公开(公告)号：US20080047009A1

公开(公告)日：2008-02-21

申请号：US11458965

申请日：2006-07-20

申请人： Kevin Overcash ,  Kate Delikat ,  Rami Mizrahi ,  Galit Efron (Njtzan) ,  Doron Kolton ,  Asaf Wexler ,  Netta Gavrieli ,  Yoram Zahavi

发明人： Kevin Overcash ,  Kate Delikat ,  Rami Mizrahi ,  Galit Efron (Njtzan) ,  Doron Kolton ,  Asaf Wexler ,  Netta Gavrieli ,  Yoram Zahavi

IPC分类号： G06F12/14

CPC分类号： H04L63/0209 ,  H04L63/1408 ,  H04L63/166

摘要： A system and method for protection of Web based applications are described. A Web application security system is included within a computer network to monitor traffic received from a wide area network, such as the Internet, and determine if there is a threat to the Web application. The Web application security system monitors web traffic in a non-inline configuration and identifies any anomalous traffic against a profile that identifies acceptable behavior of a user of the application. Any anomalous traffic is analyzed and appropriate protective action is taken to secure the Web application against an attack.

摘要翻译： 描述了一种用于保护基于Web的应用程序的系统和方法。 Web应用程序安全系统包括在计算机网络内以监视从诸如因特网的广域网接收的流量，并确定是否存在对Web应用程序的威胁。 Web应用程序安全系统以非内联配置监视Web流量，并根据识别应用程序用户可接受行为的配置文件识别任何异常流量。 分析任何异常流量，并采取适当的保护措施来保护Web应用程序免受攻击。

公开(公告)号：US07934253B2

公开(公告)日：2011-04-26

申请号：US11532060

申请日：2006-09-14

申请人： Kevin Overcash ,  Kate Delikat ,  Rami Mizrahi ,  Galit Efron ,  Doron Kolton ,  Asaf Wexler ,  Netta Gavrieli ,  Yoram Zahavi

发明人： Kevin Overcash ,  Kate Delikat ,  Rami Mizrahi ,  Galit Efron ,  Doron Kolton ,  Asaf Wexler ,  Netta Gavrieli ,  Yoram Zahavi

IPC分类号： G06F11/00

CPC分类号： H04L63/1425 ,  G06F21/55 ,  H04L63/20

摘要： A system and method for protection of Web based applications are described. The techniques described provide an enterprise wide approach to preventing attacks of Web based applications. Individual computer networks within the enterprise monitor network traffic to identify anomalous traffic. The anomalous traffic can be identified by comparing the traffic to a profile of acceptable user traffic when interacting with the application. The anomalous traffic, or security events, identified at the individual computer networks are communicated to a central security manager. The central security manager correlates the security events at the individual computer networks to determine if there is an enterprise wide security threat. The central security manager can then communicate instructions to the individual computer networks so as to provide an enterprise wide solution to the threat.

摘要翻译： 描述了一种用于保护基于Web的应用程序的系统和方法。 所描述的技术提供了一种企业级的方法来防止基于Web的应用程序的攻击。 企业内的个人计算机网络监控网络流量，以识别异常流量。 通过在与应用程序交互时将流量与可接受用户流量的配置文件进行比较，可以识别异常流量。 在个别计算机网络上识别的异常流量或安全事件被传送给中央安全管理员。 中央安全经理将各个计算机网络上的安全事件相关联，以确定是否存在企业级的安全威胁。 然后，中央安全经理可以向各个计算机网络传达指令，从而为威胁提供企业级的解决方案。

公开(公告)号：US20080034425A1

公开(公告)日：2008-02-07

申请号：US11532060

申请日：2006-09-14

申请人： Kevin Overcash ,  Kate Delikate ,  Rami Mizrahi ,  Galit Efron ,  Doron Kolton ,  Asaf Wexler ,  Netta Gavrieli ,  Yoram Zahavi

发明人： Kevin Overcash ,  Kate Delikate ,  Rami Mizrahi ,  Galit Efron ,  Doron Kolton ,  Asaf Wexler ,  Netta Gavrieli ,  Yoram Zahavi

IPC分类号： G06F11/00

CPC分类号： H04L63/1425 ,  G06F21/55 ,  H04L63/20

摘要： A system and method for protection of Web based applications are described. The techniques described provide an enterprise wide approach to preventing attacks of Web based applications. Individual computer networks within the enterprise monitor network traffic to identify anomalous traffic. The anomalous traffic can be identified by comparing the traffic to a profile of acceptable user traffic when interacting with the application. The anomalous traffic, or security events, identified at the individual computer networks are communicated to a central security manager. The central security manager correlates the security events at the individual computer networks to determine if there is an enterprise wide security threat. The central security manager can then communicate instructions to the individual computer networks so as to provide an enterprise wide solution to the threat

