TW201703483A - 用於改善分散式網路中分析之方法及系統 - Google Patents
用於改善分散式網路中分析之方法及系統 Download PDFInfo
- Publication number
- TW201703483A TW201703483A TW105107656A TW105107656A TW201703483A TW 201703483 A TW201703483 A TW 201703483A TW 105107656 A TW105107656 A TW 105107656A TW 105107656 A TW105107656 A TW 105107656A TW 201703483 A TW201703483 A TW 201703483A
- Authority
- TW
- Taiwan
- Prior art keywords
- group
- network
- information
- security policy
- security
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本文描述用於改善分散式網路中之分析之系統及方法。一實例性系統可包括至少一處理器、一分析模組及一安全性策略模組。該安全性策略模組可操作以定義一安全性策略。由該處理器對一網路封包執行該安全性策略。此外,該處理器自該網路封包收集網路資訊。該分析模組可操作以利用安全性策略中之額外群組資訊分析網路資訊。由該處理器使用該分析來產生結果。基於該所產生之結果,安全性策略模組更新安全性策略。
Description
本發明大體上係關於資料處理且更特定言之,本發明係關於用於改善分散式網路中之分析之方法及系統。
可繼續研究本章節中描述之方法但該等方法不必係先前設想或追求之方法。因此,除非另有指示,否則不應假設本章節描述之方法之任何者僅因其包含於本章節中而有資格成為先前技術。
雲端運算、虛擬化、軟體定義網路及行動性將具有一用戶端至伺服器訊務流量(有時被稱為「北-南」)之舊型資料中心轉變成具有伺服器至伺服器訊務流量(有時被稱為「東-西」)之資料中心。東-西訊務亦可包含在不同資料中心中之伺服器之間行進之訊務。由於用戶端請求之訊務量或複雜性,一單一伺服器可不服務用戶端請求。資料中心之東-西架構可使得資料資產有利地定位於企業經營場所內部及外部之不同區域中。然而,傳統周邊安全性解決方案通常失效且無法足夠地保護資料中心免受攻擊者入侵。
一企業可嘗試分析在其伺服器之間行進之網路訊務。然而,任何分析普遍受限於監測網路訊務量及判定該訊務流量中之趨勢以發現惡意活動。顯著地,網路訊務量不提供關於網路環境之諸多內容相關資料(contextual data)。因此,攻擊者可藉由攻擊低設定檔資產且接著
跨資料中心橫向移動至重要企業資產而找出通過傳統周邊之方法,以洩露企業及用戶端資料。
此外,無法僅基於網路訊務量判定主機之間之任何相關性。
提供本【發明內容】而以在下文【實施方式】中進一步描述之一簡化形式介紹選擇之概念。本【發明內容】不意欲識別所主張之標的之關鍵特徵或重要特徵,也不意欲用作為判定所揭示之標的之範疇之一輔助。
提供用於改善分散式網路中之分析之系統及方法。一實例性方法可開始於定義一安全性策略。該安全性策略可包含一防火牆安全性策略,但不限於此實施例。該安全性策略可與至少一主機或一群組相關聯。可執行該安全性策略以判定對一網路封包不利之動作。該方法可進一步包含自該等網路封包收集網路資訊。可基於與該至少一主機或一群組相關聯之記錄資訊而產生該網路資訊。可利用安全性策略中之額外群組資訊分析網路資訊。該分析可包含:分析至少一群組內之網路封包;分析在兩個或兩個以上主機或群組之間行進之網路封包;及分析兩個或兩個以上主機或群組之間之連接。基於該分析,可判定網路封包之網域名稱伺服器(DNS)資訊。基於該DNS資訊,可判定一網域產生演算法(DGA)是否已用於產生與網路封包相關聯之一網域之一網域名稱。基於與至少一群組相關聯之記錄資訊,可針對安全性威脅檢查該記錄資訊。此外,該方法可包含自該分析產生一結果。基於該所產生之結果,可更新安全性策略。更新安全性策略可包含:應用動作(例如,允許或拒絕一連接);重新配置至少一群組(例如,使主機在群組之間移動);及修改至少一群組之安全性系統參數。該更新可進一步包含:產生與至少一群組相關聯之一強制策略;應用一封包擷取(PCAP)來分析與該至少一群組相關聯之網路封包之內容;及修改
與該至少一群組相關聯之一監測策略。
此外,提供用於改善一分散式網路中之分析之一系統。該系統可包括至少一處理器、一分析模組及一安全性策略模組。該安全性策略模組可操作以定義一安全性策略。該安全性策略可與具有至少一主機之至少一群組相關聯。可由處理器執行該安全性策略以檢測一網路封包。
此外,該處理器可自網路封包收集網路資訊。分析模組可操作以利用安全性策略中之額外群組資訊來分析網路資訊。該分析可包含:基於DNS資訊而判定用於網路封包之DNS資訊;判定一DGA是否已用於產生與網路封包相關聯之一網域之一網域名稱;及基於與至少一群組相關聯之記錄資訊而針對安全性威脅分析網路資訊。可由處理器使用該分析來產生一結果。基於該所產生之結果,安全性策略模組可更新安全性策略。更新可包含:產生與至少一群組相關聯之一強制策略;收集與至少一群組相關聯之網路封包之封包擷取;及修改與該至少一群組相關聯之一監測策略。
在進一步例示性實施例中,模組、子系統或裝置可經調適以執行所述步驟。以下描述其他特徵及例示性實施例。
100‧‧‧環境
105‧‧‧主機
110‧‧‧群組A
115‧‧‧群組B
120‧‧‧群組C
125‧‧‧網路資訊
135‧‧‧安全性策略
145‧‧‧結果
150‧‧‧安全性策略
200‧‧‧系統
210‧‧‧處理器
220‧‧‧分析模組
230‧‧‧安全性策略模組
300‧‧‧方法
302‧‧‧操作
304‧‧‧操作
306‧‧‧操作
308‧‧‧操作
310‧‧‧操作
400‧‧‧示意圖
410‧‧‧群組資訊
420‧‧‧群組資訊
500‧‧‧示意圖
505‧‧‧感測器
510‧‧‧應用程式後設資料
515‧‧‧應用程式資訊
520‧‧‧內容相關資訊
525‧‧‧預處理
530‧‧‧網域產生演算法(DGA)
535‧‧‧統一資源定位器(URL)使用者代理程式
540‧‧‧其他檢查
545‧‧‧索引資料庫
550‧‧‧使用者查詢
555‧‧‧使用者介面
600‧‧‧電腦系統
602‧‧‧處理器
604‧‧‧硬碟機
606‧‧‧主記憶體
608‧‧‧靜態記憶體
610‧‧‧匯流排
612‧‧‧網路介面裝置
620‧‧‧電腦可讀媒體
622‧‧‧指令
實施例以實例之方式繪示且不限制於隨附圖式之圖,其中相同參考指示類似元件。
圖1繪示根據一些實施例之其中可實施用於改善一分散式網路中之分析之系統及方法之一環境。
圖2係展示根據特定實施例之用於改善一分散式網路中之分析之一系統之各種模組之一方塊圖。
圖3係繪示根據一些實例性實施例之用於改善一分散式網路中之分析之一方法之一流程圖。
圖4展示根據一實例性實施例之一安全性策略模組與一分析模組之間之互動之一示意圖。
圖5展示根據一實例性實施例之由用於改善一分散式網路中之分析之一系統執行之分析之一示意圖。
圖6展示為一電腦系統之例示性電子形式之一機器之一運算裝置之一圖解表示,在該運算裝置內可執行用於使得該機器執行本文討論之方法之任何一或多者之一組指令。
以下實施方式包含參考形成實施方式之一部分之隨附圖式。圖式根據例示性實施例展示圖解。詳細描述此等例示性實施例(在本文中亦被稱為「實例」)以使得熟習技術者能夠實踐本標的。可組合該等實施例,使用其他實施例,或可在不違背所主張之範疇之情況下作出結構、邏輯及電改變。因此,以下實施方式不具有一限制意義,且由隨附申請專利範圍及其等等效物定義範疇。在本文件中使用之術語「一」(a、an)包含一個或一個以上,如專利文件中所常見。在本文件中,使用術語「或」指一非互斥「或」,使得除非另有指示,否則「A或B」包含「A但不是B」、「B但不是A」及「A及B」。
本發明提供用於改善一分散式網路中之分析之方法及系統。一分散式網路係一種類型電腦網路,其中企業基礎設施資源被分為數個網路、處理器及中間裝置。在東-西訊務架構中,網路訊務可散佈於分散式網路內之複數個虛擬機器(例如,伺服器或主機)及實體主機上。如本文中所使用,「主機」係指連接至分散式網路之任何電腦。
本發明之方法及系統可允許整合一安全性系統、一安全性策略及安全性分析。更特定言之,可由一安全性策略模組檢測在主機之間發送之所有網路封包。該安全性策略模組可設定用於各主機或主機之一群組之一安全性策略。一般而言,安全性策略可包含引導保護一系
統、組織或其他實體之資訊技術資產之一組規則。安全性策略可定義位址群組之間之存取控制清單,其中位址群組主要分組為具有類似安全性屬性或功能之主機,諸如FTP或Web/HTTP伺服器之位址群組。
本發明之方法及系統可匯入群組資訊(例如,主機之安全性屬性)以將一安全性系統(或一強制模組)中之主機分為一組且將該群組資訊用於安全性分析。更特定言之,一分析模組可分析關於在相同群組之主機之間行進之網路封包之群組內網路資訊,且使用一分析模型以與關於網路封包之安全性系統安全性策略相關。在分析期間,分析模組可找出一相同位址群組之主機中之相關網路資訊中之不一致型樣,因此偵測入侵。基於分析之結果,分析模組可將反饋發送至安全性策略模組。該反饋可包含(例如)網路資訊中之類似型樣。基於自該分析模組接收之反饋及關於主機之安全性屬性相關性,安全性策略模組可更新關於主機之當前安全性策略,以執行深封包檢測而提取用於分析之更多資訊,或若偵測到主機之惡意軟體感染時阻擋至一特定主機之所有網路連接。
此外,分析模組可分析關於在屬於不同群組之主機之間行進之網路封包之群組間網路資訊。可基於分析及在網路資訊中找出之類似型樣,而根據可重新分組之不同群組之一些主機來產生更新之安全性策略。例如,可分析關於群組A及群組B之主機之網路資訊,且基於網路資訊之分析及安全性參數之相關性,群組A之主機可與群組B之一些主機一起分組為群組C。在網路資訊中,群組C之主機可具有類似型樣,且一致安全性策略可應用於群組C之主機。
圖1繪示根據一些實施例之其中可實施用於改善一分散式網路中之分析之系統及方法之一環境100。環境100可包含一分散式網路(圖中未展示)中之一虛擬化環境,其中網路訊務可在主機105之間行進。主機105可包含分散式網路之任何電腦、伺服器、虛擬機器及類似
者。主機105可分組為若干群組,展示為一群組A 110、一群組B 115及一群組C 120。用於改善一分散式網路中之分析之一系統200可收集關於主機105之網路資訊125及在主機105之間行進之網路封包。一安全性策略模組230可提供關於主機105之一安全性策略135給系統200。安全性策略模組230可與分析模組220通信以檢查與主機105相關聯或在主機105上運行之應用程式之規則。於一些實施例中,該環境100包含以通信方式耦合於該安全性策略模組230及該系統200之間之一規則引擎140,亦即,該安全性策略模組230及該系統200皆可存取該規則引擎140。分析模組220亦可分析與安全性策略135相關之網路資訊125。基於該分析,分析模組220可將分析之一結果145發送至安全性策略模組230。安全性策略模組230可使用結果145以產生一經更新之安全性策略且將經更新之安全性策略150應用至主機105。在標題為「Conditional Declarative Policies」之相關美國專利申請案第TBD號(代理人檔案號碼PA6892US)中進一步描述更新之安全性策略之應用。
圖2係展示根據特定實施例之用於改善一分散式網路中之分析之一系統200之各種模組之一方塊圖。該系統可包括一處理器210、一分析模組220、一安全性策略模組230及一或多個強制點240。該處理器可包含一可程式化處理器,諸如一微控制器、中央處理單元等等。在其他實施例中,該處理器可包含經設計以實施由系統執行之功能之一特定應用積體電路或可程式化邏輯陣列,諸如一場可程式化閘極陣列。在各種實施例中,系統200可常駐在組織外部、在該組織外部控制之一資料中心中且經提供作為一雲端服務。
處理器210可操作以執行一網路封包上之一安全性策略。在一實例性實施例中,處理器210自安全性策略模組230接收安全性策略。在一實例性實施例中,安全性策略與包含至少一主機之至少一群組相關聯。在一進一步實例性實施例中,該群組包含複數個伺服器。
處理器210進一步可操作以產生關於網路封包之網路資訊。在一實例性實施例中,基於與至少一群組相關聯之記錄資訊而產生網路資
訊。在另一實例性實施例中,將該記錄資訊儲存於一編索引之資料庫(圖中未展示)中。該索引資料庫可操作以記錄關於網路封包之網路資訊且對其編索引。此外,處理器210可操作以自由分析模組220執行之一分析產生結果。
在一實例性實施例中,該結果可包含判定與網路封包相關聯之網域係有效的。在其他實施例中,該結果可包含判定與網路封包相關聯之網域係無效的。再者,該結果可包含判定與網路封包相關聯之網域需要一提升之監督。該提升之監督可包含收集與該網域相關聯之封包擷取(PCAP)。一PCAP可由用於擷取網路訊務之一應用程式設計介面組成。因此,一PCAP可為攔截且記錄網路訊務之一程序。
在一實例性實施例中,處理器210可操作以自安全性策略提取群組資訊。該群組資訊可包含與至少一群組相關聯之群組安全性屬性。
分析模組220可操作以分析網路資訊。分析模組220可自處理器210接收網路資訊。可使用與安全性策略相關之分析模組220執行該分析。
