-
1.发明申请公开(公告)号:US20220166755A1
公开(公告)日:2022-05-26
申请号:US17669093
申请日:2022-02-10
发明人: Sean Moore , Peter P. Geremia
摘要: An enterprise organization may operate a central network and one or more remote networks, each comprising a plurality of computing devices. For protection against malicious actors, the central network may be configured to filter network traffic associated with the computing devices based on identified threats. Traffic corresponding to computing devices connected to the remote network may be tunneled to the central network for filtering by the central network. A tunnel gateway device, associated with the remote network, may efficiently identify which communications are associated with Internet threats, and tunnel such identified traffic to the central network, where actions may be taken to protect the enterprise network.
-
公开(公告)号:US11012459B2
公开(公告)日:2021-05-18
申请号:US17001164
申请日:2020-08-24
发明人: David K. Ahn , Keith A. George , Peter P. Geremia , Pierre Mallett, III , Sean Moore , Robert T. Perry , Jonathan R. Rogers
摘要: A packet-filtering device may receive packet-filtering rules configured to cause the packet-filtering device to identify packets corresponding to network-threat indicators. The packet-filtering device may receive packets and, for each packet, may determine that the packet corresponds to criteria specified by a packet-filtering rule. The criteria may correspond to one or more of the network-threat indicators. The packet-filtering device may apply an operator specified by the packet-filtering rule. The operator may be configured to cause the packet-filtering device to either prevent the packet from continuing toward its destination or allow the packet to continue toward its destination. The packet-filtering device may generate a log entry comprising information from the packet-filtering rule that identifies the one or more network-threat indicators and indicating whether the packet-filtering device prevented the packet from continuing toward its destination or allowed the packet to continue toward its destination.
-
公开(公告)号:US20200322390A1
公开(公告)日:2020-10-08
申请号:US16909327
申请日:2020-06-23
发明人: Steven Rogers , Sean Moore , David K. Ahn , Peter P. Geremia
摘要: Methods and systems for protecting a secured network are presented. For example, one or more packet security gateways may be associated with a security policy management server. At each packet security gateway, a dynamic security policy may be received from the security policy management server, packets associated with a network protected by the packet security gateway may be received, and at least one of multiple packet transformation functions specified by the dynamic security policy may be performed on the packets.
-
公开(公告)号:US10530903B2
公开(公告)日:2020-01-07
申请号:US15413947
申请日:2017-01-24
IPC分类号: H04L29/06 , H04L12/851 , H04L12/26 , H04L12/741 , H04L29/12 , H04L12/823
摘要: A computing system may identify packets received by a network device from a host located in a first network and may generate log entries corresponding to the packets received by the network device. The computing system may identify packets transmitted by the network device to a host located in a second network and may generate log entries corresponding to the packets transmitted by the network device. Utilizing the log entries corresponding to the packets received by the network device and the log entries corresponding to the packets transmitted by the network device, the computing system may correlate the packets transmitted by the network device with the packets received by the network device.
-
公开(公告)号:US10193917B2
公开(公告)日:2019-01-29
申请号:US15827477
申请日:2017-11-30
发明人: David K. Ahn , Keith A. George , Peter P. Geremia , Pierre Mallett, III , Sean Moore , Robert T. Perry , Jonathan R. Rogers
摘要: A packet-filtering device may receive packet-filtering rules configured to cause the packet-filtering device to identify packets corresponding to network-threat indicators. The packet-filtering device may receive packets and, for each packet, may determine that the packet corresponds to criteria specified by a packet-filtering rule. The criteria may correspond to one or more of the network-threat indicators. The packet-filtering device may apply an operator specified by the packet-filtering rule. The operator may be configured to cause the packet-filtering device to either prevent the packet from continuing toward its destination or allow the packet to continue toward its destination. The packet-filtering device may generate a log entry comprising information from the packet-filtering rule that identifies the one or more network-threat indicators and indicating whether the packet-filtering device prevented the packet from continuing toward its destination or allowed the packet to continue toward its destination.
-
公开(公告)号:US20160308894A1
公开(公告)日:2016-10-20
申请号:US14690302
申请日:2015-04-17
发明人: David K. Ahn , Keith A. George , Peter P. Geremia , Pierre Mallett, III , Sean Moore , Robert T. Perry , Jonathan R. Rogers
IPC分类号: H04L29/06
CPC分类号: H04L63/1425 , H04L43/028 , H04L63/0227 , H04L63/0236 , H04L63/0263 , H04L63/12 , H04L63/1416 , H04L63/1441
摘要: A packet-filtering device may receive packet-filtering rules configured to cause the packet-filtering device to identify packets corresponding to network-threat indicators. The packet-filtering device may receive packets and, for each packet, may determine that the packet corresponds to criteria specified by a packet-filtering rule. The criteria may correspond to one or more of the network-threat indicators. The packet-filtering device may apply an operator specified by the packet-filtering rule. The operator may be configured to cause the packet-filtering device to either prevent the packet from continuing toward its destination or allow the packet to continue toward its destination. The packet-filtering device may generate a log entry comprising information from the packet-filtering rule that identifies the one or more network-threat indicators and indicating whether the packet-filtering device prevented the packet from continuing toward its destination or allowed the packet to continue toward its destination.
