公开(公告)号：US10284595B2

公开(公告)日：2019-05-07

申请号：US15148400

申请日：2016-05-06

Applicant: Citrix Systems, Inc.

Inventor： Anoop Reddy ,  Kenneth Bell ,  Georgios Oikonomou ,  Kurt Roemer

IPC: H04L29/06

Abstract: The present disclosure is directed towards systems and methods for evaluating or mitigating a network attack. A device determines one or more client internet protocol addresses associated with the attack on the service. The device assigns a severity score to the attack based on a type of the attack. The device identifies a probability of a user account accessing the service during an attack window based on the type of attack. The device generates an impact score for the user account based on the severity score and the probability of the user account accessing the service during the attack window. The device selects a mitigation policy for the user account based on the impact score.

公开(公告)号：US20190036911A1

公开(公告)日：2019-01-31

申请号：US16149626

申请日：2018-10-02

Applicant: Citrix Systems, Inc.

Inventor： Kenneth Bell ,  Anoop Reddy

IPC: H04L29/06

Abstract: The present disclosure is directed towards systems and methods for scanning of a target range of IP addresses to verify security certificates associated with the target range of IP addresses. Network traffic may be monitored between a plurality of clients and a plurality of serves over an IP address space. Traffic monitors positioned intermediary to the plurality of client and the plurality of servers can identify a target range of IP addresses in the address space for targeted scanning. The target range of IP address may be grouped into a priority queue and a scan can be performed of the target range of IP addresses to verify a security certificate associated with each IP address in the target range of IP addresses. In some embodiments, a rogue security certificate is detected that is associated with at least one IP address in the target range of IP addresses.

公开(公告)号：US20170126718A1

公开(公告)日：2017-05-04

申请号：US14928217

申请日：2015-10-30

Applicant: Citrix Systems, Inc.

Inventor： Nastaran Baradaran ,  Anoop Reddy ,  Ratnesh Singh Thakur

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L63/0281 ,  H04L63/1416 ,  H04L63/20

Abstract: The present disclosure is directed towards systems and methods for characterizing anomalous network traffic. The system includes a device intermediary to clients and servers. The device includes a network traffic engine to receive network traffic including an anomaly. The device includes a univariate policy manager to determine whether the network traffic satisfies at least one of the rules of a univariate policy based on a respective single independent network traffic feature. The device includes a multivariate policy manager to determine, responsive to determining that the network traffic does not satisfy the rules of the univariate policy, that the network satisfies a multivariate policy including a plurality of anomaly explanation tests. The device includes an anomaly explanation selector to select, responsive to determining that the network traffic satisfies the multivariate policy, an anomaly explanation. The device includes a message generator to generate an anomaly explanation output including the selected anomaly explanation.

公开(公告)号：US20160330245A1

公开(公告)日：2016-11-10

申请号：US15148425

申请日：2016-05-06

Applicant: Citrix Systems, Inc.

Inventor： Kenneth Bell ,  Anoop Reddy

IPC: H04L29/06 ,  H04L12/26 ,  H04L29/12

CPC classification number: H04L63/0823 ,  H04L43/0876 ,  H04L61/1511 ,  H04L61/2007 ,  H04L61/35 ,  H04L63/1433

Abstract: The present disclosure is directed towards systems and methods for scanning of a target range of IP addresses to verify security certificates associated with the target range of IP addresses. Network traffic may be monitored between a plurality of clients and a plurality of serves over an IP address space. Traffic monitors positioned intermediary to the plurality of client and the plurality of servers can identify a target range of IP addresses in the address space for targeted scanning. The target range of IP address may be grouped into a priority queue and a scan can be performed of the target range of IP addresses to verify a security certificate associated with each IP address in the target range of IP addresses. In some embodiments, a rogue security certificate is detected that is associated with at least one IP address in the target range of IP addresses.

Abstract translation: 本公开涉及用于扫描目标IP地址范围以验证与目标IP地址范围相关联的安全证书的系统和方法。 可以在多个客户端之间监视网络流量，并通过IP地址空间来监视多个服务。 位于多个客户端中间的交通监视器，并且多个服务器可以识别用于目标扫描的地址空间中的IP地址的目标范围。 IP地址的目标范围可以被分组为优先级队列，并且可以执行IP地址的目标范围的扫描，以验证与IP地址的目标范围中的每个IP地址相关联的安全证书。 在一些实施例中，检测到与IP地址的目标范围中的至少一个IP地址相关联的流氓安全证书。

公开(公告)号：US20160330230A1

公开(公告)日：2016-11-10

申请号：US15148374

申请日：2016-05-06

Applicant: Citrix Systems, Inc.

Inventor： Anoop Reddy ,  Kenneth Bell ,  Georgios Oikonomou ,  Kurt Roemer

IPC: H04L29/06 ,  H04L29/12

CPC classification number: H04L63/1433 ,  G06F9/45533 ,  G06F9/45558 ,  G06F2009/45587 ,  H04L9/002 ,  H04L9/3268 ,  H04L61/1511 ,  H04L61/6013 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/0884 ,  H04L63/14 ,  H04L63/1416 ,  H04L63/166 ,  H04L67/42

Abstract: The disclosure is directed to a system for improving security of SSL communications. The system can include an device intermediary between one or more servers, one or more clients, a plurality of agents, and a web service. The servers can be configured to receive SSL connections and issue SSL certificates. The device can include a virtual server associated with a respective one of the servers, such that the SSL certificate of the respective server is transmitted through the device. The device can generate service fingerprints for the one or more servers. Each service fingerprint can include information corresponding to an SSL certificate of the virtual server, one or more DNS aliases for a virtual IP address of the respective virtual server, one or more port numbers serving the SSL certificate, and an IP address serviced by the device. The device also can transmit the service fingerprints to a web service.

Abstract translation: 本公开涉及一种用于提高SSL通信安全性的系统。 系统可以包括一个或多个服务器之间的设备中介，一个或多个客户端，多个代理和web服务。 服务器可以配置为接收SSL连接并发出SSL证书。 该设备可以包括与相应的一个服务器相关联的虚拟服务器，使得相应服务器的SSL证书通过设备传输。 设备可以为一个或多个服务器生成服务指纹。 每个服务指纹可以包括与虚拟服务器的SSL证书相对应的信息，用于各个虚拟服务器的虚拟IP地址的一个或多个DNS别名，用于SSL证书的一个或多个端口号以及由该设备服务的IP地址 。 该设备还可以将服务指纹发送到Web服务。