在一實例性實施例中,在分析期間,分析模組220可分析至少一群組內之資料封包或分析兩個或兩個以上群組之間之資料封包。此外,分析模組220可分析兩個或兩個以上群組之間之連接。
舉進一步非限制性實例而言,該分析可包含判定網路封包之DNS資訊。基於該DNS資訊,分析模組220可判定一DGA是否用於產生與網路封包相關聯之一網域之一網域名稱。此外,基於與至少一群組相關聯之記錄資訊,分析模組220可針對安全性威脅檢查網路資訊。
安全性策略模組230可操作以定義安全性策略。在一實例性實施例中,安全性策略模組230將安全性策略發送至處理器210。安全性策略模組230進一步可操作以基於由分析模組220產生之結果而更新安全性策略。在一實例性實施例中,該更新可包含重新配置至少一群組。
重新配置該群組可包含使主機在群組之間移動。換言之,屬於不同群組之主機可分為一單一群組。在標題為「Conditional Declarative Policies」之相關美國專利申請案第TBD號(代理人檔案號碼PA6892US)中進一步描述安全性策略模組230。
在一進一步實例性實施例中,更新安全性策略可包含修改至少一群組之安全性系統參數。此外,該更新可包含產生與至少一群組相關聯之一強制策略。在進一步實施例中,該更新包含修改一監測策略以執行封包擷取,而進一步分析與至少一主機或一群組相關聯之網路封包之內容。
一或多個強制點240攔截且分析網路訊務。在標題為「Methods and Systems for Providing Security to Distributed Microservices」之相關美國專利申請案第TBD號(代理人檔案號碼PA6949US)中描述一或多個強制點240,該案之全文以引用之方式併入本文中。
圖3係繪示根據一些實例性實施例之用於改善一分散式網路中之分析之一方法300之一流程圖。該方法可開始於操作302中定義一安全性策略。該安全性策略可與至少一群組相關聯。該至少一群組可包含至少一主機、至少一伺服器及類似者。視情況,方法300可包含自安全性策略提取群組資訊。該群組資訊可包含與至少一群組相關聯之群組安全性屬性。
在操作304中,一旦定義安全性策略,即可對一網路封包執行該安全性策略且可產生關於網路封包之資訊。在操作306中,可分析網路資訊。在一實例性實施例中,該分析可包含分析至少一群組內之資料封包且分析兩個或兩個以上群組之間之資料封包。此外,可分析兩個或兩個以上群組之間之連接。
舉非限制性實例而言,分析可進一步包含判定網路封包之DNS資訊。基於該DNS資訊可判定一DGA是否用於產生與資料封包相關聯之
一網域之一網域名稱。在進一步實施例中,該分析包含基於與至少一群組相關聯之記錄資訊而針對安全性威脅檢查網路資訊。
可使用一分析模組運用自安全性策略提取之網域資訊來執行分析。該分析可包含產生一結果。該結果可包含判定與網路封包相關聯之網域係有效的。在一進一步實施例中,該結果可包含判定與網路封包相關聯之網域係無效的。再者,該結果可包含判定與網路封包相關聯之網域需要一提升之監督。該提升之監督可暗示將一PCAP應用至與該網域相關聯之進一步網路封包。
在操作308中,方法300回應於無需提升監督之一判定而進行至操作310。在操作310中,新增一策略以隔離受感染之主機或群組。視情況更新安全性策略。
在步驟308中,方法300回應於需要提升監督之一判定而進行至操作312。在操作312中,新增一策略以執行深封包檢測及/或收集PCAP。視情況更新安全性策略。
在一實例性實施例中,更新包含重新配置至少一群組。該重新配置可包含使主機在群組之間移動。該更新可進一步包含修改至少一群組之安全性系統參數。
在進一步實例性實施例中,該更新包含產生與至少一群組相關聯之一強制策略。如果判定網域無效,則可阻擋自一無效網域傳入之所有網路封包。此外,在更新期間,可應用PCAP以分析與至少一群組相關聯之網路封包之內容。該更新可進一步導致修改與至少一群組相關聯之一監測策略。
圖4展示根據一實例性實施例之在一安全性策略模組230與一分析模組220之間之互動之一示意圖400。安全性策略模組230可收集群組資訊410且將其提供至分析模組220。群組資訊410可為群組內資訊(即,可關於相同群組之主機)或群組間資訊(即,可關於不同群組之主
機)。基於自安全性策略模組230接收之群組資訊410,分析模組220可執行一分析且將該分析之一結果420提供至安全性策略模組230。結果420可包含在關於主機之一安全性策略中待包含、改變或更新之規則。例如,該等規則可包含:新增或改變關於主機或與該等主機相關聯之一網域之一強制策略;新增或改變關於主機或與該等主機相關聯之網域之一監測策略;收集具有一特定策略之PCAP;收集關於主機或與主機相關聯之網域之更多資訊,諸如與該主機相關聯之一應用程式之後設資料等等。
圖5展示根據一實例性實施例之由用於改善一分散式網路中之分析之一系統執行之分析之一示意圖500。安全性策略模組230可包含一感測器505。感測器505可收集應用程式後設資料510、應用程式資訊515、關於與一分散式網路中之主機相關聯之一應用程式之一些內容相關資訊520及類似者之至少一者。感測器505可將收集之資訊提供至分析模組220。分析模組220可執行自感測器505接收之資訊之預處理525。分析模組220可檢查不同應用程式之規則。更具體言之,分析模組220可分析網路封包以偵測惡意活動。例如,在接收關於網路封包之一DNS之一情況中,分析模組220可檢查一網域產生演算法(DGA)530是否用於產生與由主機發送之一網路封包相關聯之一網域之一網域名稱。針對一超文字傳輸協定(HTTP)請求可檢查統一資源定位器(URL)使用者代理程式(User Agent)535。通常,URL使用者代理程式535係由HTTP用於識別軟體之軟體或產生請求或網路封包之一應用程式。可執行關於與其他應用程式相關聯之資訊之其他檢查540。
分析模組220可將分析之結果置入至一索引資料庫545內,可在索引資料庫545內記錄及編索引關於應用程式之所有資訊及由分析模組220執行之分析。可將一使用者查詢550引導至索引資料庫545且可基於索引資料庫545中含有之且一使用者使用一使用者介面555可見之
編索引之資訊而及時處理使用者查詢550。
由一分析模組產生至一安全性系統安全性模組之一反饋之實例性程序可包含以下步驟。分析模組220可具有關於一分散式網路內之網路訊務之所有資訊。可記錄關於網路訊務之所有資訊。例如,分析模組220可接收關於與網路封包相關聯之DNS之資訊。DNS可提供DNS連接資訊。一實例性安全性策略可指定群組A與群組B通信。自群組A至群組B通信之查詢可為一網域「ABC.com」請求。一網域「ABC.com」回覆可為「1.1.1.1」。
一旦接收所有網路資訊,分析模組220可檢查網域是否與一安全性威脅相關聯,諸如惡意軟體。例如,分析模組220可檢查一黑名單以驗證是否先前已識別網域之惡意行為或網域是否已存在於與惡意軟體相關聯之一網域清單中。此外,由於網域產生演算法530通常用於產生有關「spot」之網域,所以分析模組220可檢查網域名稱是否類似於可由網域產生演算法530產生之網域名稱。此檢查可導致一誤判,因此分析模組220可執行額外檢查且驗證關於網域之查詢是否有效或無效。
若判定關於網域「ABC.com」之一DNS查詢係無效的,則安全性策略模組可更新關於群組D之安全性策略,群組D與關於網域「ABC.com」之DNS查詢相關聯。例如,可產生關於群組D之一強制策略。更新之安全性策略可包含阻擋群組D中之任何進一步網路封包。
若無法判定關於網域「ABC.com」之DNS查詢係有效或無效的,則可將一提升之監督應用至網域。例如,可將一PCAP應用至與群組D相關聯之進一步網路封包。依此方式,可收集關於可疑連接之進一步資訊。
圖6展示為一電腦系統600之例示性電子形式之一機器之一運算
裝置之一圖解表示,在該運算裝置內可執行用於使得該機器執行本文討論之方法之任何一或多者之一組指令。在各種例示性實施例中,機器充當為一獨立裝置或可連接(例如網路連接)至其他機器。在一網路化部署中,該機器在一伺服器-用戶端網路環境中可以一伺服器或一用戶端機器之能力操作,或在一同級間(或分散式)網路環境中充當為一同級機器。該機器可係一伺服器、一個人電腦(PC)、一平板PC、一機上盒(STB)、一PDA、一蜂巢式電話、一數位相機、一可攜式音樂播放器(例如,一可攜式硬碟音訊裝置,諸如一動態影像專家群音訊播放器3(MP3)播放器)、一網站設備、一網路路由器、一交換器、一橋接器或能夠(循序或以其他方式)執行指定由該機器採取之動作之一組指令之任何機器。此外,儘管僅繪示一單一機器,但術語「機器」亦應包含獨立或聯合執行一組(或多組)指令以執行本文討論之方法之任何一或多者之機器之任何集合。
實例性電腦系統600包含一處理器或多個處理器602、一硬碟機604、一主記憶體606及一靜態記憶體608,其等經由一匯流排610彼此通信。電腦系統600亦可包含一網路介面裝置612。硬碟機604可包含一電腦可讀媒體620,電腦可讀媒體620儲存體現本文描述之方法或功能之任何一或多者或由該一或多者使用之一或多組指令622。指令622亦可在由電腦系統600執行期間完全或至少部分常駐於主記憶體606內及/或處理器602內。主記憶體606及處理器602亦構成機器可讀媒體。
儘管電腦可讀媒體620在一例示性實施例中展示為一單一媒體,但術語「電腦可讀媒體」應包含一單一媒體或儲存一或多組指令之多個媒體(例如,一集中或分散式資料庫及/或相關聯快取記憶體及伺服器)。術語「電腦可讀媒體」亦應包含能夠儲存、編碼或載送一組指令以由該機器執行且使得該機器執行本發明之方法之任何一或多者,或能夠儲存、編碼或載送由此一組指令使用或與其相關聯之資料結構
之任何媒體。術語「電腦可讀媒體」據此應包含(但不限制於)固態記憶體、光學及磁性媒體。此等媒體亦可包含(但不限制於)硬碟、軟碟、NAND或NOR快閃記憶體、數位視訊碟、RAM、ROM及類似者。
本文描述之例示性實施例可在包括安裝於一電腦上、硬體中或軟體及硬體之一組合中之電腦可執行指令(例如軟體)之一操作環境中實施。電腦可執行指令可寫入一電腦程式設計語言或可體現於韌體邏輯中。若用符合一所識別標準之一程式設計語言撰寫,則此等指令可在各種硬體平台上執行且用於介接至各種作業系統。可用任何數目之適合程式設計語言(諸如(例如)C、Python、JavaScript、Go)或其他編譯器、組譯器、解譯器或其他電腦語言或平台撰寫用於實施本發明之電腦軟體程式,但不限制於此。
因此,本文描述用於改善一分散式網路中之分析之系統及方法。儘管已參考特定例示性實施例描述實施例,但將明白在不違背本發明之更廣泛之精神及範疇之情況下可對此等例示性實施例作出各種修改及改變。據此,說明書及圖式被認為係一繪示意義而非一限制意義。
100‧‧‧環境
105‧‧‧主機
110‧‧‧群組A
115‧‧‧群組B
120‧‧‧群組C
125‧‧‧網路資訊
135‧‧‧安全性策略
145‧‧‧結果
150‧‧‧安全性策略
200‧‧‧系統
220‧‧‧分析模組
230‧‧‧安全性策略模組
Claims (20)
- 一種用於改善一分散式網路中之分析之系統,該系統包括:至少一處理器,其可操作以:對一網路封包執行一安全性策略;自該網路封包收集網路資訊;及自一分析產生一結果;一分析模組,其可操作以利用該安全性策略中之額外群組資訊分析該網路資訊;及一安全性策略模組,其可操作以:定義該安全性策略;及基於該所產生之結果而更新該安全性策略。
- 如請求項1之系統,其中該安全性策略與至少一主機或一群組相關聯,該至少一群組包含至少一主機。
- 如請求項2之系統,其中該至少一處理器進一步可操作以自該安全性策略提取群組資訊,該群組資訊包含與該至少一群組相關聯之群組安全性屬性。
- 如請求項2之系統,其中使用與該安全性策略相關之該分析模組分析該網路資訊包含以下至少一者:分析該至少一主機或一群組內之網路封包;分析兩個或兩個以上主機或群組之間之網路封包;及分析該兩個或兩個以上主機或群組之間之連接。
- 如請求項1之系統,其中基於該所產生之結果更新該安全性策略包含以下一或多者:允許一連接;拒絕該連接 重新配置至少一群組,該重新配置包含使主機在群組之間移動;及修改該至少一群組之安全性系統參數。
- 如請求項1之系統,其中使用與該安全性策略相關之該分析模組分析該網路資訊包含以下至少一者:判定用於該網路封包之網域名稱伺服器(DNS)資訊;基於該DNS資訊判定一網域產生演算法(DGA)是否用於產生與該網路封包相關聯之一網域之一網域名稱;及基於與至少一群組相關聯之記錄資訊而針對安全性威脅檢查該網路資訊。
- 如請求項6之系統,其中一結果包含以下至少一者:判定與該網路封包相關聯之該網域係有效的;判定與該網路封包相關聯之該網域係無效的;及判定與該網路封包相關聯之該網域需要一提升之監督。
- 如請求項7之系統,其中該提升之監督包含:將一封包擷取(PCAP)應用至與該網域相關聯之進一步網路封包。
- 如請求項1之系統,其中產生關於該網路封包之該網路資訊係基於與至少一群組相關聯之記錄資訊。
- 如請求項1之系統,其中基於該所產生之結果更新該安全性策略包含以下一或多者:產生與至少一群組相關聯之一強制策略;收集封包擷取(PCAP)以分析與該至少一群組相關聯之該網路封包之內容;及修改與該至少一群組相關聯之一監測策略。
- 一種用於改善一分散式網路中之分析之方法,該方法包括:定義一安全性策略; 對一網路封包執行該安全性策略;自該網路封包收集網路資訊;利用該安全性策略中之額外群組資訊分析該網路資訊;自該分析產生一結果;及基於該所產生之結果更新該安全性策略。
- 如請求項11之方法,其中該安全性策略與至少一主機或一群組相關聯,該至少一群組包含至少一主機。
