-
公开(公告)号:US11843606B2
公开(公告)日:2023-12-12
申请号:US17708311
申请日:2022-03-30
Applicant: ExtraHop Networks, Inc.
Inventor: Xue Jun Wu , Swagat Dasgupta , Matthew Alexander Schurr
IPC: H04L9/40 , H04L67/06 , G06F21/62 , G06F18/214
CPC classification number: H04L63/102 , G06F18/214 , G06F21/6263 , H04L63/20 , H04L67/06
Abstract: Embodiments are directed monitoring network traffic using network monitoring computers. Activity associated with a document in a network may be determined based on the network traffic. A profile may be generated based on a summarization of the activity associated with the document such that the profile may be stored in a data store that stores other profiles. Similar profiles may be determined based on a classification of each profile in the data store based on similarities between the profile and the other profiles in the data store. In response to determining similar profiles, locations in the network associated with documents that correspond to the similar profiles may be determined. Locations may be classified based on the activity, the similar profiles and access policies. In response to portions of the locations being classified as inconsistent with the access policies may be reported.
-
公开(公告)号:US11665207B2
公开(公告)日:2023-05-30
申请号:US17515963
申请日:2021-11-01
Applicant: ExtraHop Networks, Inc.
Inventor: Benjamin Thomas Higgins , Jesse Abraham Rothstein
IPC: H04L9/40 , G06F21/60 , H04L43/12 , H04L43/062 , G06F21/50 , H04L43/026
CPC classification number: H04L63/30 , G06F21/606 , H04L43/12 , H04L63/0218 , H04L63/0428 , H04L63/061 , H04L63/062 , H04L63/065 , G06F21/50 , H04L43/026 , H04L43/062 , H04L63/166 , H04L63/20
Abstract: Embodiments are directed to monitoring communication between computers using network monitoring computers (NMCs). NMCs identify a secure communication session established between two of the computers based on an exchange of handshake information associated with the secure communication session. Key information that corresponds to the secure communication session may be obtained from a key provider such that the key information may be encrypted by the key provider. NMCs may decrypt the key information. NMCs may derive the session key based on the decrypted key information and the handshake information. NMCs may decrypt network packets included in the secure communication session. NMCs may be employed to inspect the one or more decrypted network packets to execute one or more rule-based policies.
-
公开(公告)号:US11463299B2
公开(公告)日:2022-10-04
申请号:US17226947
申请日:2021-04-09
Applicant: ExtraHop Networks, Inc.
Inventor: Xue Jun Wu , Nicholas Jordan Braun , Joel Benjamin Deaguero , Michael Kerber Krause Montague , Bhushan Prasad Khanal
IPC: H04L41/0604 , H04L41/12 , H04L9/00 , H04L41/16 , G06F16/2457 , H04L43/08 , H04L41/14 , H04L43/0823 , H04L43/091
Abstract: Embodiments are directed to monitoring network traffic. A monitoring engine may monitor network traffic associated with a plurality of entities in networks to provide metrics. And provide a device relation model based on the plurality of entities, the network traffic, and the metrics. An inference engine may associate each entity in the plurality of entities with an importance score based on the device relation model and the metrics such that each importance score is associated with a significance of an entity to operations of the networks. An alert engine may generate a plurality of alerts associated with the plurality of entities based on the metrics. And provide one or more alerts from the plurality of alerts to one or more users based on one or more ranked importance scores associated with one or more entities.
-
公开(公告)号:US11388072B2
公开(公告)日:2022-07-12
申请号:US17337299
申请日:2021-06-02
Applicant: ExtraHop Networks, Inc.
Inventor: Xue Jun Wu , Arindum Mukerji , Jeff James Costlow , Michael Kerber Krause Montague , Jesse Abraham Rothstein , Matthew Alexander Schurr
Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Two or more network segments coupled by a traffic forwarding device (TFD) may be monitored. External network addresses and internal network addresses may be determined based on encrypted network traffic exchanged between external endpoints and the TFD and internal network traffic exchanged between internal endpoints and the TFD. Metrics associated with the external network addresses or the internal network addresses may be determined based on the monitoring. Correlation scores may be provided for the external network addresses and the internal network addresses based on of a correlation model, the metrics, or the other metrics. If a correlation score associated with an external network address and an internal network address exceeds a threshold value, the external network address and the internal network address may be associated with each other based on the correlation score.
