公开(公告)号：US11831658B2

公开(公告)日：2023-11-28

申请号：US16245770

申请日：2019-01-11

Applicant: Nuix Limited

Inventor： John Dwyer ,  Benjamin McNichols ,  Martin Pillion ,  Kevin Wenchel

IPC: H04L29/00 ,  H04L9/40 ,  H04L41/046

CPC classification number: H04L63/1416 ,  H04L41/046 ,  H04L63/0263 ,  H04L63/20

Abstract: The present invention provides an integrated, context-aware, security system that provides an adaptive endpoint security agent architecture model for a continuously monitoring and recording activity across an enterprise, specifically monitoring activity on endpoints, and subsequently detecting and blocking any malicious processes that may otherwise invade the enterprise and cause issues. The endpoint security agent architecture exposes a well-defined, public interface to the event data generated by the endpoint security agent in the form of a custom programming language by which a user can define the logic that the endpoint security agent executes in response to event data to perform detection of and response to suspicious activity.

公开(公告)号：US20230379362A1

公开(公告)日：2023-11-23

申请号：US18222611

申请日：2023-07-17

Applicant: Oracle International Corporation

Inventor： Christopher James Ries ,  Nikkolas Anthony Lavorato ,  Kevin Raymond, JR. ,  Philip Nathan Andrews, III ,  Christa Agnes Johnson Scura

IPC: H04L9/40 ,  H04L67/141

CPC classification number: H04L63/1491 ,  H04L63/08 ,  H04L67/141 ,  H04L63/0263

Abstract: Techniques for using honeypots to lure attackers and gather data about attackers and attack patterns on Infrastructure-as-a-Service (IaaS) instances. The gathered data may then be analyzed and used to proactively prevent such attacks.

公开(公告)号：US11824899B2

公开(公告)日：2023-11-21

申请号：US18048248

申请日：2022-10-20

Applicant: Snowflake Inc.

Inventor： James Calvin Armstrong ,  Jonathan Claybaugh

IPC: H04L9/40 ,  H04L43/026 ,  H04L41/22 ,  H04L47/10 ,  H04L43/00 ,  H04L43/062 ,  H04L41/0604 ,  H04L43/0811 ,  G06F21/57 ,  G06F21/56 ,  G06F21/62

CPC classification number: H04L63/20 ,  G06F21/566 ,  G06F21/57 ,  H04L41/0604 ,  H04L41/22 ,  H04L43/00 ,  H04L43/026 ,  H04L43/062 ,  H04L43/0811 ,  H04L47/10 ,  H04L63/0263 ,  H04L63/104 ,  H04L63/1408 ,  H04L63/1416 ,  G06F21/6218 ,  H04L63/102

Abstract: The disclosure relates generally to methods, systems, and apparatuses for managing network connections. An example method includes receiving one or more messages from a plurality of computing devices connected through a network, the one or more messages indicating actual connections among the plurality of computing devices. The example method further includes comparing, by one or more processors, the actual connections to a list of expected connections indicated by a connections master file that comprises connection information for the plurality of computing devices. The method further includes, responsive to detecting one or more differences between the list of expected connections and the actual connections, providing a notification indicating the one or more differences to a log file or a notification area of a user interface.

公开(公告)号：US11824879B2

公开(公告)日：2023-11-21

申请号：US17482894

申请日：2021-09-23

Applicant: Centripetal Networks, LLC

Inventor： David K. Ahn ,  Sean Moore ,  Douglas M. Disabello

IPC: G06F21/00 ,  H04L9/40 ,  H04L61/4511 ,  H04L69/22

CPC classification number: H04L63/1425 ,  H04L61/4511 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/0281 ,  H04L63/1416 ,  H04L63/20 ,  H04L69/22 ,  H04L63/1441

Abstract: A packet-filtering system configured to filter packets in accordance with packet-filtering rules may receive data indicating network-threat indicators and may configure the packet-filtering rules to cause the packet-filtering system to identify packets comprising unencrypted data, and packets comprising encrypted data. A portion of the unencrypted data may correspond to one or more of the network-threat indicators, and the packet-filtering rules may be configured to cause the packet-filtering system to determine, based on the portion of the unencrypted data, that the packets comprising encrypted data correspond to the one or more network-threat indicators.

公开(公告)号：US11822653B2

公开(公告)日：2023-11-21

申请号：US17959708

申请日：2022-10-04

Applicant: CUPP Computing AS

Inventor： Shlomo Touboul

IPC: G06F21/00 ,  G06F21/56 ,  H04L9/40 ,  H04W12/128 ,  H04W12/00 ,  H04W12/12

CPC classification number: G06F21/562 ,  H04L63/02 ,  H04L63/0263 ,  H04L63/145 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/20 ,  H04W12/00 ,  H04W12/12 ,  H04W12/128

Abstract: A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

公开(公告)号：US20230370428A1

公开(公告)日：2023-11-16

申请号：US18226775

申请日：2023-07-27

Applicant: Nicira, Inc.

