-
公开(公告)号:US11496378B2
公开(公告)日:2022-11-08
申请号:US17318423
申请日:2021-05-12
发明人: Eric Jacob Ball , Eric Joseph Hammerle , Benjamin Thomas Higgins , Bhushan Prasad Khanal , Michael Kerber Krause Montague , Xue Jun Wu
IPC分类号: H04L43/062 , H04L43/04 , H04L43/08 , H04L43/12
摘要: Embodiments are directed to monitoring network traffic using a monitoring engine that monitors network traffic in networks to provide metrics. An inference engine may provide activity profiles based on portions of the network traffic where each activity profile includes features associated with the portions of network traffic. The inference engine may determine other activity profiles correlated with the activity profiles based on correlation models such that the determination of the other activity profiles occurs prior to monitoring an occurrence of other portions of the network traffic. The inference engine may modify monitoring actions of the monitoring engine based on the other activity profiles. The inference engine may provide reports based on the portions of the network traffic, the activity profiles, the other portions of the network traffic, or the other activity profiles.
-
公开(公告)号:US20220060518A1
公开(公告)日:2022-02-24
申请号:US17515963
申请日:2021-11-01
摘要: Embodiments are directed to monitoring communication between computers using network monitoring computers (NMCs). NMCs identify a secure communication session established between two of the computers based on an exchange of handshake information associated with the secure communication session. Key information that corresponds to the secure communication session may be obtained from a key provider such that the key information may be encrypted by the key provider. NMCs may decrypt the key information. NMCs may derive the session key based on the decrypted key information and the handshake information. NMCs may decrypt network packets included in the secure communication session. NMCs may be employed to inspect the one or more decrypted network packets to execute one or more rule-based policies.
-
公开(公告)号:US20200076597A1
公开(公告)日:2020-03-05
申请号:US16679055
申请日:2019-11-08
IPC分类号: H04L9/08 , G06F16/951 , H04L29/06 , G06F16/95
摘要: Embodiments are direct to monitoring communication between computers may be using network monitoring computers (NMCs). Network packets that are communicated between the computers may be captured and stored in a data store. If the NMCs identify a secure communication session established between two computers, the NMCs may obtain key information that corresponds to the secure communication session that includes a session key that may be provided by a key provider. Correlation information associated with the secure communication session may be captured by the NMCs. The correlation information may include tuple information associated with the secure communication session. And, the key information and the correlation information may be stored in a key escrow. The key information may be indexed in the key escrow using the correlation information.
-
公开(公告)号:US20200052985A1
公开(公告)日:2020-02-13
申请号:US16565109
申请日:2019-09-09
发明人: Eric Jacob Ball , Eric Joseph Hammerle , Benjamin Thomas Higgins , Bhushan Prasad Khanal , Michael Kerber Krause Montague , Xue Jun Wu
IPC分类号: H04L12/26
摘要: Embodiments are directed to monitoring network traffic using a monitoring engine that monitors network traffic in networks to provide metrics. An inference engine may provide activity profiles based on portions of the network traffic where each activity profile includes features associated with the portions of network traffic. The inference engine may determine other activity profiles correlated with the activity profiles based on correlation models such that the determination of the other activity profiles occurs prior to monitoring an occurrence of other portions of the network traffic. The inference engine may modify monitoring actions of the monitoring engine based on the other activity profiles. The inference engine may provide reports based on the portions of the network traffic, the activity profiles, the other portions of the network traffic, or the other activity profiles.
-
公开(公告)号:US11665207B2
公开(公告)日:2023-05-30
申请号:US17515963
申请日:2021-11-01
IPC分类号: H04L9/40 , G06F21/60 , H04L43/12 , H04L43/062 , G06F21/50 , H04L43/026
CPC分类号: H04L63/30 , G06F21/606 , H04L43/12 , H04L63/0218 , H04L63/0428 , H04L63/061 , H04L63/062 , H04L63/065 , G06F21/50 , H04L43/026 , H04L43/062 , H04L63/166 , H04L63/20
摘要: Embodiments are directed to monitoring communication between computers using network monitoring computers (NMCs). NMCs identify a secure communication session established between two of the computers based on an exchange of handshake information associated with the secure communication session. Key information that corresponds to the secure communication session may be obtained from a key provider such that the key information may be encrypted by the key provider. NMCs may decrypt the key information. NMCs may derive the session key based on the decrypted key information and the handshake information. NMCs may decrypt network packets included in the secure communication session. NMCs may be employed to inspect the one or more decrypted network packets to execute one or more rule-based policies.
