公开(公告)号：US11546375B2

公开(公告)日：2023-01-03

申请号：US16578630

申请日：2019-09-23

Applicant: Barracuda Networks, Inc.

Inventor： Deepak Kumar ,  Anshu Sharma

IPC: H04L9/40 ,  H04L67/30 ,  H04L51/212 ,  H04L51/216 ,  H04L51/234

Abstract: External messaging attacks are detected using trust relationships. A profile is built for each target within an organization using extracted header data from multiple prior messages. Trust scores are derived for each sender of a message for each target profile, each trust score is derived from a degree and a quantity of communication between the respective sender and the target in the extracted header data. Incoming messages are received and a target and a sender of each incoming message is determined. A trust score is retrieved for the sender from the profile of the target for each incoming message, labels are generated for each of incoming message based on the respective trust score, and the respective label is applied to be visible to the target in association with the message for each respective message.

公开(公告)号：US11537412B2

公开(公告)日：2022-12-27

申请号：US17338474

申请日：2021-06-03

Applicant: Barracuda Networks, Inc.

Inventor： Martin Weisshaupt ,  Reinhard Staudacher ,  Christoph Rauchegger

IPC: G06F9/445 ,  H04L9/40 ,  H04L67/141

Abstract: A new approach is proposed that contemplates systems and methods to support utilizing security device plugins for external device control and monitoring in a secured environment. A plugin that implements one or more functionalities to communicate with and to control operations of an external device is provided to a network security device/appliance. The plugin is then loaded to the network security appliance and integrated with a software running on the network security device, wherein the software obtains the functionalities offered by the plugin. A communication link is established between the plugin of the network security device and the external device following a communication protocol. The network security device is then configured to issue/receive one or more commands to/from the external device following the communication protocol to monitor and collect information from and/or control or be controlled by the external device remotely.

公开(公告)号：US11463409B2

公开(公告)日：2022-10-04

申请号：US17179972

申请日：2021-02-19

Applicant: Barracuda Networks, Inc.

Inventor： Martin Weisshaupt ,  Reinhard Staudacher ,  Christoph Rauchegger

IPC: H04L29/06 ,  H04L9/40 ,  G05B19/418 ,  H04L67/025 ,  H04L67/12

Abstract: A new network security device/appliance is proposed to not only protect, but also to control and operate an industrial IoT device. Specifically, the network security device is configured to detect and block cyber attacks such as viruses, hacking attempts, and other types of cyber threats launched from an outside network against the industrial IoT device based on a set of configurable rules. In addition, the network security device is further configured to control and operate the industrial IoT device remotely in response to the cyber attacks by issuing and communicating certain instructions/command to the industrial IoT device. Besides accepting and executing control command from the network security device, the industrial IoT device is also configured to send a request to the network security device to make certain adjustments to the rules concerning network traffic directed to the industrial IoT device.

公开(公告)号：US11356469B2

公开(公告)日：2022-06-07

申请号：US16899570

申请日：2020-06-11

Applicant: Barracuda Networks, Inc.

Inventor： Alexey Tsitkin ,  Marco Schweighauser ,  Nadia Korshun ,  Shachar Sapir ,  Fleming Shi

IPC: H04L9/40

Abstract: A new approach is proposed to support generating and presenting to a user cyber attack monetary impact estimation of a current or future cyber attack, which is used to stop monetary losses or to mitigate monetary impacts. First, both historic data and real time data on monetary impact of current and/or potential cyber attacks is continuously collected from a plurality of data pools. The collected data is then synchronized, correlated and filtered/cleansed once the data is available to create fidelity among the data from the plurality of data pools. The cyber attack monetary impact is calculated based on the correlated and cleansed data, and is presented to the user along with one or more suggested applications by the user in response to the cyber attack monetary impact, to mitigate the monetary impact of the current or future cyber attack.

公开(公告)号：US11250130B2

公开(公告)日：2022-02-15

申请号：US16549978

申请日：2019-08-23

Applicant: Barracuda Networks, Inc.

Inventor： Fleming Shi ,  Joseph Thomas Comeau

IPC: G06F21/56 ,  G06F21/62

Abstract: A new approach is proposed that contemplates systems and methods to support scanning through a file of large size without having to load the entire file into memory of single file parser or scanner. The proposed approach is configured to divide a ginormous file to be parsed and scanned into a plurality of sections following a divide and conquer scheme. The plurality sections of the file are then parsed and loaded to a plurality of file scanners each configured to scan its allocated file section of a certain file type. Each of the plurality of file scanners is then configured to extract and evaluate from its allocated section file parts that can be harmful to a user of the file and/or expose sensitive/protected information of the user. The scan results are then collected, analyzed, and report to a user with a final determination on the malicious content and sensitive data.

公开(公告)号：US20210136107A1

公开(公告)日：2021-05-06

申请号：US16898431

申请日：2020-06-10

Applicant: Barracuda Networks, Inc.