Inventor： Jayant Jain ,  Anirban Sengupta ,  Mohan Parthasarathy ,  Xinhua Hong

IPC: H04L9/40 ,  H04L43/028 ,  H04L69/326 ,  H04L69/22

CPC classification number: H04L63/0254 ,  H04L43/028 ,  H04L69/326 ,  H04L69/22 ,  H04L63/0263

Abstract: A novel method for stateful packet classification that uses hardware resources for performing stateless lookups and software resources for performing stateful connection flow handshaking is provided. To classify an incoming packet from a network, some embodiments perform stateless look up operations for the incoming packet in hardware and forward the result of the stateless look up to the software. The software in turn uses the result of the stateless look up to perform the stateful connection flow handshaking and to determine the result of the stateful packet classification.

公开(公告)号：US20230370353A1

公开(公告)日：2023-11-16

申请号：US18227536

申请日：2023-07-28

Applicant: CenturyLink Intellectual Property LLC

Inventor： Ronald A. Lewis

IPC: H04L43/0852 ,  H04L9/40

CPC classification number: H04L43/0852 ,  H04L63/02 ,  H04L63/1408 ,  H04L63/10 ,  H04L63/0263 ,  H04L67/01

Abstract: Novel tools and techniques are provided for implementing firewall functionalities, and, more particularly, to methods, systems, and apparatuses for implementing high availability (“HA”) web application firewall (“WAF”) functionalities. In various embodiments, a first computing system might monitor network communications between a client and a server providing access to software applications, and might determine whether latency has been introduced as a result of at least one first WAF container having been launched and whether any introduced latency exceeds a predetermined threshold, each first WAF container being tuned to a corresponding software application and protecting the software application from network attacks. Based on a determination that latency has been introduced and based on a determination that the introduced latency exceeds the predetermined threshold, one or more second WAF containers may be launched, each being tuned to the corresponding software application. Subsequently, any unused or underutilized WAF containers may be decommissioned or deleted.

公开(公告)号：US20230367650A1

公开(公告)日：2023-11-16

申请号：US18227306

申请日：2023-07-28

Applicant: VMware, Inc.

Inventor： Amarnath Palavalli ,  Sachin Mohan Vaidya ,  Pavlush Margarian

IPC: G06F9/50 ,  H04L67/1087 ,  H04L9/40 ,  H04L67/1074 ,  H04L67/60

CPC classification number: G06F9/5077 ,  G06F9/5011 ,  H04L67/1089 ,  H04L63/0263 ,  H04L63/101 ,  H04L67/1076 ,  H04L67/60 ,  G06F2209/506

Abstract: Some embodiments of the invention provide a method for processing requests for performing operations on resources in a software defined datacenter (SDDC). The resources are software-defined (SD) resources in some embodiments. The method initially receives a request to perform an operation with respect to a first resource in the SDDC. The method identifies a policy that matches (i.e., is applicable to) the received request for the first resource by comparing a set of attributes of the request with sets of attributes of a set of policies that place constraints on operations specified for resources. In some embodiments, several sets of attributes for several policies can be expressed for resources at different hierarchal resource levels of the SDDC. The method rejects the received request when the identified policy specifies that the requested operation violates a constraint on operations specified for the first resource.

公开(公告)号：US11818099B2

公开(公告)日：2023-11-14

申请号：US17479336

申请日：2021-09-20

Applicant: Forcepoint LLC

Inventor： Kari Nurmela

IPC: H04L9/40

CPC classification number: H04L63/0245 ,  H04L63/0263

Abstract: A method for filtering data packets at a firewall system is disclosed that includes receiving a data packet having a plurality of fields at a processor, and determining whether a precondition exists, where an action is associated the precondition. The action associated with the precondition is performed if it is determined that the precondition exists. The data packet is processed using a plurality of rules if it is determined that the precondition does not exist for the one or more of the plurality of fields. A user associated with the data packet is identified, and it is determined whether one or more rules are stored in a cache for one or more of a plurality of groups associated with the user. The data packet is processed using the one or more rules stored in the cache if present.

公开(公告)号：US20230362198A1

公开(公告)日：2023-11-09

申请号：US18135593

申请日：2023-04-17

Applicant: Foundation of Soongsil University-Industry Cooperation

Inventor： Souhwan JUNG ,  Thien-phuc DOAN ,  Songi GWAK

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/0263 ,  H04L63/1416

Abstract: Provided is a dynamic security policy enforcement system for a container system. The dynamic security policy enforcement system comprises a policy management unit for generating and managing a security policy for a container based on a structured format including a set of rules of a predetermined condition; a policy enforcement unit for checking the set of rules when the container requests a system call, changing the security policy of the structured format into a code in a preset format, and transferring the policy changed into the code to a kernel space; and a policy operation decision unit for enforcing the policy received from the policy enforcement unit in the kernel space based on a policy enforcement program that hooks the system call and generating a return value for performing a predetermined operation. Due to this, a policy can be applied to containers in all states including an initialization state and a running state at any time, and there is no need to restart the system or container to apply the policy.