公开(公告)号：US10931797B2

公开(公告)日：2021-02-23

申请号：US16854094

申请日：2020-04-21

申请人： Centripetal Networks, Inc.

发明人： David K. Ahn ,  Peter P. Geremia ,  Pierre Mallett, III ,  Sean Moore ,  Robert T. Perry

IPC分类号： H04L29/06 ,  H04L12/851 ,  H04L12/26 ,  H04L12/741 ,  H04L29/12 ,  H04L12/823

摘要： A computing system may identify packets received by a network device from a host located in a first network and may generate log entries corresponding to the packets received by the network device. The computing system may identify packets transmitted by the network device to a host located in a second network and may generate log entries corresponding to the packets transmitted by the network device. Utilizing the log entries corresponding to the packets received by the network device and the log entries corresponding to the packets transmitted by the network device, the computing system may correlate the packets transmitted by the network device with the packets received by the network device.

公开(公告)号：US10757126B2

公开(公告)日：2020-08-25

申请号：US16813220

申请日：2020-03-09

申请人： Centripetal Networks, Inc.

发明人： David K. Ahn ,  Keith A. George ,  Peter P. Geremia ,  Pierre Mallett, III ,  Sean Moore ,  Robert T. Perry ,  Jonathan R. Rogers

IPC分类号： H04L29/06 ,  H04L12/26

摘要： A packet-filtering device may receive packet-filtering rules configured to cause the packet-filtering device to identify packets corresponding to network-threat indicators. The packet-filtering device may receive packets and, for each packet, may determine that the packet corresponds to criteria specified by a packet-filtering rule. The criteria may correspond to one or more of the network-threat indicators. The packet-filtering device may apply an operator specified by the packet-filtering rule. The operator may be configured to cause the packet-filtering device to either prevent the packet from continuing toward its destination or allow the packet to continue toward its destination. The packet-filtering device may generate a log entry comprising information from the packet-filtering rule that identifies the one or more network-threat indicators and indicating whether the packet-filtering device prevented the packet from continuing toward its destination or allowed the packet to continue toward its destination.

公开(公告)号：US10659573B2

公开(公告)日：2020-05-19

申请号：US16554293

申请日：2019-08-28

申请人： Centripetal Networks, Inc.

发明人： David K. Ahn ,  Peter P. Geremia ,  Pierre Mallett, III ,  Sean Moore ,  Robert T. Perry

IPC分类号： H04L29/06 ,  H04L12/851 ,  H04L12/26 ,  H04L12/741 ,  H04L29/12 ,  H04L12/823

摘要： A computing system may identify packets received by a network device from a host located in a first network and may generate log entries corresponding to the packets received by the network device. The computing system may identify packets transmitted by the network device to a host located in a second network and may generate log entries corresponding to the packets transmitted by the network device. Utilizing the log entries corresponding to the packets received by the network device and the log entries corresponding to the packets transmitted by the network device, the computing system may correlate the packets transmitted by the network device with the packets received by the network device.

公开(公告)号：US10541972B2

公开(公告)日：2020-01-21

申请号：US16357855

申请日：2019-03-19

申请人： Centripetal Networks, Inc.

发明人： David K. Ahn ,  Steven Rogers ,  Sean Moore

IPC分类号： H04L29/06 ,  H04L12/24 ,  G06N5/02

摘要： In some variations, first and second rule sets may be received by a network protection device. The first and second rule sets may be preprocessed. The network protection device may be configured to process packets in accordance with the first rule set. Packets may be received by the network protection device. A first portion of the packets may be processed in accordance with the first rule set. The network protection device may be reconfigured to process packets in accordance with the second rule set. A second portion of the packets may be processed in accordance with the second rule set.

公开(公告)号：US20190342265A1

公开(公告)日：2019-11-07

申请号：US16518190

申请日：2019-07-22

申请人： Centripetal Networks, Inc.

发明人： David K. Ahn ,  Steven Rogers ,  Sean Moore

IPC分类号： H04L29/06 ,  H04L12/24 ,  G06N5/02

摘要： In some variations, first and second rule sets may be received by a network protection device. The first and second rule sets may be preprocessed. The network protection device may be configured to process packets in accordance with the first rule set. Packets may be received by the network protection device. A first portion of the packets may be processed in accordance with the first rule set. The network protection device may be reconfigured to process packets in accordance with the second rule set. A second portion of the packets may be processed in accordance with the second rule set.

