公开(公告)号：US20250071043A1

公开(公告)日：2025-02-27

申请号：US18948155

申请日：2024-11-14

Applicant: FORESCOUT TECHNOLOGIES, INC.

Inventor： Daniel Ricardo dos Santos ,  Elisa Costante

IPC: H04L43/18 ,  H04L43/04

Abstract: Systems and methods to determine fields of an unknown protocol are described. The method includes grouping network traffic capture into one or more clusters of packets based on similarity and parsing each of the one or more clusters to identify one or more fields of an unknown protocol. The method further includes generating a description of the unknown protocol comprising the identified one or more fields of the unknown protocol and an order of the identified one or more fields of the unknown protocol. The method further includes compiling the description into a protocol parser.

公开(公告)号：US12224904B2

公开(公告)日：2025-02-11

申请号：US17882723

申请日：2022-08-08

Applicant: FORESCOUT TECHNOLOGIES, INC.

Inventor： Ilya Fainberg

IPC: H04L41/0893 ,  H04L9/40 ,  H04L41/0213 ,  H04L41/0226 ,  H04L41/14 ,  H04L43/045

Abstract: Systems, methods, and related technologies for segmentation management are described. The segmentation management may include visualization, configuration including translation, simulation, or a combination thereof of one or more segmentation policies. In certain aspects, a segmentation policy is accessed and a segmentation rule is determined based on the segmentation policy, wherein the segmentation rule is based on a characteristic of an entity determined without the use of an agent. An enforcement point associated with the segmentation rule may be determined, where the enforcement point is communicatively coupled to a network. The segmentation rule may be translated into a configuration associated with the enforcement point and the configuration communicated to the enforcement point.

公开(公告)号：US20240356966A1

公开(公告)日：2024-10-24

申请号：US18761048

申请日：2024-07-01

Applicant: FORESCOUT TECHNOLOGIES, INC.

Inventor： Ilya Fainberg ,  Abdelhamid Masarwa ,  Oren Nechushtan

IPC: H04L9/40 ,  H04L101/622 ,  H04W12/06 ,  H04W12/122

CPC classification number: H04L63/1466 ,  H04L63/0853 ,  H04W12/06 ,  H04W12/122 ,  H04L2101/622

Abstract: Systems, methods, and related technologies including media access control (MAC) address spoofing detection are described. The MAC address spoofing detection and response may include accessing a first media access control (MAC) address associated with a first communication on a first port of a first network device coupled to a network, accessing a second media access control (MAC) address associated with a second communication on a second port of a second network device coupled to the network, and determining that the second MAC address matches the first MAC address The method further includes identifying a device associated with the first or second communication as being associated with a spoofing event based on the second port differing from the first port and based on the first and second timestamps being within a threshold amount of time from one another and performing an action associated with the first or second port.

公开(公告)号：US20240340299A1

公开(公告)日：2024-10-10

申请号：US18623265

申请日：2024-04-01

Applicant: FORESCOUT TECHNOLOGIES, INC.

Inventor： Elisa COSTANTE

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/0236 ,  H04L63/1416 ,  H04L63/145 ,  H04L63/20

Abstract: A method of detecting anomalous behaviour in data traffic includes parsing data traffic to extract protocol field values of a protocol message of data traffic, deriving attribute values of attributes of one of the first host, the second host, and the link. The method includes selecting a model relating to the one of the first host, the second host, and the link. The mode includes at least one semantic attribute expressing a semantic meaning for the first host, the second host, or the link. The method further includes updating the selected model with the derived attribute values, assessing whether the updated model complies with a set of attribute-based policies defining a security constraint of the data communication network, and generating an alert signal in case the attribute-based policies indicate that the updated model violates at least one of the attribute-based policies.

公开(公告)号：US12009981B2

公开(公告)日：2024-06-11

申请号：US17567100

申请日：2021-12-31

Applicant: FORESCOUT TECHNOLOGIES, INC.

Inventor： Ilya Fainberg ,  Yafit Maor ,  Amir Olswang

IPC: H04L41/0893 ,  H04L9/40 ,  H04L41/14 ,  H04L43/045

CPC classification number: H04L41/0893 ,  H04L41/145 ,  H04L43/045 ,  H04L63/0263 ,  H04L63/104

Abstract: Systems, methods, and related technologies for segmentation management are described. The segmentation management may include visualization, configuration, simulation, or a combination thereof of one or more segmentation policies. In certain aspects, a plurality of segmentation rules are accessed and one or more characteristics of a plurality of entities communicatively coupled to a network are determined. A plurality of groups may be determined based on at least one characteristic of the one or more characteristics, where each group comprises at least one entity of the plurality of entities. A first group and a second group from the plurality of groups may be selected and one or more segmentation rules associated with the first group determined. One or more segmentation rules associated with the second group may be determined. Communication properties between the first group and second group may be determined and an indication of the communication properties between the first group and the second group displayed.

