公开(公告)号：US20170111379A1

公开(公告)日：2017-04-20

申请号：US15394508

申请日：2016-12-29

Applicant: SECUREWORKS CORP.

Inventor： Mukund P. Khatri ,  Theodore S. Webb ,  Jacqueline H. Wilson ,  Jon R. Ramsey

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L49/30 ,  H04L63/1416

Abstract: A network interface device includes a memory and a processor operable to receive a malicious packet marker, store the malicious packet marker to the memory, monitor network data packets flowing in the network interface device, determine that a packet matches the malicious packet marker, and store log information from the packet to the memory.

公开(公告)号：US20180288100A1

公开(公告)日：2018-10-04

申请号：US15994655

申请日：2018-05-31

Applicant: SECUREWORKS CORP.

Inventor： Ross R. Kinder ,  Jon R. Ramsey ,  Timothy M. Vidas ,  Robert Danford

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/26

Abstract: A method of configuring a network security device includes receiving a changed set of network rules to replace a current set of network rules; using a plurality of network traffic events to perform a first simulation of according to the current set of network rules and a second simulation according to the changed set of network rules; comparing the results of the first and second simulation to identify changes in network traffic allowed and denied between the current set and the changed set of network rules; displaying the changes in allowed and denied traffic for review of the changed set of network rules; receiving an instruction to implement the changed set of network rules based on the review; and filtering network traffic according to the changed set of network rules.

公开(公告)号：US09628511B2

公开(公告)日：2017-04-18

申请号：US15142867

申请日：2016-04-29

Applicant: SECUREWORKS CORP.

Inventor： Jon R. Ramsey ,  Wayne Howard Haber ,  Michael Joseph Hubbard ,  Uday Banerjee

IPC: H04L29/06 ,  G06F15/16 ,  G06F17/30

CPC classification number: H04L63/1458 ,  G06F17/30312 ,  G06F17/30528 ,  H04L63/02 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1441 ,  H04L63/1466 ,  H04L63/1483

Abstract: Network traffic can be prevented from entering a protected network. An alert can be received that can be triggered by network traffic that matches at least one signature that is associated with undesired network behavior. A source of the network traffic that triggered the alert can be determined, and network traffic that originates from the source can be blocked. Blocking the source can include assigning a determination to the alert. It can then be determined whether network traffic from the source should be blocked based on the determination. The source can then be provided to the protected network such that a network device coupled to the protected network can be configured to block network traffic that originates from the source.

公开(公告)号：US10659498B2

公开(公告)日：2020-05-19

申请号：US15994655

申请日：2018-05-31

Applicant: SECUREWORKS CORP.

Inventor： Ross R. Kinder ,  Jon R. Ramsey ,  Timothy M. Vidas ,  Robert Danford

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/26

Abstract: A method of configuring a network security device includes receiving a changed set of network rules to replace a current set of network rules; using a plurality of network traffic events to perform a first simulation of according to the current set of network rules and a second simulation according to the changed set of network rules; comparing the results of the first and second simulation to identify changes in network traffic allowed and denied between the current set and the changed set of network rules; displaying the changes in allowed and denied traffic for review of the changed set of network rules; receiving an instruction to implement the changed set of network rules based on the review; and filtering network traffic according to the changed set of network rules.

公开(公告)号：US20160241591A1

公开(公告)日：2016-08-18

申请号：US15142867

申请日：2016-04-29

Applicant: SECUREWORKS CORP.

Inventor： Jon R. Ramsey ,  Wayne Howard Haber ,  Michael Joseph Hubbard ,  Uday Banerjee

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/1458 ,  G06F17/30312 ,  G06F17/30528 ,  H04L63/02 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1441 ,  H04L63/1466 ,  H04L63/1483

Abstract: Network traffic can be prevented from entering a protected network. An alert can be received that can be triggered by network traffic that matches at least one signature that is associated with undesired network behavior. A source of the network traffic that triggered the alert can be determined, and network traffic that originates from the source can be blocked. Blocking the source can include assigning a determination to the alert. It can then be determined whether network traffic from the source should be blocked based on the determination. The source can then be provided to the protected network such that a network device coupled to the protected network can be configured to block network traffic that originates from the source.