- 如請求項12之方法,其進一步包括自該安全性策略提取群組資訊,該群組資訊包含與該至少一群組相關聯之群組安全性屬性。
- 如請求項12之方法,其中分析該網路資訊包含以下至少一者:分析該至少一主機或一群組內之網路封包;分析兩個或兩個以上主機或群組之間之網路封包;及分析該兩個或兩個以上主機或群組之間之連接。
- 如請求項11之方法,其中更新該安全性策略包含以下一或多者:允許一連接;拒絕該連接重新配置至少一群組,該重新配置包含使主機在群組之間移動;及修改該至少一群組之安全性系統參數。
- 如請求項11之方法,其中該分析包含以下至少一者:判定用於該網路封包之網域名稱系統(DNS)資訊;基於該DNS資訊判定一網域產生演算法(DGA)是否用於產生與該網路封包相關聯之一網域之一網域名稱;及基於與至少一群組相關聯之記錄資訊而針對安全性威脅檢查該網路資訊。
- 如請求項16之方法,其中一結果包含以下至少一者:判定與該網路封包相關聯之該網域係有效的;判定與該網路封包相關聯之該網域係無效的;及判定與該網路封包相關聯之該網域需要一提升之監督。
- 如請求項17之方法,其中該提升之監督包含:將一封包擷取(PCAP)應用至與該網域相關聯之進一步網路封包。
- 如請求項11之方法,其中更新該安全性策略包含以下一或多者:產生與至少一群組相關聯之一強制策略;收集封包擷取(PCAP)以分析與該至少一群組相關聯之該網路封包之內容;及修改與該至少一群組相關聯之一監測策略。
- 一種用於改善一分散式網路中之分析之系統,該系統包括:至少一處理器,其可操作以:對一網路封包執行一安全性策略,其中該安全性策略與至少一群組相關聯,該至少一群組包含至少一主機;自該網路封包收集網路資訊;自一分析產生一結果;一分析模組,其可操作以:利用該安全性策略中之額外群組資訊分析該網路資訊,其中該分析包含以下至少一者:判定用於該網路封包之網域名稱系統(DNS)資訊;基於該DNS資訊判定一網域產生演算法(DGA)是否用於產生與該網路封包相關聯之一網域之一網域名稱;及基於與至少一群組相關聯之記錄資訊而針對安全性威脅檢查該網路資訊;一安全性策略模組,其可操作以: 定義該安全性策略;及基於該所產生之結果更新該安全性策略,其中該更新包含以下一或多者:產生與至少一群組相關聯之一強制策略;應用封包擷取(PCAP)以分析與至少一群組相關聯之該網路封包之內容;及修改與該至少一群組相關聯之一監測策略。
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/657,210 US10193929B2 (en) | 2015-03-13 | 2015-03-13 | Methods and systems for improving analytics in distributed networks |
Publications (1)
Publication Number | Publication Date |
---|---|
TW201703483A true TW201703483A (zh) | 2017-01-16 |
Family
ID=56888588
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW105107656A TW201703483A (zh) | 2015-03-13 | 2016-03-11 | 用於改善分散式網路中分析之方法及系統 |
Country Status (3)
Country | Link |
---|---|
US (1) | US10193929B2 (zh) |
TW (1) | TW201703483A (zh) |
WO (1) | WO2016148865A1 (zh) |
Cited By (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9609083B2 (en) | 2011-02-10 | 2017-03-28 | Varmour Networks, Inc. | Distributed service processing of network gateways using virtual machines |
US9621595B2 (en) | 2015-03-30 | 2017-04-11 | Varmour Networks, Inc. | Conditional declarative policies |
US9680852B1 (en) | 2016-01-29 | 2017-06-13 | Varmour Networks, Inc. | Recursive multi-layer examination for computer network security remediation |
US9762599B2 (en) | 2016-01-29 | 2017-09-12 | Varmour Networks, Inc. | Multi-node affinity-based examination for computer network security remediation |
US9973472B2 (en) | 2015-04-02 | 2018-05-15 | Varmour Networks, Inc. | Methods and systems for orchestrating physical and virtual switches to enforce security boundaries |
US10009381B2 (en) | 2015-03-30 | 2018-06-26 | Varmour Networks, Inc. | System and method for threat-driven security policy controls |
US10009317B2 (en) | 2016-03-24 | 2018-06-26 | Varmour Networks, Inc. | Security policy generation using container metadata |
US10091238B2 (en) | 2014-02-11 | 2018-10-02 | Varmour Networks, Inc. | Deception using distributed threat detection |
US10193929B2 (en) | 2015-03-13 | 2019-01-29 | Varmour Networks, Inc. | Methods and systems for improving analytics in distributed networks |
US10191758B2 (en) | 2015-12-09 | 2019-01-29 | Varmour Networks, Inc. | Directing data traffic between intra-server virtual machines |
US10264025B2 (en) | 2016-06-24 | 2019-04-16 | Varmour Networks, Inc. | Security policy generation for virtualization, bare-metal server, and cloud computing environments |
US10755334B2 (en) | 2016-06-30 | 2020-08-25 | Varmour Networks, Inc. | Systems and methods for continually scoring and segmenting open opportunities using client data and product predictors |
CN113228585A (zh) * | 2018-10-23 | 2021-08-06 | 阿卡麦科技公司 | 具有基于反馈回路的增强流量分析的网络安全系统 |
US11290494B2 (en) | 2019-05-31 | 2022-03-29 | Varmour Networks, Inc. | Reliability prediction for cloud security policies |
US11290493B2 (en) | 2019-05-31 | 2022-03-29 | Varmour Networks, Inc. | Template-driven intent-based security |
US11310284B2 (en) | 2019-05-31 | 2022-04-19 | Varmour Networks, Inc. | Validation of cloud security policies |
US11575563B2 (en) | 2019-05-31 | 2023-02-07 | Varmour Networks, Inc. | Cloud security management |
US11711374B2 (en) | 2019-05-31 | 2023-07-25 | Varmour Networks, Inc. | Systems and methods for understanding identity and organizational access to applications within an enterprise environment |
US11734316B2 (en) | 2021-07-08 | 2023-08-22 | Varmour Networks, Inc. | Relationship-based search in a computing environment |
US11777978B2 (en) | 2021-01-29 | 2023-10-03 | Varmour Networks, Inc. | Methods and systems for accurately assessing application access risk |
US11818152B2 (en) | 2020-12-23 | 2023-11-14 | Varmour Networks, Inc. | Modeling topic-based message-oriented middleware within a security system |
US11863580B2 (en) | 2019-05-31 | 2024-01-02 | Varmour Networks, Inc. | Modeling application dependencies to identify operational risk |
US11876817B2 (en) | 2020-12-23 | 2024-01-16 | Varmour Networks, Inc. | Modeling queue-based message-oriented middleware relationships in a security system |
Families Citing this family (31)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10374904B2 (en) | 2015-05-15 | 2019-08-06 | Cisco Technology, Inc. | Diagnostic network visualization |
US10536357B2 (en) | 2015-06-05 | 2020-01-14 | Cisco Technology, Inc. | Late data detection in data center |
US10142353B2 (en) | 2015-06-05 | 2018-11-27 | Cisco Technology, Inc. | System for monitoring and managing datacenters |
US9967158B2 (en) | 2015-06-05 | 2018-05-08 | Cisco Technology, Inc. | Interactive hierarchical network chord diagram for application dependency mapping |
WO2017039593A1 (en) | 2015-08-28 | 2017-03-09 | Hewlett Packard Enterprise Development Lp | Identification of a dns packet as malicious based on a value |
US10764307B2 (en) * | 2015-08-28 | 2020-09-01 | Hewlett Packard Enterprise Development Lp | Extracted data classification to determine if a DNS packet is malicious |
