Distributed system and method for tracking and blocking malicious internet hosts
    1.
    发明授权
    Distributed system and method for tracking and blocking malicious internet hosts 有权
    用于跟踪和阻止恶意互联网主机的分布式系统和方法

    公开(公告)号:US09385991B2

    公开(公告)日:2016-07-05

    申请号:US14276416

    申请日:2014-05-13

    申请人: McAfee, Inc.

    IPC分类号: H04L29/06 H04L12/58

    摘要: Disclosed are systems and methods to perform coordinated blocking of source addresses, such as an Internet Protocol (IP) addresses, across a plurality of network appliances (e.g., gateways). In one disclosed embodiment the method and system temporarily alter a configuration of one or more network appliances (based on user defined configuration parameters) to allow communication from a “blocked” IP address for a period of time. A network appliance can then “receive” an email and perform analysis and provide results of the analysis to a reputation service. Thereby, the temporarily allowed communication can be used to learn information about a threat which would not have been available if all communication from that IP address had actually been blocked at the network appliance.

    摘要翻译: 公开了跨多个网络设备(例如,网关)执行源地址(例如因特网协议(IP)地址)的协调阻塞的系统和方法。 在一个公开的实施例中,该方法和系统暂时改变一个或多个网络设备的配置(基于用户定义的配置参数),以允许在一段时间内从“被阻止”的IP地址进行通信。 然后,网络设备可以“接收”电子邮件并执行分析,并向声誉服务提供分析结果。 因此,临时允许的通信可以用于学习关于如果来自该IP地址的所有通信实际上被阻止在网络设备处的那些不可用的威胁的信息。

    SECURING EMAIL CONVERSATIONS
    2.
    发明申请
    SECURING EMAIL CONVERSATIONS 有权
    保护电子邮件对话

    公开(公告)号:US20150256519A1

    公开(公告)日:2015-09-10

    申请号:US14590566

    申请日:2015-01-06

    申请人: McAfee, Inc.

    IPC分类号: H04L29/06 H04L12/58

    摘要: At least a portion of a transmission of an outgoing first email from a first email account to at least a second email account is encrypted. Second email address data is changed corresponding to the second email account to cause replies to the first email intended for the second email account to be sent to an intermediate device prior to being routed to the second email account. Replies to the first email are then sent to the intermediate device and sent over one or more encrypted channels. Replies to the first email including the changed email address data are decoded to identify the second email address data associated with the second email account. A reply to the first email is then sent to the second email account based on the identified second email address data.

    摘要翻译: 从第一电子邮件帐户到至少第二电子邮件帐户的传出第一邮件的传输的至少一部分被加密。 第二电子邮件地址数据被更改为对应于第二电子邮件帐户,以在第二电子邮件帐户的第一个电子邮件被发送到中间设备之前被送到第二电子邮件帐户。 然后将第一封电子邮件的回复发送到中间设备,并通过一个或多个加密通道发送。 对包含改变的电子邮件地址数据的第一封电子邮件的回复被解码以识别与第二电子邮件帐户相关联的第二电子邮件地址数据。 然后基于所识别的第二电子邮件地址数据将对第一电子邮件的答复发送到第二电子邮件帐户。

    DISTRIBUTED SYSTEM AND METHOD FOR TRACKING AND BLOCKING MALICIOUS INTERNET HOSTS
    3.
    发明申请
    DISTRIBUTED SYSTEM AND METHOD FOR TRACKING AND BLOCKING MALICIOUS INTERNET HOSTS 审中-公开
    用于跟踪和阻塞恶意互联网主机的分布式系统和方法

    公开(公告)号:US20160308834A1

    公开(公告)日:2016-10-20

    申请号:US15194372

    申请日:2016-06-27

    申请人: McAfee, Inc.

    IPC分类号: H04L29/06 H04L12/58 H04L12/66

    摘要: Disclosed are systems and methods to perform coordinated blocking of source addresses, such as an Internet Protocol (IP) addresses, across a plurality of network appliances (e.g., gateways). In one disclosed embodiment the method and system temporarily alter a configuration of one or more network appliances (based on user defined configuration parameters) to allow communication from a “blocked” IP address for a period of time. A network appliance can then “receive” an email and perform analysis and provide results of the analysis to a reputation service. Thereby, the temporarily allowed communication can be used to learn information about a threat which would not have been available if all communication from that IP address had actually been blocked at the network appliance.