Inventor： Christopher B. Black ,  Grayson Carr ,  Jordan A. Petersen ,  Benjamin J. Hildebrand

IPC: H04L29/06 ,  H04L12/58

Abstract: A new approach is proposed to support autonomous similar and adjacent attack identification. First, an incident is created for a detected suspicious electronic message-borne attack at one user account with one tenant on an electronic communication platform. A plurality of insight events for similar or adjacent attacks are then generated automatically based on the detected attack and inserted into an insights queue. For each of the insight events in the insights queue, a search is conducted in a repository to identify a set of un-remediated attacks against user accounts of the same or different tenants on the electronic communication platform, wherein the set of un-remediated attacks are similar or adjacent to the detected attack. Insights on the identified un-remediated attacks against the user accounts in the same or different tenants that are similar or adjacent to the detected attack are automatically generated for an administrator and are remediated accordingly.

公开(公告)号：US20210075824A1

公开(公告)日：2021-03-11

申请号：US16949864

申请日：2020-11-17

Applicant: Barracuda Networks, Inc.

Inventor： Mohamed Hosam Afifi Ibrahim ,  Marco Schweighauser ,  Asaf Cidon

IPC: H04L29/06 ,  G06F9/54 ,  H04L12/58 ,  G06N5/02

Abstract: A new approach is proposed to support account takeover (ATO) detection based on login attempts by users. The approach relies on assessing fraudulence confidence level of login IP addresses to classify the login attempts by the users. A plurality of attributes/features in one or more user login data logs are extracted and used to build a labeled dataset for training a machine learning (ML) model that relies on statistics of the login attempts to classify and detect fraudulent logins. These attributes make it possible to ascertain if a login attempt or instance by a user is suspicious based on the ML model. In some embodiments, the ML model is trained using anonymized user login data to preserve privacy of the users and a proper level of data anonymization is determined based on the ML model's accuracy in detecting the ATO attacks when trained with different versions of the anonymized data.

公开(公告)号：US10761825B2

公开(公告)日：2020-09-01

申请号：US16370780

申请日：2019-03-29

Applicant: Barracuda Networks, Inc.

Inventor： Mathew Levac ,  Fleming Shi

IPC: G06F8/61 ,  G06F8/71 ,  G06F21/53 ,  G06F11/30 ,  G06F11/34 ,  G06F16/2455 ,  G06F9/445

Abstract: A new approach is proposed that contemplates systems and methods to support a sandboxed application plug-in distribution framework. An installation package containing a monitoring plug-in, a display plug-in, and/or third part components is received by a first application running on a first computing device. The first application installs the display plug-in and saves the monitoring plug-in to a centralized database. The first application sends an instruction to a second application running on a second computing device to retrieve the monitoring plug-in from the database and install the monitoring plug-in on the second computing device. Upon receiving a user request, the display plug-in of the first application sends a query to the monitor plug-in of the second application. In response to the query, the monitoring plug-in sends the requested monitored data collected by the second application to the display plug-in, which then formats and presents the monitored data to the user.

公开(公告)号：US20200183709A1

公开(公告)日：2020-06-11

申请号：US16268264

申请日：2019-02-05

Applicant: Barracuda Networks, Inc.

Inventor： Martin WEISSHAUPT ,  Reinhard STAUDACHER ,  Christoph RAUCHEGGER

IPC: G06F9/445 ,  H04L29/06 ,  H04L29/08

Abstract: A new approach is proposed that contemplates systems and methods to support utilizing security device plugins for external device control and monitoring in a secured environment. A plugin that implements one or more functionalities to communicate with and to control operations of an external device is provided to a network security device/appliance. The plugin is then loaded to the network security appliance and integrated with a software running on the network security device, wherein the software obtains the functionalities offered by the plugin. A communication link is established between the plugin of the network security device and the external device following a communication protocol. The network security device is then configured to issue/receive one or more commands to/from the external device following the communication protocol to monitor and collect information from and/or control or be controlled by the external device remotely.

公开(公告)号：US20200082310A1

公开(公告)日：2020-03-12

申请号：US15883073

申请日：2018-01-29

Applicant: BARRACUDA NETWORKS, INC.

Inventor： Mark T. Chapman

IPC: G06Q10/06 ,  H04L29/06 ,  G06Q10/10

Abstract: A software system and service for facilitating organizational testing of employees in order to determine their potential susceptibility to phishing scams is disclosed to evaluate their susceptibility to e-mail and Internet cybercrimes such as phishing. The e-mail addresses of a client organization's employees are provided to the system, a phishing e-mail is created and customized, and a phishing e-mail campaign in which the phishing e-mail message is sent and the responses to the phishing e-mail is monitored, and the results of the e-mail campaign are provided for evaluation. The phishing e-mail may optionally contain attachments and various types of probes and “call home” mechanisms.