US10142161B2 (en) * | 2016-01-19 | 2018-11-27 | Radware, Ltd. | Techniques for distribution of application delivery |
US10498752B2 (en) * | 2016-03-28 | 2019-12-03 | Cisco Technology, Inc. | Adaptive capture of packet traces based on user feedback learning |
US10289438B2 (en) | 2016-06-16 | 2019-05-14 | Cisco Technology, Inc. | Techniques for coordination of application components deployed on distributed virtual machines |
US10708183B2 (en) | 2016-07-21 | 2020-07-07 | Cisco Technology, Inc. | System and method of providing segment routing as a service |
US10972388B2 (en) | 2016-11-22 | 2021-04-06 | Cisco Technology, Inc. | Federated microburst detection |
US10868832B2 (en) * | 2017-03-22 | 2020-12-15 | Ca, Inc. | Systems and methods for enforcing dynamic network security policies |
US20180278607A1 (en) * | 2017-03-22 | 2018-09-27 | Amazon Technologies, Inc. | Device Credentials Management |
US10708152B2 (en) | 2017-03-23 | 2020-07-07 | Cisco Technology, Inc. | Predicting application and network performance |
US10523512B2 (en) | 2017-03-24 | 2019-12-31 | Cisco Technology, Inc. | Network agent for generating platform specific network policies |
US10764141B2 (en) | 2017-03-27 | 2020-09-01 | Cisco Technology, Inc. | Network agent for reporting to a network policy system |
US10250446B2 (en) | 2017-03-27 | 2019-04-02 | Cisco Technology, Inc. | Distributed policy store |
US10594560B2 (en) | 2017-03-27 | 2020-03-17 | Cisco Technology, Inc. | Intent driven network policy platform |
US10873794B2 (en) | 2017-03-28 | 2020-12-22 | Cisco Technology, Inc. | Flowlet resolution for application performance monitoring and management |
US10484418B2 (en) * | 2017-05-26 | 2019-11-19 | ShieldX Networks, Inc. | Systems and methods for updating security policies for network traffic |
US10680887B2 (en) | 2017-07-21 | 2020-06-09 | Cisco Technology, Inc. | Remote device status audit and recovery |
US10554501B2 (en) | 2017-10-23 | 2020-02-04 | Cisco Technology, Inc. | Network migration assistant |
US10523541B2 (en) | 2017-10-25 | 2019-12-31 | Cisco Technology, Inc. | Federated network and application data analytics platform |
US10594542B2 (en) | 2017-10-27 | 2020-03-17 | Cisco Technology, Inc. | System and method for network root cause analysis |
US11233821B2 (en) | 2018-01-04 | 2022-01-25 | Cisco Technology, Inc. | Network intrusion counter-intelligence |
US10798015B2 (en) | 2018-01-25 | 2020-10-06 | Cisco Technology, Inc. | Discovery of middleboxes using traffic flow stitching |
US10574575B2 (en) | 2018-01-25 | 2020-02-25 | Cisco Technology, Inc. | Network flow stitching using middle box flow stitching |
US10999149B2 (en) | 2018-01-25 | 2021-05-04 | Cisco Technology, Inc. | Automatic configuration discovery based on traffic flow data |
US10826803B2 (en) | 2018-01-25 | 2020-11-03 | Cisco Technology, Inc. | Mechanism for facilitating efficient policy updates |
US11128700B2 (en) | 2018-01-26 | 2021-09-21 | Cisco Technology, Inc. | Load balancing configuration based on traffic flow telemetry |
US10715391B2 (en) * | 2018-12-03 | 2020-07-14 | At&T Intellectual Property I, L.P. | Cloud zone network analytics platform |
Family Cites Families (225)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6147993A (en) | 1997-10-14 | 2000-11-14 | Cisco Technology, Inc. | Method and apparatus for implementing forwarding decision shortcuts at a network switch |
US6484261B1 (en) * | 1998-02-17 | 2002-11-19 | Cisco Technology, Inc. | Graphical network security policy management |
US6779118B1 (en) | 1998-05-04 | 2004-08-17 | Auriq Systems, Inc. | User specific automatic data redirection system |
US6253321B1 (en) | 1998-06-19 | 2001-06-26 | Ssh Communications Security Ltd. | Method and arrangement for implementing IPSEC policy management using filter code |
EP1149339A1 (en) * | 1998-12-09 | 2001-10-31 | Network Ice Corporation | A method and apparatus for providing network and computer system security |
US6970459B1 (en) | 1999-05-13 | 2005-11-29 | Intermec Ip Corp. | Mobile virtual network system and method |
US6765864B1 (en) | 1999-06-29 | 2004-07-20 | Cisco Technology, Inc. | Technique for providing dynamic modification of application specific policies in a feedback-based, adaptive data network |
US6981155B1 (en) | 1999-07-14 | 2005-12-27 | Symantec Corporation | System and method for computer security |
US6578076B1 (en) | 1999-10-18 | 2003-06-10 | Intel Corporation | Policy-based network management system using dynamic policy generation |
US20020031103A1 (en) | 2000-05-02 | 2002-03-14 | Globalstar L.P. | User terminal employing quality of service path determination and bandwidth saving mode for a satellite ISP system using non-geosynchronous orbit satellites |
US20070192863A1 (en) | 2005-07-01 | 2007-08-16 | Harsh Kapoor | Systems and methods for processing data flows |
US7096260B1 (en) | 2000-09-29 | 2006-08-22 | Cisco Technology, Inc. | Marking network data packets with differentiated services codepoints based on network load |
US20020066034A1 (en) | 2000-10-24 | 2002-05-30 | Schlossberg Barry J. | Distributed network security deception system |
WO2002098100A1 (en) | 2001-05-31 | 2002-12-05 | Preventon Technologies Limited | Access control systems |
US7028179B2 (en) | 2001-07-03 | 2006-04-11 | Intel Corporation | Apparatus and method for secure, automated response to distributed denial of service attacks |
US7546629B2 (en) | 2002-03-06 | 2009-06-09 | Check Point Software Technologies, Inc. | System and methodology for security policy arbitration |
US7904454B2 (en) * | 2001-07-16 | 2011-03-08 | International Business Machines Corporation | Database access security |
US7165100B2 (en) | 2001-07-24 | 2007-01-16 | At&T Corp. | Method and apparatus for packet analysis in a network |