-
公开(公告)号:US11165831B2
公开(公告)日:2021-11-02
申请号:US15971843
申请日:2018-05-04
摘要: Embodiments are directed to monitoring communication between computers using network monitoring computers (NMCs). NMCs identify a secure communication session established between two of the computers based on an exchange of handshake information associated with the secure communication session. Key information that corresponds to the secure communication session may be obtained from a key provider such that the key information may be encrypted by the key provider. NMCs may decrypt the key information. NMCs may derive the session key based on the decrypted key information and the handshake information. NMCs may decrypt network packets included in the secure communication session. NMCs may be employed to inspect the one or more decrypted network packets to execute one or more rule-based policies.
-
公开(公告)号:US10965702B2
公开(公告)日:2021-03-30
申请号:US16424387
申请日:2019-05-28
发明人: Benjamin Thomas Higgins , Jesse Abraham Rothstein , Xue Jun Wu , Michael Kerber Krause Montague , Kevin Michael Seguin
摘要: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). NMCs may determine requests provided to a server based on a first portion of network traffic. NMCs may determine suspicious requests based on characteristics of the provided requests. NMCs may employ the characteristics of the suspicious requests to provide correlation information that is associated with the suspicious requests. NMCs may determine dependent actions associated with the server based on a second portion of the network traffic and the correlation information. And, in response to determining anomalous activity associated with the evaluation of the dependent actions, NMCs may provide reports associated with the anomalous activity.
-
公开(公告)号:US20200382529A1
公开(公告)日:2020-12-03
申请号:US16424387
申请日:2019-05-28
发明人: Benjamin Thomas Higgins , Jesse Abraham Rothstein , Xue Jun Wu , Michael Kerber Krause Montague , Kevin Michael Seguin
摘要: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). NMCs may determine requests provided to a server based on a first portion of network traffic. NMCs may determine suspicious requests based on characteristics of the provided requests. NMCs may employ the characteristics of the suspicious requests to provide correlation information that is associated with the suspicious requests. NMCs may determine dependent actions associated with the server based on a second portion of the network traffic and the correlation information. And, in response to determining anomalous activity associated with the evaluation of the dependent actions, NMCs may provide reports associated with the anomalous activity.
-
公开(公告)号:US20180034783A1
公开(公告)日:2018-02-01
申请号:US15457886
申请日:2017-03-13
CPC分类号: H04L63/0428 , H04L43/0876 , H04L63/061 , H04L63/166 , H04L67/42
摘要: Embodiments are directed to sharing secure communication secrets with a network monitoring device (NMD). The NMD may passively monitor network packets communicated between client computers and server computers. If a secure communication session is established between a client computer and a server computer, a key provider may provide the NMD a session key that corresponds to the secure communication session. The NMD may buffer each network packet associated with the secure communication session until the NMD is provided a session key for the secure communication session. The NMD may use the session key to decrypt network packets communicated between the client computer and the server computer. The NMD may then proceed to analyze the secure communication session based on the contents of the decrypted network packets.
-
公开(公告)号:US20230087451A1
公开(公告)日:2023-03-23
申请号:US17712521
申请日:2022-04-04
发明人: Jesse Abraham Rothstein , Benjamin Thomas Higgins , Michael Kerber Krause Montague , Kevin Michael Seguin
IPC分类号: H04L43/0876 , H04L43/062 , H04L67/30 , H04L43/12
摘要: Embodiments are directed monitoring network traffic using network monitoring computers. Metrics may be determined based on monitoring network traffic associated with entities in the network such that the metrics may be included in profiles associated each entity. The profiles may be compared with other profiles in a context database based on the metrics included in each profile and each other profile. In response to the profiles being unmatched by other profiles one or more active probes may be performed to collect other metrics that may be used to update profiles. In response to the one or more profiles being matched by the other profiles in the context database, a timestamp associated with the other profiles may be updated to a current time value. Reports that include information associated with the entities and the profiles or the updated profiles may be generated.
-
-
-
-
-
-
-
-
-
搜索结果
37 条记录 (耗时 0.023 秒)