公开(公告)号：US20240031260A1

公开(公告)日：2024-01-25

申请号：US18373778

申请日：2023-09-27

Applicant: FORESCOUT TECHNOLOGIES, INC.

Inventor： Michail Kapsalakis ,  Daniel Ricardo dos Santos ,  Davide Fauri

IPC: H04L43/062 ,  G06F18/213 ,  H04L41/0893 ,  H04L43/0811 ,  H04L43/0882

CPC classification number: H04L43/062 ,  G06F18/213 ,  H04L41/0893 ,  H04L43/0811 ,  H04L43/0882

Abstract: Systems, methods, and related technologies for entity classification and attribute designation are described. Device property data of a device coupled to a network is accessed. Features of the device are identified based on the device property data. A first value for an attribute of the device is determined based on a rule applied to the one or more features of the device, wherein a belief value for the first rule is associated with the first value. A final value for the attribute of the device is selected based on the first belief value for the first value of the attribute. An explanation of the selection of the final value for the attribute is provided and a security action is performed on the entity based on the final value for the attribute of the entity and a security policy associated with the final value for the attribute.

公开(公告)号：US20240022592A1

公开(公告)日：2024-01-18

申请号：US18476556

申请日：2023-09-28

Applicant: FORESCOUT TECHNOLOGIES, INC.

Inventor： Anderson Lam ,  Sharad Singh ,  Mihael Sudakovitch

IPC: H04L9/40

CPC classification number: H04L63/1433 ,  H04L63/10 ,  H04L63/20

Abstract: Systems, methods, and related technologies for entity visibility are described. In certain aspects, a type of entity to be monitored on a network is determined. One or more entities on the network are monitored based on the type of entity to be monitored. Information associated with the one or more entities is stored.

公开(公告)号：US11843666B2

公开(公告)日：2023-12-12

申请号：US17211643

申请日：2021-03-24

Applicant: ForeScout Technologies, Inc.

Inventor： Shmulik Bachar ,  Yossi Atias

IPC: H04L67/12 ,  H04L9/40 ,  H04L67/303 ,  H04L61/5014 ,  H04L67/10 ,  H04L67/50

CPC classification number: H04L67/12 ,  H04L63/102 ,  H04L67/10 ,  H04L67/303 ,  H04L67/535 ,  H04L61/5014

Abstract: A method, apparatus and product for sub-networks based cyber security. One method comprises detecting a device connecting to a local network which is divided into subnets; determining a usage profile of the device; automatically selecting a subnet to connect the device based on the usage profile; and connecting the device to the selected subnet in the local network. Another method comprises monitoring communication traffic of devices in each of the subnets of a local network; performing anomaly detection to detect an abnormal communication of a device connected to a subnet; blocking the abnormal communication of the device; and removing the device from the subnet and connecting the device to a quarantine subnet of the local network, whereby reducing connectivity of the device with other devices connected to the local network.

公开(公告)号：US20230319081A1

公开(公告)日：2023-10-05

申请号：US17711613

申请日：2022-04-01

Applicant: FORESCOUT TECHNOLOGIES, INC.

Inventor： Eli Fainberg ,  Yafit Maor

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/1416 ,  H04L63/1433 ,  H04L63/145 ,  H04L63/20

Abstract: Systems, methods, and related technologies for a risk driven planning and simulation tool for a computer network are described. A security risk is determined for each of a plurality of devices on a network. A network traffic map is presented to a display. The network traffic map shows network traffic between the plurality of devices and the security risk for each of the plurality of devices. Segmentation of one or more of the plurality of devices on the network is simulated and presented to the display with updates to the network traffic or updates to the security risk of some of the devices on the network.

公开(公告)号：US20230318927A1

公开(公告)日：2023-10-05

申请号：US18148951

申请日：2022-12-30

Applicant: FORESCOUT TECHNOLOGIES, INC.

Inventor： Erick Ingleby ,  Nirmal F. Rajarathnam

IPC: H04L41/14 ,  G06N5/022

CPC classification number: H04L41/14 ,  G06N5/022

Abstract: Systems, methods, and related technologies for classifying a device on a network are described. A method includes capturing device information corresponding to a device on a network. The method inputs unstructured crowdsourced data on the network into a machine learning model to produce structured crowdsourced data. The method classifies the device based on evaluating the device information with the structured crowdsourced data.