US7058712B1 (en) | 2002-06-04 | 2006-06-06 | Rockwell Automation Technologies, Inc. | System and methodology providing flexible and distributed processing in an industrial controller environment |
JP3794491B2 (ja) | 2002-08-20 | 2006-07-05 | 日本電気株式会社 | 攻撃防御システムおよび攻撃防御方法 |
US7849495B1 (en) | 2002-08-22 | 2010-12-07 | Cisco Technology, Inc. | Method and apparatus for passing security configuration information between a client and a security policy server |
US7467408B1 (en) | 2002-09-09 | 2008-12-16 | Cisco Technology, Inc. | Method and apparatus for capturing and filtering datagrams for network security monitoring |
US7313098B2 (en) | 2002-09-30 | 2007-12-25 | Avaya Technology Corp. | Communication system endpoint device with integrated call synthesis capability |
US7062566B2 (en) | 2002-10-24 | 2006-06-13 | 3Com Corporation | System and method for using virtual local area network tags with a virtual private network |
US20050033989A1 (en) | 2002-11-04 | 2005-02-10 | Poletto Massimiliano Antonio | Detection of scanning attacks |
US7035257B2 (en) | 2002-11-14 | 2006-04-25 | Digi International, Inc. | System and method to discover and configure remotely located network devices |
US7397794B1 (en) | 2002-11-21 | 2008-07-08 | Juniper Networks, Inc. | Systems and methods for implementing virtual switch planes in a physical switch fabric |
US7516476B1 (en) | 2003-03-24 | 2009-04-07 | Cisco Technology, Inc. | Methods and apparatus for automated creation of security policy |
CA2527501A1 (en) | 2003-05-28 | 2004-12-09 | Caymas Systems, Inc. | Multilayer access control security system |
US7203944B1 (en) | 2003-07-09 | 2007-04-10 | Veritas Operating Corporation | Migrating virtual machines among computer systems to balance load caused by virtual machines |
US7254713B2 (en) | 2003-09-11 | 2007-08-07 | Alcatel | DOS attack mitigation using upstream router suggested remedies |
US7523484B2 (en) | 2003-09-24 | 2009-04-21 | Infoexpress, Inc. | Systems and methods of controlling network access |
US20050114829A1 (en) | 2003-10-30 | 2005-05-26 | Microsoft Corporation | Facilitating the process of designing and developing a project |
US7725937B1 (en) | 2004-02-09 | 2010-05-25 | Symantec Corporation | Capturing a security breach |
US7373524B2 (en) | 2004-02-24 | 2008-05-13 | Covelight Systems, Inc. | Methods, systems and computer program products for monitoring user behavior for a server application |
US20050190758A1 (en) * | 2004-03-01 | 2005-09-01 | Cisco Technology, Inc. | Security groups for VLANs |
US7586922B2 (en) | 2004-03-12 | 2009-09-08 | Telefonaktiebolaget Lm Ericsson (Publ) | Providing higher layer packet/frame boundary information in GRE frames |
US8898788B1 (en) | 2004-04-01 | 2014-11-25 | Fireeye, Inc. | Systems and methods for malware attack prevention |
US8793787B2 (en) | 2004-04-01 | 2014-07-29 | Fireeye, Inc. | Detecting malicious network content using virtual environment components |
US20050246241A1 (en) | 2004-04-30 | 2005-11-03 | Rightnow Technologies, Inc. | Method and system for monitoring successful use of application software |
US7620986B1 (en) | 2004-06-14 | 2009-11-17 | Xangati, Inc. | Defenses against software attacks in distributed computing environments |
JP4379223B2 (ja) | 2004-06-18 | 2009-12-09 | 日本電気株式会社 | 動作モデル作成システム、動作モデル作成方法および動作モデル作成プログラム |
JP4341517B2 (ja) * | 2004-06-21 | 2009-10-07 | 日本電気株式会社 | セキュリティポリシー管理システム、セキュリティポリシー管理方法およびプログラム |
US8677496B2 (en) | 2004-07-15 | 2014-03-18 | AlgoSec Systems Ltd. | Method and apparatus for automatic risk assessment of a firewall configuration |
US20060037077A1 (en) | 2004-08-16 | 2006-02-16 | Cisco Technology, Inc. | Network intrusion detection system having application inspection and anomaly detection characteristics |
US7475424B2 (en) * | 2004-09-02 | 2009-01-06 | International Business Machines Corporation | System and method for on-demand dynamic control of security policies/rules by a client computing device |
US7519079B2 (en) | 2004-09-08 | 2009-04-14 | Telefonaktiebolaget L M Ericsson (Publ) | Generic routing encapsulation over point-to-point protocol |
US8032937B2 (en) | 2004-10-26 | 2011-10-04 | The Mitre Corporation | Method, apparatus, and computer program product for detecting computer worms in a network |
US7607170B2 (en) | 2004-12-22 | 2009-10-20 | Radware Ltd. | Stateful attack protection |
ZA200706489B (en) | 2005-02-04 | 2009-04-29 | Bp Australia Pty Ltd | System and method for evaluating initiatives adapted to deliver value to a customer |
US8056124B2 (en) | 2005-07-15 | 2011-11-08 | Microsoft Corporation | Automatically generating rules for connection security |
US7961739B2 (en) | 2005-07-21 | 2011-06-14 | Genband Us Llc | Systems and methods for voice over multiprotocol label switching |
US9467462B2 (en) | 2005-09-15 | 2016-10-11 | Hewlett Packard Enterprise Development Lp | Traffic anomaly analysis for the detection of aberrant network code |
JP4482816B2 (ja) * | 2005-09-27 | 2010-06-16 | 日本電気株式会社 | ポリシ処理装置、方法、及び、プログラム |
US7996255B1 (en) | 2005-09-29 | 2011-08-09 | The Mathworks, Inc. | System and method for providing sales leads based on-demand software trial usage |
US8104033B2 (en) | 2005-09-30 | 2012-01-24 | Computer Associates Think, Inc. | Managing virtual machines based on business priorty |
US8499330B1 (en) * | 2005-11-15 | 2013-07-30 | At&T Intellectual Property Ii, L.P. | Enterprise desktop security management and compliance verification system and method |
US20070168971A1 (en) | 2005-11-22 | 2007-07-19 | Epiphany, Inc. | Multi-tiered model-based application testing |
US7694181B2 (en) | 2005-12-12 | 2010-04-06 | Archivas, Inc. | Automated software testing framework |
US9015299B1 (en) | 2006-01-20 | 2015-04-21 | Cisco Technology, Inc. | Link grouping for route optimization |
