Network Application Security Policy Enforcement

    公开(公告)号:US20190116206A1

    公开(公告)日:2019-04-18

    申请号:US16214843

    申请日:2018-12-10

    IPC分类号: H04L29/06 G06F21/60 G06F21/62

    摘要: A system validates the establishment and/or continuation of a connection between two applications over a network using a three-stage process: (1) a local security agent on the same source system as the source application validates the connection against a set of policies stored locally on the source system; (2) a local security agent on the same destination system as the destination application validates the connection against a set of policies stored locally on the destination system; and (3) a reconciliation engine, after receiving connection and application state information from both the source and destination local security agents, validates the connection against a master set of policies. The connection is allowed or blocked depending on the outcome of the three-stage validation. This system protects against policy violations that are not detected by traditional systems without requiring alterations to the source and destination applications or the network traffic between them.

    Network application security policy enforcement

    公开(公告)号:US10154067B2

    公开(公告)日:2018-12-11

    申请号:US15883534

    申请日:2018-01-30

    IPC分类号: H04L29/06 G06F21/60

    摘要: A system validates the establishment and/or continuation of a connection between two applications over a network using a three-stage process: (1) a local security agent on the same source system as the source application validates the connection against a set of policies stored locally on the source system; (2) a local security agent on the same destination system as the destination application validates the connection against a set of policies stored locally on the destination system; and (3) a reconciliation engine, after receiving connection and application state information from both the source and destination local security agents, validates the connection against a master set of policies. The connection is allowed or blocked depending on the outcome of the three-stage validation. This system protects against policy violations that are not detected by traditional systems without requiring alterations to the source and destination applications or the network traffic between them.

    Automated load balancer discovery

    公开(公告)号:US10348599B2

    公开(公告)日:2019-07-09

    申请号:US16185295

    申请日:2018-11-09

    摘要: Computer-implemented systems and methods automatically identify computers that act as load balancers on a digital communications network, using data collected from one or more computers on that network. Once a load balancer has been identified, the communications between two hosts may be connected across the identified load balancer, thereby making it possible to better analyze the behavior of hosts and applications on that network.

    Network Application Security Policy Enforcement

    公开(公告)号:US20180234460A1

    公开(公告)日:2018-08-16

    申请号:US15883534

    申请日:2018-01-30

    IPC分类号: H04L29/06 G06F21/60

    摘要: A system validates the establishment and/or continuation of a connection between two applications over a network using a three-stage process: (1) a local security agent on the same source system as the source application validates the connection against a set of policies stored locally on the source system; (2) a local security agent on the same destination system as the destination application validates the connection against a set of policies stored locally on the destination system; and (3) a reconciliation engine, after receiving connection and application state information from both the source and destination local security agents, validates the connection against a master set of policies. The connection is allowed or blocked depending on the outcome of the three-stage validation. This system protects against policy violations that are not detected by traditional systems without requiring alterations to the source and destination applications or the network traffic between them.

    Network Application Security Policy Generation

    公开(公告)号:US20200028820A1

    公开(公告)日:2020-01-23

    申请号:US16587839

    申请日:2019-09-30

    发明人: John O'Neil

    摘要: Embodiments of the present invention generate network communication policies by applying machine learning to existing network communications, and without using information that labels such communications as healthy or unhealthy. The resulting policies may be used to validate communication between applications (or services) over a network.

    Distributed Network Application Security Policy Enforcement

    公开(公告)号:US20200021618A1

    公开(公告)日:2020-01-16

    申请号:US16578175

    申请日:2019-09-20

    IPC分类号: H04L29/06 G06F21/60 G06F21/62

    摘要: A system validates the establishment and/or continuation of a connection between two applications over a network using a two-stage process: (1) a local security agent executing on the same source system as the source application validates the connection against a set of policies stored locally on the source system; and (2) a local security agent executing on the same destination system as the destination application validates the connection against a set of policies stored locally on the destination system. The connection is allowed or blocked depending on the outcome of the two-stage validation. Before the validation process, a policy enforcement engine distributes copies of a trusted public certificate to the source and destination local security agents, which extend their local copies of the certificate to enable them to enforce policies without the use of a backend system.