-
公开(公告)号:US20240154979A1
公开(公告)日:2024-05-09
申请号:US18416439
申请日:2024-01-18
IPC分类号: H04L9/40
CPC分类号: H04L63/1416 , H04L63/02 , H04L63/0428 , H04L63/1425 , H04L63/1441 , H04L63/20 , H04L63/166
摘要: In one embodiment, a traffic inspection service executed by an intermediary device obtains, from a monitoring agent executed by an endpoint device, keying information for an encrypted traffic session between the endpoint device and a remote entity. The traffic inspection service provides a notification to the monitoring agent that acknowledges receipt of the keying information. The traffic inspection service uses the keying information to decrypt encrypted traffic from the encrypted traffic session. The traffic inspection service applies a policy to the encrypted traffic session between the endpoint device and the remote entity, based on the decrypted traffic from the session.
-
公开(公告)号:US11979430B2
公开(公告)日:2024-05-07
申请号:US18100502
申请日:2023-01-23
CPC分类号: H04L63/1458 , G06N5/04 , G06N20/00 , H04L63/0428
摘要: In one embodiment, a telemetry exporter in a network establishes a tunnel between the telemetry exporter and a traffic analysis service. The telemetry exporter obtains packet copies of a plurality of packets sent between devices via the network. The telemetry exporter forms a set of traffic telemetry data by discarding at least a portion of one or more of the packet copies, based on a filter policy. The telemetry exporter applies compression to the formed set of traffic telemetry data. The telemetry exporter sends, via the tunnel, the compressed set of traffic telemetry data to the traffic analysis service for analysis.
-
公开(公告)号:US11936683B2
公开(公告)日:2024-03-19
申请号:US17873544
申请日:2022-07-26
发明人: Jan Kohout , Blake Harrell Anderson , Martin Grill , David McGrew , Martin Kopp , Tomas Pevny
IPC分类号: H04L9/40 , G06N20/00 , H04L41/0686 , H04L47/2441 , G06N20/20
CPC分类号: H04L63/1441 , G06N20/00 , H04L41/0686 , H04L47/2441 , H04L63/0428 , H04L63/1416 , H04L63/1425 , H04L63/145 , H04L63/168 , G06N20/20
摘要: In one embodiment, a device in a network detects an encrypted traffic flow associated with a client in the network. The device captures contextual traffic data regarding the encrypted traffic flow from one or more unencrypted packets associated with the client. The device performs a classification of the encrypted traffic flow by using the contextual traffic data as input to a machine learning-based classifier. The device generates an alert based on the classification of the encrypted traffic flow.
-
公开(公告)号:US11909741B2
公开(公告)日:2024-02-20
申请号:US17330641
申请日:2021-05-26
CPC分类号: H04L63/104 , G06N20/00 , H04L63/20
摘要: In one embodiment, a device in a network receives an access policy and a class behavioral model for a node in the network that are associated with a class asserted by the node. The device applies the access policy and class behavioral model to traffic associated with the node. The device identifies a deviation in a behavior of the node from the class behavioral model, based on the application of the class behavioral model to the traffic associated with the node. The device causes performance of a mitigation action in the network based on the identified deviation in the behavior of the node from the class behavioral model.
-
公开(公告)号:US11888760B2
公开(公告)日:2024-01-30
申请号:US17390319
申请日:2021-07-30
摘要: Techniques and mechanisms for identifying unmanaged cloud resources with endpoint and network logs and attributing the identified cloud resources to an entity of an enterprise that owns the cloud resources. The process collects data from sources, e.g., endpoint and network logs, with respect to traffic in a computer network and based at least in part on the data, extracts relationships related to the traffic. The process applies rules to the relationships to extract destinations in the computer network that provide cloud resources in a cloud environment, wherein the cloud resources are owned by an enterprise. One or more users or business entities of the enterprise are identified as accessing the cloud resources.
-
公开(公告)号:US11843632B2
公开(公告)日:2023-12-12
申请号:US18096143
申请日:2023-01-12
CPC分类号: H04L63/1458 , G06N20/00 , H04L63/1425 , H04L2463/144
摘要: In one embodiment, a device in a network receives an attack mitigation request regarding traffic in the network. The device causes an assessment of the traffic, in response to the attack mitigation request. The device determines that an attack detector associated with the attack mitigation request incorrectly assessed the traffic, based on the assessment of the traffic. The device causes an update to an attack detection model of the attack detector, in response to determining that the attack detector incorrectly assessed the traffic.
-
公开(公告)号:US11539721B2
公开(公告)日:2022-12-27
申请号:US16912471
申请日:2020-06-25
发明人: Blake Harrell Anderson , David McGrew , Vincent E. Parla , Jan Jusko , Martin Grill , Martin Vejman
摘要: In one embodiment, a service receives traffic telemetry data regarding encrypted traffic sent by an endpoint device in a network. The service analyzes the traffic telemetry data to infer characteristics of an application on the endpoint device that generated the encrypted traffic. The service receives, from a monitoring agent on the endpoint device, application telemetry data regarding the application. The service determines that the application is evasive malware based on the characteristics of the application inferred from the traffic telemetry data and on the application telemetry data received from the monitoring agent on the endpoint device. The service initiates performance of a mitigation action in the network, after determining that the application on the endpoint device is evasive malware.
-
公开(公告)号:US11477548B2
公开(公告)日:2022-10-18
申请号:US17716214
申请日:2022-04-08
摘要: In one embodiment, a method for classifying an encrypted flow includes receiving a plurality of packets associated with an encrypted flow traversing a network, collecting telemetry data from the flow without decrypting the flow, sending the telemetry data to a backend system for classification, using the telemetry data to classify the flow using a machine learning classifier, creating a classification response, and using the classification response to modify processing of the flow. In another embodiment, a method for classifying an encrypted flow includes receiving a plurality of packets associated with an encrypted flow traversing a network, collecting telemetry data from the first plurality of packets associated with the flow, sending the telemetry data to a backend system for classification, using the telemetry data to classify the flow using a machine learning classifier, and using the output of the classifier to modify processing of the flow.
-
公开(公告)号:US20220200914A1
公开(公告)日:2022-06-23
申请号:US17694060
申请日:2022-03-14
发明人: Michael Joseph Stepanek , Costas Kleopa , David McGrew , Blake Harrell Anderson , Saravanan Radhakrishnan
IPC分类号: H04L47/2441 , H04L47/2483 , H04L47/25 , H04L47/2475 , H04L49/35 , H04L9/40 , H04W12/12 , H04W12/122 , H04W12/128
摘要: In one embodiment, a networking device in a network detects an traffic flow conveyed in the network via the networking device. The networking device generates flow data for the traffic flow. The networking device performs a classification of the traffic flow using the flow data as input to a machine learning-based classifier. The networking device performs a mediation action based on the classification of the traffic flow.
-
公开(公告)号:US20220078208A1
公开(公告)日:2022-03-10
申请号:US17531063
申请日:2021-11-19
发明人: Blake Harrell Anderson , David McGrew , Keith Richard Schomburg , Michael Scott Dorsey , Constantinos Kleopa
IPC分类号: H04L29/06
摘要: In one embodiment, a device obtains one or more packets of a traffic session in a network. The device determines, for a particular packet of the one or more packets that match a filter, a fingerprint for the particular packet. The device identifies a plurality of traffic sessions whose packets match the fingerprint, wherein each of the plurality of traffic sessions is associated with at least one process. The device updates a process with the traffic session by applying a classifier to the plurality of traffic sessions.
-
-
-
-
-
-
-
-
-
搜索结果
150 条记录 (耗时 0.032 秒)