US20070174429A1 (en) | 2006-01-24 | 2007-07-26 | Citrix Systems, Inc. | Methods and servers for establishing a connection between a client system and a virtual machine hosting a requested computing environment |
US8613088B2 (en) | 2006-02-03 | 2013-12-17 | Cisco Technology, Inc. | Methods and systems to detect an evasion attack |
CA2644386A1 (en) | 2006-03-03 | 2007-09-07 | Art Of Defence Gmbh | Distributed web application firewall |
WO2007110094A1 (en) * | 2006-03-27 | 2007-10-04 | Telecom Italia S.P.A. | System for enforcing security policies on mobile communications devices |
US7801128B2 (en) | 2006-03-31 | 2010-09-21 | Amazon Technologies, Inc. | Managing communications between computing nodes |
US8316439B2 (en) | 2006-05-19 | 2012-11-20 | Iyuko Services L.L.C. | Anti-virus and firewall system |
US7743414B2 (en) | 2006-05-26 | 2010-06-22 | Novell, Inc. | System and method for executing a permissions recorder analyzer |
US7774837B2 (en) * | 2006-06-14 | 2010-08-10 | Cipheroptics, Inc. | Securing network traffic by distributing policies in a hierarchy over secure tunnels |
US20080016339A1 (en) | 2006-06-29 | 2008-01-17 | Jayant Shukla | Application Sandbox to Detect, Remove, and Prevent Malware |
US7742414B1 (en) | 2006-06-30 | 2010-06-22 | Sprint Communications Company L.P. | Lightweight indexing for fast retrieval of data from a flow-level compressed packet trace |
US20080083011A1 (en) | 2006-09-29 | 2008-04-03 | Mcalister Donald | Protocol/API between a key server (KAP) and an enforcement point (PEP) |
US8510834B2 (en) | 2006-10-09 | 2013-08-13 | Radware, Ltd. | Automatic signature propagation network |
US20080155239A1 (en) | 2006-10-10 | 2008-06-26 | Honeywell International Inc. | Automata based storage and execution of application logic in smart card like devices |
US8312507B2 (en) | 2006-10-17 | 2012-11-13 | A10 Networks, Inc. | System and method to apply network traffic policy to an application session |
US8381209B2 (en) | 2007-01-03 | 2013-02-19 | International Business Machines Corporation | Moveable access control list (ACL) mechanisms for hypervisors and virtual machines and virtual port firewalls |
EP2116005A1 (en) | 2007-01-31 | 2009-11-11 | Tufin Software Technologies Ltd. | System and method for auditing a security policy |
US20080229382A1 (en) * | 2007-03-14 | 2008-09-18 | Motorola, Inc. | Mobile access terminal security function |
US20080239961A1 (en) * | 2007-03-30 | 2008-10-02 | Microsoft Corporation | Packet routing based on application source |
US8341739B2 (en) | 2007-05-24 | 2012-12-25 | Foundry Networks, Llc | Managing network security |
US20080301770A1 (en) | 2007-05-31 | 2008-12-04 | Kinder Nathan G | Identity based virtual machine selector |
US7720995B2 (en) | 2007-06-08 | 2010-05-18 | Cisco Technology, Inc. | Conditional BGP advertising for dynamic group VPN (DGVPN) clients |
US9009829B2 (en) | 2007-06-12 | 2015-04-14 | The Trustees Of Columbia University In The City Of New York | Methods, systems, and media for baiting inside attackers |
US8291495B1 (en) | 2007-08-08 | 2012-10-16 | Juniper Networks, Inc. | Identifying applications for intrusion detection systems |
GB2453518A (en) | 2007-08-31 | 2009-04-15 | Vodafone Plc | Telecommunications device security |
US9043861B2 (en) | 2007-09-17 | 2015-05-26 | Ulrich Lang | Method and system for managing security policies |
US8798056B2 (en) | 2007-09-24 | 2014-08-05 | Intel Corporation | Method and system for virtual port communications |
US8730946B2 (en) | 2007-10-18 | 2014-05-20 | Redshift Internetworking, Inc. | System and method to precisely learn and abstract the positive flow behavior of a unified communication (UC) application and endpoints |
US20090165078A1 (en) | 2007-12-20 | 2009-06-25 | Motorola, Inc. | Managing policy rules and associated policy components |
US9143566B2 (en) | 2008-01-16 | 2015-09-22 | Netapp, Inc. | Non-disruptive storage caching using spliced cache appliances with packet inspection intelligence |
US8254381B2 (en) * | 2008-01-28 | 2012-08-28 | Microsoft Corporation | Message processing engine with a virtual network interface |
US8146147B2 (en) | 2008-03-27 | 2012-03-27 | Juniper Networks, Inc. | Combined firewalls |
MX2010011822A (es) | 2008-04-28 | 2011-02-18 | Xg Technology Inc | Mecanismo de compresion de encabezado para transmitir paquetes de rtp en enlaces inalambricos. |
US9069599B2 (en) | 2008-06-19 | 2015-06-30 | Servicemesh, Inc. | System and method for a cloud computing abstraction layer with security zone facilities |
US9361089B2 (en) | 2008-07-22 | 2016-06-07 | International Business Machines Corporation | Secure patch updates of a virtual machine image in a virtualization data processing system |
US8307422B2 (en) | 2008-08-14 | 2012-11-06 | Juniper Networks, Inc. | Routing device having integrated MPLS-aware firewall |
US8112304B2 (en) | 2008-08-15 | 2012-02-07 | Raytheon Company | Method of risk management across a mission support network |
US9715401B2 (en) | 2008-09-15 | 2017-07-25 | International Business Machines Corporation | Securing live migration of a virtual machine from a secure virtualized computing environment, over an unsecured network, to a different virtualized computing environment |
US8353021B1 (en) | 2008-09-30 | 2013-01-08 | Symantec Corporation | Determining firewall rules for an application on a client based on firewall rules and reputations of other clients |
US8689289B2 (en) * | 2008-10-02 | 2014-04-01 | Microsoft Corporation | Global object access auditing |
US8572717B2 (en) | 2008-10-09 | 2013-10-29 | Juniper Networks, Inc. | Dynamic access control policy with port restrictions for a network security appliance |
US8677473B2 (en) | 2008-11-18 | 2014-03-18 | International Business Machines Corporation | Network intrusion protection |
CN101442494B (zh) | 2008-12-16 | 2011-06-22 | 中兴通讯股份有限公司 | 一种实现快速重路由的方法 |
