderson , Saravanan Radhakrishnan
IPC分类号: H04L12/851 , H04L47/2441 , H04L47/2483 , H04L47/25 , H04L47/2475 , H04L49/35 , H04L29/06 , H04W12/12 , H04W12/122 , H04W12/128
摘要: In one embodiment, a networking device in a network detects an traffic flow conveyed in the network via the networking device. The networking device generates flow data for the traffic flow. The networking device performs a classification of the traffic flow using the flow data as input to a machine learning-based classifier. The networking device performs a mediation action based on the classification of the traffic flow.
-
公开(公告)号:US11140124B2
公开(公告)日:2021-10-05
申请号:US16722464
申请日:2019-12-20
IPC分类号: H04L29/12 , H04L29/08 , H04L29/06 , H04L12/851
摘要: In one embodiment, a device in a network receives domain name system (DNS) information for a domain. The DNS information includes one or more service tags indicative of one or more services offered by the domain. The device detects an encrypted traffic flow associated with the domain. The device identifies a service associated with the encrypted traffic flow based on the one or more service tags. The device prioritizes the encrypted traffic flow based on the identified service associated with the encrypted traffic flow.
-
公开(公告)号:US20210297454A1
公开(公告)日:2021-09-23
申请号:US17330641
申请日:2021-05-26
摘要: In one embodiment, a device in a network receives an access policy and a class behavioral model for a node in the network that are associated with a class asserted by the node. The device applies the access policy and class behavioral model to traffic associated with the node. The device identifies a deviation in a behavior of the node from the class behavioral model, based on the application of the class behavioral model to the traffic associated with the node. The device causes performance of a mitigation action in the network based on the identified deviation in the behavior of the node from the class behavioral model.
-
99.发明授权公开(公告)号:US11108810B2
公开(公告)日:2021-08-31
申请号:US16869726
申请日:2020-05-08
摘要: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.
-
公开(公告)号:US11038893B2
公开(公告)日:2021-06-15
申请号:US15595016
申请日:2017-05-15
摘要: In one embodiment, a device in a network receives an access policy and a class behavioral model for a node in the network that are associated with a class asserted by the node. The device applies the access policy and class behavioral model to traffic associated with the node. The device identifies a deviation in a behavior of the node from the class behavioral model, based on the application of the class behavioral model to the traffic associated with the node. The device causes performance of a mitigation action in the network based on the identified deviation in the behavior of the node from the class behavioral model.
-
-
-
-
-
-
-
-
-
搜索结果
150 条记录 (耗时 0.026 秒)