-
公开(公告)号:US11165831B2
公开(公告)日:2021-11-02
申请号:US15971843
申请日:2018-05-04
Applicant: ExtraHop Networks, Inc.
Inventor: Benjamin Thomas Higgins , Jesse Abraham Rothstein
Abstract: Embodiments are directed to monitoring communication between computers using network monitoring computers (NMCs). NMCs identify a secure communication session established between two of the computers based on an exchange of handshake information associated with the secure communication session. Key information that corresponds to the secure communication session may be obtained from a key provider such that the key information may be encrypted by the key provider. NMCs may decrypt the key information. NMCs may derive the session key based on the decrypted key information and the handshake information. NMCs may decrypt network packets included in the secure communication session. NMCs may be employed to inspect the one or more decrypted network packets to execute one or more rule-based policies.
-
Patent Agency Ranking
公开(公告)号:US10965702B2
公开(公告)日:2021-03-30
申请号:US16424387
申请日:2019-05-28
Applicant: ExtraHop Networks, Inc.
Inventor: Benjamin Thomas Higgins , Jesse Abraham Rothstein , Xue Jun Wu , Michael Kerber Krause Montague , Kevin Michael Seguin
Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). NMCs may determine requests provided to a server based on a first portion of network traffic. NMCs may determine suspicious requests based on characteristics of the provided requests. NMCs may employ the characteristics of the suspicious requests to provide correlation information that is associated with the suspicious requests. NMCs may determine dependent actions associated with the server based on a second portion of the network traffic and the correlation information. And, in response to determining anomalous activity associated with the evaluation of the dependent actions, NMCs may provide reports associated with the anomalous activity.
-
公开(公告)号:US10264003B1
公开(公告)日:2019-04-16
申请号:US15891311
申请日:2018-02-07
Applicant: ExtraHop Networks, Inc.
Inventor: Xue Jun Wu , Nicholas Jordan Braun , Joel Benjamin Deaguero , Michael Kerber Krause Montague , Bhushan Prasad Khanal
Abstract: Embodiments are directed to monitoring network traffic using network computers. Monitoring triggers associated with one or more conditions and one or more actions may be provided. A monitoring engine may monitor information that is associated with network traffic associated with networks based on an inspection detail level. The monitoring engine may compare the monitored information to the conditions associated with the monitoring triggers. The monitoring engine may activate one or more monitoring triggers based on a result of the comparison. The monitoring engine may modify the inspection detail level based on the actions associated with the activated monitoring triggers to increase the amount of the information monitored by the monitoring engine. An analysis engine may provide analysis of the network traffic based on the monitored information.
-
公开(公告)号:US09584381B1
公开(公告)日:2017-02-28
申请号:US15289760
申请日:2016-10-10
Applicant: ExtraHop Networks, Inc.
Inventor: Alexander Christian Leone
CPC classification number: H04L43/04 , H04L43/022 , H04L43/024 , H04L43/026 , H04L43/0876 , H04L43/12 , H04L43/18
Abstract: Embodiments are directed to capturing packets on a network. A snapshot value may be provided for a network monitoring computer (NMC). If the NMC may be provided packets of a network flow, characteristics of the network flow may be monitored. If the characteristics of the network flow indicate that a flow turn may be occurring on the network flow, the snapshot value may be modified by increasing it to a provided value. If conditions indicate that the flow turn may be complete, the snapshot value maybe reset by decreasing it to another provided value. A portion of each of the packets may be captured by the NMC, such that the size of the portion may be equivalent to the snapshot value. The captured portion of each of the packets may be stored in a memory of the NMC.