US8565118B2 (en) | 2008-12-30 | 2013-10-22 | Juniper Networks, Inc. | Methods and apparatus for distributed dynamic network provisioning |
US8612592B2 (en) | 2009-01-23 | 2013-12-17 | Cisco Technology, Inc. | Protected device initiated pinhole creation to allow access to the protected device in response to a domain name system (DNS) query |
US20100192225A1 (en) * | 2009-01-28 | 2010-07-29 | Juniper Networks, Inc. | Efficient application identification with network devices |
US7974279B2 (en) | 2009-01-29 | 2011-07-05 | Nokia Corporation | Multipath data communication |
KR101542392B1 (ko) | 2009-02-16 | 2015-08-12 | 엘지전자 주식회사 | 이동 단말기 및 이것의 핸드오버 방법 |
US20100228962A1 (en) | 2009-03-09 | 2010-09-09 | Microsoft Corporation | Offloading cryptographic protection processing |
US8321862B2 (en) | 2009-03-20 | 2012-11-27 | Oracle America, Inc. | System for migrating a virtual machine and resource usage data to a chosen target host based on a migration policy |
US8676989B2 (en) | 2009-04-23 | 2014-03-18 | Opendns, Inc. | Robust domain name resolution |
US8914878B2 (en) | 2009-04-29 | 2014-12-16 | Juniper Networks, Inc. | Detecting malicious network software agents |
EP2425341B1 (en) | 2009-05-01 | 2018-07-11 | Citrix Systems, Inc. | Systems and methods for establishing a cloud bridge between virtual storage resources |
US8429647B2 (en) | 2009-05-06 | 2013-04-23 | Vmware, Inc. | Virtual machine migration across network by publishing routes to the associated virtual networks via virtual router after the start of migration of the virtual machine |
US8468113B2 (en) | 2009-05-18 | 2013-06-18 | Tufin Software Technologies Ltd. | Method and system for management of security rule set |
US9621516B2 (en) | 2009-06-24 | 2017-04-11 | Vmware, Inc. | Firewall configured with dynamic membership sets representing machine attributes |
US8494000B1 (en) * | 2009-07-10 | 2013-07-23 | Netscout Systems, Inc. | Intelligent slicing of monitored network packets for storing |
US8661434B1 (en) | 2009-08-05 | 2014-02-25 | Trend Micro Incorporated | Migration of computer security modules in a virtual machine environment |
GB2473675B (en) | 2009-09-22 | 2011-12-28 | Virtensys Ltd | Switching method |
US8490150B2 (en) | 2009-09-23 | 2013-07-16 | Ca, Inc. | System, method, and software for enforcing access control policy rules on utility computing virtualization in cloud computing systems |
US8532108B2 (en) | 2009-09-30 | 2013-09-10 | Alcatel Lucent | Layer 2 seamless site extension of enterprises in cloud computing |
CN102713839B (zh) | 2009-10-08 | 2015-11-25 | 爱迪德技术有限公司 | 用于动态函数调用系统中的积极自我修改的系统和方法 |
US8254261B2 (en) | 2009-10-16 | 2012-08-28 | Oracle America, Inc. | Method and system for intra-host communication |
US8369333B2 (en) | 2009-10-21 | 2013-02-05 | Alcatel Lucent | Method and apparatus for transparent cloud computing with a virtualized network infrastructure |
US8800025B2 (en) | 2009-11-10 | 2014-08-05 | Hei Tao Fung | Integrated virtual desktop and security management system |
CN102428474B (zh) | 2009-11-19 | 2015-05-06 | 株式会社日立制作所 | 计算机系统、管理系统和记录介质 |
US8352953B2 (en) | 2009-12-03 | 2013-01-08 | International Business Machines Corporation | Dynamically provisioning virtual machines |
US8726334B2 (en) | 2009-12-09 | 2014-05-13 | Microsoft Corporation | Model based systems management in virtualized and non-virtualized environments |
WO2011072899A1 (en) | 2009-12-15 | 2011-06-23 | International Business Machines Corporation | Method for operating cloud computing services and cloud computing information system |
US8528091B2 (en) | 2009-12-31 | 2013-09-03 | The Trustees Of Columbia University In The City Of New York | Methods, systems, and media for detecting covert malware |
US9274821B2 (en) | 2010-01-27 | 2016-03-01 | Vmware, Inc. | Independent access to virtual machine desktop content |
US8938782B2 (en) | 2010-03-15 | 2015-01-20 | Symantec Corporation | Systems and methods for providing network access control in virtual environments |
US8259571B1 (en) | 2010-03-26 | 2012-09-04 | Zscaler, Inc. | Handling overlapping IP addresses in multi-tenant architecture |
JP5190084B2 (ja) | 2010-03-30 | 2013-04-24 | 株式会社日立製作所 | 仮想マシンのマイグレーション方法およびシステム |
US8868032B2 (en) | 2010-04-23 | 2014-10-21 | Tekelec, Inc. | Methods, systems, and computer readable media for automatic, recurrent enforcement of a policy rule |
CN102934400B (zh) | 2010-06-09 | 2016-08-24 | 日本电气株式会社 | 通信系统、逻辑信道控制设备、控制设备、通信方法以及程序 |
US9141625B1 (en) | 2010-06-22 | 2015-09-22 | F5 Networks, Inc. | Methods for preserving flow state during virtual machine migration and devices thereof |
US8296459B1 (en) | 2010-06-30 | 2012-10-23 | Amazon Technologies, Inc. | Custom routing decisions |
CN103081409B (zh) | 2010-09-09 | 2015-07-08 | 日本电气株式会社 | 网络系统和网络管理方法 |
US8869307B2 (en) | 2010-11-19 | 2014-10-21 | Mobile Iron, Inc. | Mobile posture-based policy, remediation and access control for enterprise resources |
US8730963B1 (en) | 2010-11-19 | 2014-05-20 | Extreme Networks, Inc. | Methods, systems, and computer readable media for improved multi-switch link aggregation group (MLAG) convergence |
US8620851B2 (en) | 2010-11-23 | 2013-12-31 | Novell, Inc. | System and method for determining fuzzy cause and effect relationships in an intelligent workload management system |
US9191327B2 (en) | 2011-02-10 | 2015-11-17 | Varmour Networks, Inc. | Distributed service processing of network gateways using virtual machines |
US8612744B2 (en) * | 2011-02-10 | 2013-12-17 | Varmour Networks, Inc. | Distributed firewall architecture using virtual machines |
US9460289B2 (en) | 2011-02-18 | 2016-10-04 | Trend Micro Incorporated | Securing a virtual environment |
BR112013025528A2 (pt) | 2011-04-04 | 2016-12-27 | Nec Corp | sistema de rede, comutador e método de detecção de terminal conectado |