摘要翻译： 描述了一种用于保护基于Web的应用程序的系统和方法。 所描述的技术提供了一种企业级的方法来防止基于Web的应用程序的攻击。 企业内的个人计算机网络监控网络流量，以识别异常流量。 通过在与应用程序交互时将流量与可接受用户流量的配置文件进行比较，可以识别异常流量。 在个别计算机网络上识别的异常流量或安全事件被传送给中央安全管理员。 中央安全经理将各个计算机网络上的安全事件相关联，以确定是否存在企业级的安全威胁。 然后，中央安全经理可以向各个计算机网络传达指令，从而为威胁提供企业级的解决方案

公开(公告)号：US20080034424A1

公开(公告)日：2008-02-07

申请号：US11532058

申请日：2006-09-14

申请人： Kevin Overcash ,  Kate Delikate ,  Rami Mizrahi ,  Galit Efron ,  Doron Kolton ,  Asaf Wexler ,  Netta Gavrieli ,  Yoram Zahavi

发明人： Kevin Overcash ,  Kate Delikate ,  Rami Mizrahi ,  Galit Efron ,  Doron Kolton ,  Asaf Wexler ,  Netta Gavrieli ,  Yoram Zahavi

IPC分类号： G06F12/14

CPC分类号： H04L63/1416 ,  G06F21/55 ,  H04L63/102

摘要： A system and method for protection of Web based applications are described. An agent is included in a web server such that traffic is routed through the agent. A security module is also in communication with the agent. The agent receives information about the application profile, and patterns of acceptable traffic behavior, from the security module. The agent acts as a gatekeeper, holding up suspicious traffic that does not match the pattern of acceptable traffic behavior until the suspicious traffic has been analyzed by the security module. Using the agent, malicious traffic can dropped before it can reach the application, or the user can be logged out, or both.

摘要翻译： 描述了一种用于保护基于Web的应用程序的系统和方法。 代理被包括在web服务器中，使得流量通过代理路由。 安全模块也与代理通信。 代理从安全模块接收有关应用程序配置文件的信息和可接受流量行为的模式。 该代理充当网守，阻止可疑流量与可接受的流量行为模式不匹配，直到安全模块分析了可疑流量。 使用代理程序，恶意流量可能会在到达应用程序之前丢弃，或者用户可以注销，或两者兼而有之。

公开(公告)号：US07895652B2

公开(公告)日：2011-02-22

申请号：US11325234

申请日：2006-01-04

申请人： Doron Kolton ,  Adi Stav ,  Asaf Wexler ,  Ariel Ernesto Frydman ,  Yoram Zahavi

发明人： Doron Kolton ,  Adi Stav ,  Asaf Wexler ,  Ariel Ernesto Frydman ,  Yoram Zahavi

IPC分类号： G06F15/16

CPC分类号： H04L63/0428 ,  G06F21/552 ,  H04L63/1408 ,  H04L63/1416

摘要： A system and method for detecting network attacks within encrypted network traffic received by a protected network includes a decryption module and an adaptor module. This system and method can be inserted and used with multiple types of operating systems.

摘要翻译： 用于检测由受保护网络接收的加密网络流量内的网络攻击的系统和方法包括解密模块和适配器模块。 该系统和方法可以插入和使用多种类型的操作系统。

公开(公告)号：US08595835B2

公开(公告)日：2013-11-26

申请号：US13006230

申请日：2011-01-13

申请人： Doron Kolton ,  Adi Stav ,  Asaf Wexler ,  Ariel Ernesto Frydman ,  Yoram Zahavi

发明人： Doron Kolton ,  Adi Stav ,  Asaf Wexler ,  Ariel Ernesto Frydman ,  Yoram Zahavi

IPC分类号： G06F21/00

CPC分类号： H04L63/0428 ,  G06F21/552 ,  H04L63/1408 ,  H04L63/1416

摘要： Systems and methods for identification of network attacks are disclosed. An example system includes an adaptor module to route a received encrypted packet to a decryption module, receive a decrypted packet corresponding to the encrypted packet from the decryption module, and transmit the decrypted packet and the encrypted packet to a sensor module. The decryption module is to receive an encrypted packet, decrypt the encrypted packet to form the decrypted packet, and transmit the decrypted packet to the adaptor module. The sensor module is to inspect the decrypted packet and the encrypted packet received from the adaptor module to determine when an attack is detected.