Abstract translation: 实施例涉及在网络上捕获分组。 可以为网络监控计算机(NMC)提供快照值。 如果NMC可以被提供网络流的分组,则可以监视网络流的特性。 如果网络流的特征指示网络流可能发生流转,则可以通过将快照值增加到所提供的值来修改快照值。 如果条件表明流动转弯可能完成,则快照值可以通过将其减小到另一个提供的值来重置。 每个分组的一部分可以由NMC捕获,使得该部分的大小可以等同于快照值。 每个分组的捕获部分可以存储在NMC的存储器中。
-
9.发明授权公开(公告)号:US09210135B2
公开(公告)日:2015-12-08
申请号:US14500893
申请日:2014-09-29
Applicant: ExtraHop Networks, Inc.
Inventor: Jesse Abraham Rothstein , Arindum Mukerji , Bhushan Prasad Khanal
CPC classification number: H04L63/0428 , H04L43/0823 , H04L43/0876 , H04L43/12 , H04L43/18 , H04L63/1408
Abstract: Embodiments are directed towards resynchronizing the processing of a monitored flow based on hole detection. A network monitoring device (NMD) may be employed to passively monitor flows of packets for a session between endpoints. The NMD may receive copies of the monitored flow and perform processes on the monitored flow. In some situations, some copies of packets may not be fully processed by the NMD, creating a hole in the processing. If a hole is detected in the monitored flow and the processing of the monitored flow is desynchronized, then the NMD may suspend processing until it is resynchronized or for a remainder of the session. If the processing is desynchronized, then the NMD may resynchronize the processing by resuming the processing of the monitored flow at a downstream position of the monitored flow based on the detected hole.
Abstract translation: 实施例旨在基于空穴检测重新同步所监视的流的处理。 可以采用网络监视设备(NMD)来动态地监视端点之间的会话的分组流。 NMD可以接收被监视流的副本,并对监视的流执行进程。 在某些情况下,数据包的某些副本可能未被NMD完全处理,在处理中创建一个孔。 如果在监视的流中检测到一个孔,并且所监视的流的处理被去同步,则NMD可以暂停处理,直到它被重新同步或者在剩余的会话中。 如果处理是不同步的,则NMD可以基于检测到的孔在监视流的下游位置恢复监视流程的处理来重新同步该处理。
-
公开(公告)号:US09191288B2
公开(公告)日:2015-11-17
申请号:US14518996
申请日:2014-10-20
Applicant: ExtraHop Networks, Inc.
Inventor: Jesse Abraham Rothstein , Kevin Michael Seguin
IPC: H04L12/26 , H04L12/70 , H04L12/861
CPC classification number: H04L43/04 , H04L43/026 , H04L43/028 , H04L43/045 , H04L43/0894 , H04L43/18 , H04L47/00 , H04L49/9084
Abstract: The various embodiments provide selective real-time monitoring of one or more flows of packets over a network, real-time buffering of packets for the one or more monitored flows, real-time recording of packets for one or more monitored flows and its corresponding buffered packets based on initiation of at least one trigger, and real-time analysis of the one or more recorded flows of packets regarding at least the occurrence of the at least one trigger. One or more flows of packets may be selected for monitoring by an administrator or an automated process based on different factors. In at least one of the various embodiments, the one or more monitored flows of packets are tagged and threaded so that they are separately accessible in a ring buffer.
Abstract translation: 各种实施例提供对网络上的一个或多个分组流的选择性实时监控,对一个或多个被监测流的分组的实时缓冲,对一个或多个被监测流的分组的实时记录及其相应的缓冲 基于启动至少一个触发的分组,以及关于至少一个至少一个触发的发生的一个或多个记录的分组流的实时分析。 可以选择一个或多个分组流来管理基于不同因素的管理员或自动化过程。 在各种实施例中的至少一个中,分组的一个或多个被监视的流被标记和穿过,使得它们在环形缓冲器中可以单独访问。
-
-
-
-
-
-
-
-
-
Search Results
99
records
(took 0.065 seconds)
