-
公开(公告)号:US20190116206A1
公开(公告)日:2019-04-18
申请号:US16214843
申请日:2018-12-10
发明人: Peter Smith , Harry Sverdlove
摘要: A system validates the establishment and/or continuation of a connection between two applications over a network using a three-stage process: (1) a local security agent on the same source system as the source application validates the connection against a set of policies stored locally on the source system; (2) a local security agent on the same destination system as the destination application validates the connection against a set of policies stored locally on the destination system; and (3) a reconciliation engine, after receiving connection and application state information from both the source and destination local security agents, validates the connection against a master set of policies. The connection is allowed or blocked depending on the outcome of the three-stage validation. This system protects against policy violations that are not detected by traditional systems without requiring alterations to the source and destination applications or the network traffic between them.
-
公开(公告)号:US10439985B2
公开(公告)日:2019-10-08
申请号:US15899453
申请日:2018-02-20
发明人: John O'Neil
IPC分类号: H04L29/06 , H04L12/24 , H04L12/26 , H04L12/851 , G06N20/00
摘要: Embodiments of the present invention generate network communication policies by applying machine learning to existing network communications, and without using information that labels such communications as healthy or unhealthy. The resulting policies may be used to validate communication between applications (or services) over a network.
-
公开(公告)号:US10154067B2
公开(公告)日:2018-12-11
申请号:US15883534
申请日:2018-01-30
发明人: Peter Smith , Harry Sverdlove
摘要: A system validates the establishment and/or continuation of a connection between two applications over a network using a three-stage process: (1) a local security agent on the same source system as the source application validates the connection against a set of policies stored locally on the source system; (2) a local security agent on the same destination system as the destination application validates the connection against a set of policies stored locally on the destination system; and (3) a reconciliation engine, after receiving connection and application state information from both the source and destination local security agents, validates the connection against a master set of policies. The connection is allowed or blocked depending on the outcome of the three-stage validation. This system protects against policy violations that are not detected by traditional systems without requiring alterations to the source and destination applications or the network traffic between them.
-
公开(公告)号:US20180234385A1
公开(公告)日:2018-08-16
申请号:US15899453
申请日:2018-02-20
发明人: John O'Neil
IPC分类号: H04L29/06 , H04L12/24 , H04L12/26 , H04L12/851
CPC分类号: H04L63/0227 , G06N20/00 , H04L41/046 , H04L41/0893 , H04L41/145 , H04L41/16 , H04L43/026 , H04L43/04 , H04L43/0817 , H04L47/2441 , H04L63/20
摘要: Embodiments of the present invention generate network communication policies by applying machine learning to existing network communications, and without using information that labels such communications as healthy or unhealthy. The resulting policies may be used to validate communication between applications (or services) over a network.
-
公开(公告)号:US10348599B2
公开(公告)日:2019-07-09
申请号:US16185295
申请日:2018-11-09
IPC分类号: G06F15/173 , H04L12/26 , H04L29/08 , H04L12/24
摘要: Computer-implemented systems and methods automatically identify computers that act as load balancers on a digital communications network, using data collected from one or more computers on that network. Once a load balancer has been identified, the communications between two hosts may be connected across the identified load balancer, thereby making it possible to better analyze the behavior of hosts and applications on that network.
-
公开(公告)号:US20180234460A1
公开(公告)日:2018-08-16
申请号:US15883534
申请日:2018-01-30
发明人: Peter Smith , Harry Sverdlove
CPC分类号: H04L63/20 , G06F21/606 , G06F21/6218 , H04L63/0263 , H04L63/102 , H04L63/30
摘要: A system validates the establishment and/or continuation of a connection between two applications over a network using a three-stage process: (1) a local security agent on the same source system as the source application validates the connection against a set of policies stored locally on the source system; (2) a local security agent on the same destination system as the destination application validates the connection against a set of policies stored locally on the destination system; and (3) a reconciliation engine, after receiving connection and application state information from both the source and destination local security agents, validates the connection against a master set of policies. The connection is allowed or blocked depending on the outcome of the three-stage validation. This system protects against policy violations that are not detected by traditional systems without requiring alterations to the source and destination applications or the network traffic between them.
-
公开(公告)号:US20200028820A1
公开(公告)日:2020-01-23
申请号:US16587839
申请日:2019-09-30
发明人: John O'Neil
IPC分类号: H04L29/06 , H04L12/24 , H04L12/26 , H04L12/851
摘要: Embodiments of the present invention generate network communication policies by applying machine learning to existing network communications, and without using information that labels such communications as healthy or unhealthy. The resulting policies may be used to validate communication between applications (or services) over a network.
-
公开(公告)号:US20200021618A1
公开(公告)日:2020-01-16
申请号:US16578175
申请日:2019-09-20
摘要: A system validates the establishment and/or continuation of a connection between two applications over a network using a two-stage process: (1) a local security agent executing on the same source system as the source application validates the connection against a set of policies stored locally on the source system; and (2) a local security agent executing on the same destination system as the destination application validates the connection against a set of policies stored locally on the destination system. The connection is allowed or blocked depending on the outcome of the two-stage validation. Before the validation process, a policy enforcement engine distributes copies of a trusted public certificate to the source and destination local security agents, which extend their local copies of the certificate to enable them to enforce policies without the use of a backend system.
-
公开(公告)号:US20190149444A1
公开(公告)日:2019-05-16
申请号:US16185295
申请日:2018-11-09
CPC分类号: H04L43/106 , H04L41/046 , H04L41/0893 , H04L43/0876 , H04L67/1004 , H04L67/1031 , H04L67/22
摘要: Computer-implemented systems and methods automatically identify computers that act as load balancers on a digital communications network, using data collected from one or more computers on that network. Once a load balancer has been identified, the communications between two hosts may be connected across the identified load balancer, thereby making it possible to better analyze the behavior of hosts and applications on that network.
-
-
-
-
-
-
-
-