摘要翻译： 公开了用于识别网络攻击的系统和方法。 示例系统包括：将接收到的加密分组路由到解密模块的适配器模块，从解密模块接收对应于加密分组的解密分组，并将解密的分组和加密分组发送到传感器模块。 解密模块是接收加密的分组，解密加密的分组以形成解密的分组，并将解密的分组发送到适配器模块。 传感器模块将检查解密的数据包和从适配器模块接收到的加密数据包，以确定何时检测到攻击。

公开(公告)号：US20110283101A1

公开(公告)日：2011-11-17

申请号：US13006230

申请日：2011-01-13

申请人： Doron Kolton ,  Adi Stav ,  Asaf Wexler ,  Ariel Ernesto Frydman ,  Yoram Zahavi

发明人： Doron Kolton ,  Adi Stav ,  Asaf Wexler ,  Ariel Ernesto Frydman ,  Yoram Zahavi

IPC分类号： H04L9/00

CPC分类号： H04L63/0428 ,  G06F21/552 ,  H04L63/1408 ,  H04L63/1416

摘要： A system and method for detecting network attacks within encrypted network traffic received by a protected network includes a decryption module and an adaptor module. This system and method can be inserted and used with multiple types of operating systems.

摘要翻译： 用于检测由受保护网络接收的加密网络流量内的网络攻击的系统和方法包括解密模块和适配器模块。 该系统和方法可以插入和使用多种类型的操作系统。

公开(公告)号：US20070169190A1

公开(公告)日：2007-07-19

申请号：US11325234

申请日：2006-01-04

申请人： Doron Kolton ,  Adi Stav ,  Asaf Wexler ,  Ariel Frydman ,  Yoram Zahavi

发明人： Doron Kolton ,  Adi Stav ,  Asaf Wexler ,  Ariel Frydman ,  Yoram Zahavi

IPC分类号： G06F15/16 ,  G06F12/14 ,  G06F11/00 ,  G06F17/00 ,  G06F9/00 ,  G06F12/16 ,  G06F15/18 ,  G08B23/00

CPC分类号： H04L63/0428 ,  G06F21/552 ,  H04L63/1408 ,  H04L63/1416

摘要： A system and method for detecting network attacks within encrypted network traffic received by a protected network includes a decryption module and an adaptor module. This system and method can be inserted and used with multiple types of operating systems.

摘要翻译： 用于检测由受保护网络接收的加密网络流量内的网络攻击的系统和方法包括解密模块和适配器模块。 该系统和方法可以插入和使用多种类型的操作系统。

公开(公告)号：US09602613B2

公开(公告)日：2017-03-21

申请号：US12239657

申请日：2008-09-26

申请人： Yoram Zahavi ,  Moran Cohen

发明人： Yoram Zahavi ,  Moran Cohen

IPC分类号： G06F15/16 ,  H04L29/08 ,  G06F17/30

CPC分类号： H04L67/2804 ,  G06F17/30905 ,  H04L67/34

摘要： A solution that improves a user's experience while surfing the Internet. An intermediate device resides logically between a browsing device and content available via the Internet. As responses to content requests from browsing devices are received from a content server, browser links are identified and modified, disabled or covered for example. The intermediate device also creates a browser link to a compound browser object(s) that is created and stored at the intermediate device. This created browser link invokes code at the intermediate device to upload the compound browser object(s). The intermediate device obtains these compound browser objects by obtaining content associated with the identified browser links either from a content server, a local cache or knowledge of its existence eat the browser device.

公开(公告)号：US20150085865A1

公开(公告)日：2015-03-26

申请号：US14508465

申请日：2014-10-07

申请人： Yoram Zahavi ,  Eyal Pessach ,  Assaf Benedic

发明人： Yoram Zahavi ,  Eyal Pessach ,  Assaf Benedic

IPC分类号： H04L12/751 ,  H04L12/24 ,  H04L29/06

CPC分类号： H04L45/02 ,  H04L41/12 ,  H04L65/1063 ,  H04L65/1079

摘要： Access services are dynamically allocated for processing received data traffic by creating routing information for data traffic associated with a particular subscriber, subscriber equipment and/or network address information. The routing information identifies services that the data traffic can be subjected to and the order in which the services are provided. When an attached request is received, appropriate services for the requesting subscriber are retrieved from a database based on particular identifying information which may include the identification of the subscriber, subscriber equipment, network address or other information. The services are organized in a routing path and the allocated network address and the routing path are transferred to a smart router. Data traffic, associated with the allocated network address is then routed through servers to provide the identified services.

摘要翻译： 通过为与特定用户，订户设备和/或网络地址信息相关联的数据业务创建路由信息来动态地分配接入服务来处理接收到的数据业务。 路由信息识别数据流量可以受到的服务以及提供服务的顺序。 当接收到附加请求时，基于特定识别信息从数据库检索针对请求用户的适当服务，该标识信息可以包括用户的标识，用户设备，网络地址或其他信息。 服务组织在路由路径中，分配的网络地址和路由路径被传送到智能路由器。 与分配的网络地址相关联的数据流量然后通过服务器路由以提供所识别的服务。