    摘要翻译: 公开了跨多个网络设备(例如,网关)执行源地址(例如因特网协议(IP)地址)的协调阻塞的系统和方法。 在一个公开的实施例中,该方法和系统暂时改变一个或多个网络设备的配置(基于用户定义的配置参数),以允许在一段时间内从“被阻止”的IP地址进行通信。 然后,网络设备可以“接收”电子邮件并执行分析,并向声誉服务提供分析结果。 因此,临时允许的通信可以用于学习关于如果来自该IP地址的所有通信实际上被阻止在网络设备处的那些不可用的威胁信息。

    Securing email conversations
    5.
    发明授权
    Securing email conversations 有权
    保护电子邮件对话

    公开(公告)号:US09560020B2

    公开(公告)日:2017-01-31

    申请号:US14590566

    申请日:2015-01-06

    申请人: McAfee, Inc.

    IPC分类号: H04L12/58 H04L29/06

    摘要: At least a portion of a transmission of an outgoing first email from a first email account to at least a second email account is encrypted. Second email address data is changed corresponding to the second email account to cause replies to the first email intended for the second email account to be sent to an intermediate device prior to being routed to the second email account. Replies to the first email are then sent to the intermediate device and sent over one or more encrypted channels. Replies to the first email including the changed email address data are decoded to identify the second email address data associated with the second email account. A reply to the first email is then sent to the second email account based on the identified second email address data.

    摘要翻译: 从第一电子邮件帐户到至少第二电子邮件帐户的传出第一邮件的传输的至少一部分被加密。 第二电子邮件地址数据被更改为对应于第二电子邮件帐户,以在第二电子邮件帐户的第一个电子邮件被发送到中间设备之前被送到第二电子邮件帐户。 然后将第一封电子邮件的回复发送到中间设备,并通过一个或多个加密通道发送。 对包含改变的电子邮件地址数据的第一封电子邮件的回复被解码以识别与第二电子邮件帐户相关联的第二电子邮件地址数据。 然后基于所识别的第二电子邮件地址数据将对第一电子邮件的答复发送到第二电子邮件帐户。

    Just-In-Time, Email Embedded URL Reputation Determination
    6.
    发明申请
    Just-In-Time, Email Embedded URL Reputation Determination 有权
    即时,电子邮件嵌入式URL信誉确定

    公开(公告)号:US20170005961A1

    公开(公告)日:2017-01-05

    申请号:US15267658

    申请日:2016-09-16

    申请人: McAfee, Inc.

    IPC分类号: H04L12/58 H04L29/08

    摘要: A system allows just-in-time checking of information about an email in which a hyperlink is embedded. Upon receipt of the email containing the hyperlink, the resource locator of the hyperlink is modified to allow checking the reputation of the email upon traversal of the hyperlink. At traversal of the hyperlink, the current reputation of the resource locator and the current reputation of the email are both determined, and one or more actions are performed responsive to the determination.

    摘要翻译: 系统允许即时检查有关嵌入超链接的电子邮件的信息。 在接收到包含超链接的电子邮件时,修改超链接的资源定位符,以允许在遍历超链接时检查电子邮件的声誉。 在遍历超链接时,确定资源定位符的当前信誉和电子邮件的当前信誉,并且响应于确定执行一个或多个动作。

    CLOUD EMAIL MESSAGE SCANNING WITH LOCAL POLICY APPLICATION IN A NETWORK ENVIRONMENT
    7.
    发明申请
    CLOUD EMAIL MESSAGE SCANNING WITH LOCAL POLICY APPLICATION IN A NETWORK ENVIRONMENT 有权
    云计算网络环境中的本地政策应用扫描电子邮件

    公开(公告)号:US20150304339A1

    公开(公告)日:2015-10-22

    申请号:US14717261

    申请日:2015-05-20

    申请人: McAfee, Inc.

    IPC分类号: H04L29/06 H04L12/58

    摘要: A method for applying policies to an email message includes receiving, by an inbound policy module in a protected network, message metadata of an email message. The method also includes determining, based on the message metadata, whether receiving the email message in the protected network is prohibited by at least one metadata policy. The method further includes blocking the email message from being forwarded to the protected network if receiving the email message in the protected network is prohibited by the metadata policy. In specific embodiments, the method includes requesting scan results data for the email message if receiving the email message in the protected network is not prohibited by one or more metadata policies. In further embodiments, the method includes receiving the scan results data and requesting the email message if receiving the email message in the protected network is not prohibited by one or more scan policies.

