公开(公告)号：US11855964B1

公开(公告)日：2023-12-26

申请号：US17574495

申请日：2022-01-12

申请人： Palo Alto Networks, Inc.

发明人： Huagang Xie

IPC分类号： H04L29/00 ,  H04L67/00 ,  H04L9/40 ,  H04L67/06 ,  H04L67/02 ,  H04L67/01

CPC分类号： H04L63/0236 ,  H04L67/06 ,  H04L67/01 ,  H04L67/02

摘要： At least initially blocking client download of certain content and injecting a user verification step for such downloads is disclosed. In some embodiments, a notification page with an option to accept a response from a server is provided to a client, an indication of user selection of the option to accept in the notification page is received from the client, and requested content received from the server is provided to the client. Injecting a user verification step via the notification page before providing requested content facilitates protecting the client from security threats.

公开(公告)号：US10404661B2

公开(公告)日：2019-09-03

申请号：US16030637

申请日：2018-07-09

申请人： Palo Alto Networks, Inc.

发明人： Taylor Ettema ,  Huagang Xie

IPC分类号： H04L29/06 ,  G06F9/455 ,  G06F8/60 ,  G06F8/61

摘要： Techniques for integrating a honey network with a target network environment (e.g., an enterprise network) to counter IP and peer-checking evasion techniques are disclosed. In some embodiments, a system for integrating a honey network with a target network environment includes a device profile data store that includes a plurality of attributes of each of a plurality of devices in the target network environment; a virtual clone manager executed on a processor that instantiates a virtual clone of one or more devices in the target network environment based on one or more attributes for a target device in the device profile data store; and a honey network policy that is configured to route an external network communication from the virtual clone for the target device in the honey network to an external device through the target network environment.

公开(公告)号：US10305927B2

公开(公告)日：2019-05-28

申请号：US16054945

申请日：2018-08-03

申请人： Palo Alto Networks, Inc.

发明人： Huagang Xie ,  Wei Xu ,  Nir Zuk

IPC分类号： H04L29/06 ,  G06F21/56 ,  H04L29/12

摘要： Techniques for sinkholing bad network domains by registering the bad network domains on the Internet are provided. In some embodiments, sinkholing bad network domains by registering the bad network domains on the Internet includes determining a network domain is a bad network domain, in which the bad network domain is determined to be associated with an identified malware (e.g., malware that has been identified and has been determined to be associated with the bad domain), and the bad network domain is sinkholed by registering the bad network domain with a sinkholed IP address; and identifying a host that is infected with the identified malware based on an attempt by the host to connect to the sinkholed IP address.

公开(公告)号：US20180332005A1

公开(公告)日：2018-11-15

申请号：US16030637

申请日：2018-07-09

申请人： Palo Alto Networks, Inc.

发明人： Taylor Ettema ,  Huagang Xie

IPC分类号： H04L29/06 ,  G06F9/455

CPC分类号： H04L63/0227 ,  G06F8/60 ,  G06F8/63 ,  G06F9/45533 ,  G06F9/45558 ,  G06F2009/45587 ,  H04L63/1491

摘要： Techniques for integrating a honey network with a target network environment (e.g., an enterprise network) to counter IP and peer-checking evasion techniques are disclosed. In some embodiments, a system for integrating a honey network with a target network environment includes a device profile data store that includes a plurality of attributes of each of a plurality of devices in the target network environment; a virtual clone manager executed on a processor that instantiates a virtual clone of one or more devices in the target network environment based on one or more attributes for a target device in the device profile data store; and a honey network policy that is configured to route an external network communication from the virtual clone for the target device in the honey network to an external device through the target network environment.

公开(公告)号：US10015198B2

公开(公告)日：2018-07-03

申请号：US15277785

申请日：2016-09-27

申请人： Palo Alto Networks, Inc.

发明人： Taylor Ettema ,  Huagang Xie

IPC分类号： G06F9/44 ,  H04L29/06 ,  G06F9/455 ,  H04L29/08 ,  G06F8/65 ,  G06F9/4401 ,  G06F8/71 ,  G06F8/20 ,  G06F9/445

CPC分类号： H04L63/20 ,  G06F8/20 ,  G06F8/65 ,  G06F8/71 ,  G06F9/4401 ,  G06F9/44505 ,  G06F9/45533 ,  G06F9/45558 ,  G06F2009/45562 ,  H04L63/0245 ,  H04L63/1491 ,  H04L67/1095

摘要： Techniques for synchronizing a honey network configuration to reflect a target network environment are disclosed. In some embodiments, a system for synchronizing a honey network configuration to reflect a target network environment includes a device profile data store that includes a plurality of attributes of each of a plurality of devices in the target network environment; a virtual machine (VM) image library that includes one or more VM images; and a virtual clone manager executed on a processor that instantiates a virtual clone of one or more devices in the target enterprise network using a VM image selected from the VM image library that is customized based on one or more attributes for a target device in the device profile data store.