摘要翻译: 分组过滤设备可以接收分组过滤规则,其被配置为使分组过滤设备识别与网络威胁指示符相对应的分组。 分组过滤设备可以接收分组,并且对于每个分组,可以确定分组对应于由分组过滤规则指定的标准。 该标准可以对应于一个或多个网络威胁指标。 分组过滤设备可以应用由分组过滤规则指定的运营商。 操作者可以被配置为使分组过滤设备阻止分组继续向其目的地或允许分组继续向其目的地。 分组过滤设备可以生成包括来自分组过滤规则的信息的日志条目,该规则标识一个或多个网络威胁指示符并且指示分组过滤设备是否阻止分组继续向其目的地或允许分组继续 朝其目的地。
-
公开(公告)号:US09264370B1
公开(公告)日:2016-02-16
申请号:US14618967
申请日:2015-02-10
IPC分类号: H04L12/851 , H04L12/26 , H04L12/741 , H04L29/12 , H04L12/823
CPC分类号: H04L69/22 , H04L43/026 , H04L43/04 , H04L43/087 , H04L43/106 , H04L43/12 , H04L43/16 , H04L45/745 , H04L47/2483 , H04L47/32 , H04L61/2567 , H04L63/0263
摘要: A computing system may identify packets received by a network device from a host located in a first network and may generate log entries corresponding to the packets received by the network device. The computing system may identify packets transmitted by the network device to a host located in a second network and may generate log entries corresponding to the packets transmitted by the network device. Utilizing the log entries corresponding to the packets received by the network device and the log entries corresponding to the packets transmitted by the network device, the computing system may correlate the packets transmitted by the network device with the packets received by the network device.
摘要翻译: 计算系统可以从位于第一网络中的主机识别由网络设备接收的分组,并且可以生成与由网络设备接收的分组相对应的日志条目。 计算系统可以将由网络设备发送的分组识别到位于第二网络中的主机,并且可以生成与由网络设备发送的分组相对应的日志条目。 利用对应于由网络设备接收到的分组的日志条目和与网络设备发送的分组对应的日志条目,计算系统可以将由网络设备发送的分组与网络设备接收的分组相关联。
-
公开(公告)号:US20220303245A1
公开(公告)日:2022-09-22
申请号:US17837085
申请日:2022-06-10
发明人: Sean Moore , Peter P. Geremia
摘要: Enterprise users' mobile devices typically access the Internet without being protected by the enterprise's network security policy, which exposes the enterprise network to Internet-mediated attack by malicious actors. This is because the conventional approach to protecting the mobile devices and associated enterprise network is to tunnel all of the devices' Internet communications to the enterprise network, which is very inefficient since typically only a very small percentage of Internet communications originating from an enterprise's mobile devices are communicating with Internet hosts that are associated with threats. In the present disclosure, the mobile device efficiently identifies which communications are associated with Internet threats, and tunnels only such identified traffic to the enterprise network, where actions may be taken to protect the enterprise network.
-
公开(公告)号:US11444963B1
公开(公告)日:2022-09-13
申请号:US17695047
申请日:2022-03-15
摘要: A threat intelligence gateway (TIG) may protect TCP/IP networks from network (e.g., Internet) threats by enforcing certain policies on in-transit packets that are crossing network boundaries. The policies may be composed of packet filtering rules with packet-matching criteria derived from cyber threat intelligence (CTI) associated with Internet threats. These CTI-derived packet-filtering rules may be created offline by policy creation and management servers, which may distribute the policies to subscribing TIGs that subsequently enforce the policies on in-transit packets. Each packet filtering rule may specify a disposition that may be applied to a matching in-transit packet, such as deny/block/drop the in-transit packet or pass/allow/forward the in-transit packet, and also may specify directives that may be applied to a matching in-transit packet, such as log, capture, spoof-tcp-rst, etc. Often, however, the selection of a rule's disposition and directives that best protect the associated network may not be optimally determined before a matching in-transit packet is observed by the associated TIG. In such cases, threat context information that may only be available (e.g., computable) at in-transit packet observation and/or filtering time, such as current time-of-day, current TIG/network location, current TIG/network administrator, the in-transit packet being determined to be part of an active attack on the network, etc., may be helpful to determine the disposition and directives that may best protect the network from the threat associated with the in-transit packet. The present disclosure describes examples of methods, systems, and apparatuses that may be used for efficiently determining (e.g., accessing and/or computing), in response to the in-transit packet, threat context information associated with an in-transit packet. The threat context information may be used to efficiently determine the disposition and/or one or more directives to apply to the in-transit packet. This may result in dispositions and/or directives being applied to in-transit packets that better protect the network as compared with solely using dispositions and directives that were predetermined prior to receiving the in-transit packet.
-
公开(公告)号:US20220232028A1
公开(公告)日:2022-07-21
申请号:US17713577
申请日:2022-04-05
发明人: David K. Ahn , Keith A. George , Peter P. Geremia , Pierre Mallett, III , Sean Moore , Robert T. Perry , Jonathan R. Rogers
IPC分类号: H04L9/40
摘要: A packet-filtering device may receive packet-filtering rules configured to cause the packet-filtering device to identify packets corresponding to network-threat indicators. The packet-filtering device may receive packets and, for each packet, may determine that the packet corresponds to criteria specified by a packet-filtering rule. The criteria may correspond to one or more of the network-threat indicators. The packet-filtering device may apply an operator specified by the packet-filtering rule. The operator may be configured to cause the packet-filtering device to either prevent the packet from continuing toward its destination or allow the packet to continue toward its destination. The packet-filtering device may generate a log entry comprising information from the packet-filtering rule that identifies the one or more network-threat indicators and indicating whether the packet-filtering device prevented the packet from continuing toward its destination or allowed the packet to continue toward its destination.
-
-
-
-
-
-
-
-
-
搜索结果
58 条记录 (耗时 0.023 秒)