公开(公告)号：US20190312911A1

公开(公告)日：2019-10-10

申请号：US16448969

申请日：2019-06-21

申请人： Centripetal Networks, Inc.

发明人： Steven Rogers ,  Sean Moore ,  David K. Ahn ,  Peter P. Geremia

IPC分类号： H04L29/06 ,  H04L29/08

摘要： Methods and systems for protecting a secured network are presented. For example, one or more packet security gateways may be associated with a security policy management server. At each packet security gateway, a dynamic security policy may be received from the security policy management server, packets associated with a network protected by the packet security gateway may be received, and at least one of multiple packet transformation functions specified by the dynamic security policy may be performed on the packets.

公开(公告)号：US20170324709A1

公开(公告)日：2017-11-09

申请号：US15382806

申请日：2016-12-19

申请人： Centripetal Networks, Inc.

发明人： David K. Ahn ,  Sean Moore

IPC分类号： H04L29/06

CPC分类号： H04L63/0236 ,  H04L63/0263 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/20

摘要： Methods, systems, and computer-readable media for efficiently detecting threat incidents for cyber threat analysis are described herein. In various embodiments, a computing device, which may be located at a boundary between a protected network associated with the enterprise and an unprotected network, may combine one or more threat indicators received from one or more threat intelligence providers; may generate one or more packet capture and packet filtering rules based on the combined threat indicators; and, may capture or filter, on a packet-by-packet basis, at least one packet based on the generated rules. In other embodiments, a computing device may generate a packet capture file comprising raw packet content and corresponding threat context information, wherein the threat context information may comprise a filtering rule and an associated threat indicator that caused the packet to be captured.

公开(公告)号：US11563758B2

公开(公告)日：2023-01-24

申请号：US15877608

申请日：2018-01-23

申请人： Centripetal Networks, Inc.

发明人： David K. Ahn ,  Sean Moore ,  Douglas M. Disabello

IPC分类号： G06F21/00 ,  H04L9/40 ,  H04L61/4511 ,  H04L69/22

摘要： A packet-filtering system configured to filter packets in accordance with packet-filtering rules may receive data indicating network-threat indicators and may configure the packet-filtering rules to cause the packet-filtering system to identify packets comprising unencrypted data, and packets comprising encrypted data. A portion of the unencrypted data may correspond to one or more of the network-threat indicators, and the packet-filtering rules may be configured to cause the packet-filtering system to determine, based on the portion of the unencrypted data, that the packets comprising encrypted data correspond to the one or more network-threat indicators.

公开(公告)号：US11539665B2

公开(公告)日：2022-12-27

申请号：US17859156

申请日：2022-07-07

申请人： Centripetal Networks, Inc.

发明人： David K. Ahn ,  Steven Rogers ,  Sean Moore

IPC分类号： H04L9/40 ,  G06N5/02 ,  H04L41/16

摘要： In some variations, first and second rule sets may be received by a network protection device. The first and second rule sets may be preprocessed. The network protection device may be configured to process packets in accordance with the first rule set. Packets may be received by the network protection device. A first portion of the packets may be processed in accordance with the first rule set. The network protection device may be reconfigured to process packets in accordance with the second rule set. A second portion of the packets may be processed in accordance with the second rule set.

公开(公告)号：US11516241B2

公开(公告)日：2022-11-29

申请号：US17713570

申请日：2022-04-05

申请人： Centripetal Networks, Inc.

发明人： David K. Ahn ,  Keith A. George ,  Peter P. Geremia ,  Pierre Mallett, III ,  Sean Moore ,  Robert T. Perry ,  Jonathan R. Rogers

IPC分类号： H04L9/40 ,  H04L43/028

摘要： A packet-filtering device may receive packet-filtering rules configured to cause the packet-filtering device to identify packets corresponding to network-threat indicators. The packet-filtering device may receive packets and, for each packet, may determine that the packet corresponds to criteria specified by a packet-filtering rule. The criteria may correspond to one or more of the network-threat indicators. The packet-filtering device may apply an operator specified by the packet-filtering rule. The operator may be configured to cause the packet-filtering device to either prevent the packet from continuing toward its destination or allow the packet to continue toward its destination. The packet-filtering device may generate a log entry comprising information from the packet-filtering rule that identifies the one or more network-threat indicators and indicating whether the packet-filtering device prevented the packet from continuing toward its destination or allowed the packet to continue toward its destination.