公开(公告)号：US09811665B1

公开(公告)日：2017-11-07

申请号：US13954815

申请日：2013-07-30

申请人： Palo Alto Networks, Inc.

发明人： Zhi Xu ,  Xinran Wang ,  Huagang Xie

IPC分类号： G06F21/56

CPC分类号： G06F21/566 ,  G06F21/562

摘要： Techniques for performing static and dynamic analysis on a mobile device application are disclosed. Static analysis is performed on a mobile device application using a static analysis engine. A static analysis report is generated. Dynamic analysis of the application is performed using a dynamic analysis engine. The dynamic analysis performed is customized based on results of the static analysis. A determination of whether the application is malicious is made based at least on the dynamic analysis.

公开(公告)号：US09804869B1

公开(公告)日：2017-10-31

申请号：US15434785

申请日：2017-02-16

申请人： Palo Alto Networks, Inc.

发明人： Xinran Wang ,  Huagang Xie

IPC分类号： G06F21/60 ,  G06F9/455 ,  G06F21/56

CPC分类号： G06F9/45533 ,  G06F9/45558 ,  G06F21/566 ,  G06F2009/45587

摘要： Analysis of potentially malicious software samples in a virtualized environment is disclosed. One or more modifications are applied to a first virtual machine instance. The first virtual machine instance is initialized as a copy-on-write overlay associated with an original virtual machine image. Further, at least one modification includes the installation of startup instructions. The modified virtual machine instance is stared. A first set of modifications resulting from executing the first virtual machine instance is captured.

公开(公告)号：US09762543B2

公开(公告)日：2017-09-12

申请号：US15145723

申请日：2016-05-03

申请人： Palo Alto Networks, Inc.

发明人： Huagang Xie

IPC分类号： H04L29/06 ,  H04L29/12 ,  H04L29/08

CPC分类号： H04L63/0236 ,  H04L61/1511 ,  H04L63/101 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/20 ,  H04L67/02 ,  H04L67/42

摘要： Using DNS communications to filter domain names is disclosed. A domain name is extracted from a received DNS request. The received DNS request is blocked in response to determining based on a policy that access to the domain name of the DNS request is not permitted. In some cases, such a DNS request is responded to with a spoofed DNS response.

公开(公告)号：US09613210B1

公开(公告)日：2017-04-04

申请号：US13954877

申请日：2013-07-30

申请人： Palo Alto Networks, Inc.

发明人： Xinran Wang ,  Huagang Xie

IPC分类号： G06F21/60 ,  G06F21/56 ,  G06F9/455

CPC分类号： G06F9/45533 ,  G06F9/45558 ,  G06F21/566 ,  G06F2009/45587

摘要： Analysis of potentially malicious software samples in a virtualized environment is disclosed. One or more modifications are applied to a first virtual machine instance. The first virtual machine instance is initialized as a copy-on-write overlay associated with an original virtual machine image. Further, at least one modification includes the installation of startup instructions. The modified virtual machine instance is stared. A first set of modifications resulting from executing the first virtual machine instance is captured.

公开(公告)号：US09473528B2

公开(公告)日：2016-10-18

申请号：US14596055

申请日：2015-01-13

申请人： Palo Alto Networks, Inc.

发明人： Nir Zuk ,  Renzo Lazzarato ,  Huagang Xie

IPC分类号： G06F11/00 ,  H04L29/06 ,  G06F21/57

CPC分类号： H04L63/145 ,  G06F21/57 ,  G06F2221/034 ,  G06F2221/2111 ,  H04L63/1408 ,  H04L63/168

摘要： In some embodiments, identification of malware sites using unknown URL sites and newly registered DNS addresses includes performing a heuristic analysis for information associated with a network site; and assigning a score based on the heuristic analysis, in which the score indicates whether the network site is potentially malicious. In some embodiments, the system includes a security appliance that is in communication with the Internet. In some embodiments, the network site is associated with a network domain and/or a network uniform resource locator (URL). In some embodiments, performing a heuristic analysis for information associated with a network site further includes determining if a network site has recently been registered. In some embodiments, performing a heuristic analysis for information associated with a network site further includes determining if a network site is associated with recently changed DNS information. In some embodiments, performing a heuristic analysis for information associated with a network site further includes determining geographical information as well as an IP network location associated with the network site.