    摘要翻译: 将策略应用于电子邮件消息的方法包括:通过受保护网络中的入站策略模块接收电子邮件消息的消息元数据。 该方法还包括基于消息元数据确定是否在受保护网络中接收电子邮件消息被至少一个元数据策略所禁止。 该方法还包括如果受到受保护的网络中的电子邮件消息被元数据策略所禁止,阻止该电子邮件消息被转发到受保护的网络。 在具体实施例中,如果在受保护网络中接收到电子邮件消息不被一个或多个元数据策略所禁止,则该方法包括请求电子邮件消息的扫描结果数据。 在另外的实施例中,该方法包括接收扫描结果数据并且如果在受保护网络中接收到电子邮件消息不被一个或多个扫描策略所禁止,则请求电子邮件消息。

    Cloud email message scanning with local policy application in a network environment
    8.
    发明授权
    Cloud email message scanning with local policy application in a network environment 有权
    在网络环境中使用本地策略应用程序进行云电子邮件扫描

    公开(公告)号:US09049235B2

    公开(公告)日:2015-06-02

    申请号:US13683976

    申请日:2012-11-21

    申请人: McAfee Inc.

    IPC分类号: H04L29/06 G06F21/00 H04L12/58

    摘要: A method for applying policies to an email message includes receiving, by an inbound policy module in a protected network, message metadata of an email message. The method also includes determining, based on the message metadata, whether receiving the email message in the protected network is prohibited by at least one metadata policy. The method further includes blocking the email message from being forwarded to the protected network if receiving the email message in the protected network is prohibited by the metadata policy. In specific embodiments, the method includes requesting scan results data for the email message if receiving the email message in the protected network is not prohibited by one or more metadata policies. In further embodiments, the method includes receiving the scan results data and requesting the email message if receiving the email message in the protected network is not prohibited by one or more scan policies.

    摘要翻译: 将策略应用于电子邮件消息的方法包括:通过受保护网络中的入站策略模块接收电子邮件消息的消息元数据。 该方法还包括基于消息元数据确定是否在受保护网络中接收电子邮件消息被至少一个元数据策略所禁止。 该方法还包括如果受到受保护的网络中的电子邮件消息被元数据策略所禁止,阻止该电子邮件消息被转发到受保护的网络。 在具体实施例中,如果在受保护网络中接收到电子邮件消息不被一个或多个元数据策略所禁止,则该方法包括请求电子邮件消息的扫描结果数据。 在另外的实施例中,该方法包括接收扫描结果数据并且如果在受保护网络中接收到电子邮件消息不被一个或多个扫描策略所禁止,则请求电子邮件消息。

    CLOUD EMAIL MESSAGE SCANNING WITH LOCAL POLICY APPLICATION IN A NETWORK ENVIRONMENT

    公开(公告)号:US20180007061A1

    公开(公告)日:2018-01-04

    申请号:US15619578

    申请日:2017-06-12

    申请人: McAfee, Inc.

    IPC分类号: H04L29/06 H04L12/58

    摘要: A method for applying policies to an email message includes receiving, by an inbound policy module in a protected network, message metadata of an email message. The method also includes determining, based on the message metadata, whether receiving the email message in the protected network is prohibited by at least one metadata policy. The method further includes blocking the email message from being forwarded to the protected network if receiving the email message in the protected network is prohibited by the metadata policy. In specific embodiments, the method includes requesting scan results data for the email message if receiving the email message in the protected network is not prohibited by one or more metadata policies. In further embodiments, the method includes receiving the scan results data and requesting the email message if receiving the email message in the protected network is not prohibited by one or more scan policies.

    Cloud email message scanning with local policy application in a network environment

    公开(公告)号:US09705889B2

    公开(公告)日:2017-07-11

    申请号:US14717261

    申请日:2015-05-20

    申请人: McAfee, Inc.

    IPC分类号: H04L29/06 H04L12/58

    摘要: A method for applying policies to an email message includes receiving, by an inbound policy module in a protected network, message metadata of an email message. The method also includes determining, based on the message metadata, whether receiving the email message in the protected network is prohibited by at least one metadata policy. The method further includes blocking the email message from being forwarded to the protected network if receiving the email message in the protected network is prohibited by the metadata policy. In specific embodiments, the method includes requesting scan results data for the email message if receiving the email message in the protected network is not prohibited by one or more metadata policies. In further embodiments, the method includes receiving the scan results data and requesting the email message if receiving the email message in the protected network is not prohibited by one or more scan policies.