US8955151B2 (en) * | 2011-04-30 | 2015-02-10 | Vmware, Inc. | Dynamic management of groups for entitlement and provisioning of computer resources |
US8972984B2 (en) | 2011-05-20 | 2015-03-03 | Citrix Systems, Inc. | Methods and systems for virtualizing audio hardware for one or more virtual machines |
US20120311575A1 (en) | 2011-06-02 | 2012-12-06 | Fujitsu Limited | System and method for enforcing policies for virtual machines |
US20120324567A1 (en) * | 2011-06-17 | 2012-12-20 | General Instrument Corporation | Method and Apparatus for Home Network Discovery |
US8516241B2 (en) | 2011-07-12 | 2013-08-20 | Cisco Technology, Inc. | Zone-based firewall policy model for a virtualized data center |
US8935457B2 (en) | 2011-07-29 | 2015-01-13 | International Business Machines Corporation | Network filtering in a virtualized environment |
US8798055B1 (en) | 2011-08-11 | 2014-08-05 | Juniper Networks, Inc. | Forming a multi-device layer 2 switched fabric using internet protocol (IP)-routed / switched networks |
US8875293B2 (en) | 2011-09-22 | 2014-10-28 | Raytheon Company | System, method, and logic for classifying communications |
US20130086399A1 (en) | 2011-09-30 | 2013-04-04 | Cisco Technology, Inc. | Method, system and apparatus for network power management |
US8694786B2 (en) | 2011-10-04 | 2014-04-08 | International Business Machines Corporation | Virtual machine images encryption using trusted computing group sealing |
US8800024B2 (en) | 2011-10-17 | 2014-08-05 | Mcafee, Inc. | System and method for host-initiated firewall discovery in a network environment |
US8813169B2 (en) | 2011-11-03 | 2014-08-19 | Varmour Networks, Inc. | Virtual security boundary for physical or virtual network devices |
US8739281B2 (en) | 2011-12-06 | 2014-05-27 | At&T Intellectual Property I, L.P. | Multilayered deception for intrusion detection and prevention |
US8977735B2 (en) | 2011-12-12 | 2015-03-10 | Rackspace Us, Inc. | Providing a database as a service in a multi-tenant environment |
GB2515193A (en) | 2011-12-13 | 2014-12-17 | Pneuron Corp | Pneuron distributed analytics |
US20130198805A1 (en) | 2012-01-24 | 2013-08-01 | Matthew Strebe | Methods and apparatus for managing network traffic |
US8990371B2 (en) | 2012-01-31 | 2015-03-24 | International Business Machines Corporation | Interconnecting data centers for migration of virtual machines |
US9122507B2 (en) | 2012-02-18 | 2015-09-01 | Cisco Technology, Inc. | VM migration based on matching the root bridge of the virtual network of the origination host and the destination host |
WO2013172898A2 (en) | 2012-02-21 | 2013-11-21 | Logos Technologies, Llc | System for detecting, analyzing, and controlling infiltration of computer and network systems |
US20130223226A1 (en) | 2012-02-29 | 2013-08-29 | Dell Products, Lp | System and Method for Providing a Split Data Plane in a Flow-Based Switching Device |
US9294302B2 (en) | 2012-03-22 | 2016-03-22 | Varmour Networks, Inc. | Non-fragmented IP packet tunneling in a network |
US9116736B2 (en) | 2012-04-02 | 2015-08-25 | Cisco Technology, Inc. | Virtualized movement of enhanced network services associated with a virtual machine |
US10333827B2 (en) | 2012-04-11 | 2019-06-25 | Varmour Networks, Inc. | Adaptive session forwarding following virtual machine migration detection |
US20160323245A1 (en) | 2012-04-11 | 2016-11-03 | Varmour Networks, Inc. | Security session forwarding following virtual machine migration |
US8955093B2 (en) | 2012-04-11 | 2015-02-10 | Varmour Networks, Inc. | Cooperative network security inspection |
US9258275B2 (en) | 2012-04-11 | 2016-02-09 | Varmour Networks, Inc. | System and method for dynamic security insertion in network virtualization |
CN102739645B (zh) | 2012-04-23 | 2016-03-16 | 杭州华三通信技术有限公司 | 虚拟机安全策略的迁移方法及装置 |
US8726393B2 (en) * | 2012-04-23 | 2014-05-13 | Abb Technology Ag | Cyber security analyzer |
US9027077B1 (en) | 2012-04-30 | 2015-05-05 | Palo Alto Networks, Inc. | Deploying policy configuration across multiple security devices through hierarchical configuration templates |
US8959573B2 (en) * | 2012-05-01 | 2015-02-17 | Harris Corporation | Noise, encryption, and decoys for communications in a dynamic computer network |
US8949931B2 (en) | 2012-05-02 | 2015-02-03 | Cisco Technology, Inc. | System and method for monitoring application security in a network environment |
JP5974665B2 (ja) | 2012-06-22 | 2016-08-23 | 富士通株式会社 | 情報処理システム、中継装置、情報処理装置および情報処理方法 |
US9230096B2 (en) | 2012-07-02 | 2016-01-05 | Symantec Corporation | System and method for data loss prevention in a virtualized environment |
US20140096229A1 (en) | 2012-09-28 | 2014-04-03 | Juniper Networks, Inc. | Virtual honeypot |
US8613070B1 (en) | 2012-10-12 | 2013-12-17 | Citrix Systems, Inc. | Single sign-on access in an orchestration framework for connected devices |
US9071637B2 (en) | 2012-11-14 | 2015-06-30 | Click Security, Inc. | Automated security analytics platform |
US9036639B2 (en) | 2012-11-29 | 2015-05-19 | Futurewei Technologies, Inc. | System and method for VXLAN inter-domain communications |
KR101327317B1 (ko) | 2012-11-30 | 2013-11-20 | (주)소만사 | Sap 응용 트래픽 분석 및 모니터링 장치 및 방법, 이를 이용한 정보 보호 시스템 |
US10263916B2 (en) | 2012-12-03 | 2019-04-16 | Hewlett Packard Enterprise Development Lp | System and method for message handling in a network device |
US8813236B1 (en) | 2013-01-07 | 2014-08-19 | Narus, Inc. | Detecting malicious endpoints using network connectivity and flow information |
US9060025B2 (en) | 2013-02-05 | 2015-06-16 | Fortinet, Inc. | Cloud-based security policy configuration |
US10713356B2 (en) | 2013-03-04 | 2020-07-14 | Crowdstrike, Inc. | Deception-based responses to security attacks |
US9094445B2 (en) * | 2013-03-15 | 2015-07-28 | Centripetal Networks, Inc. | Protecting networks from cyber attacks and overloading |
US9374278B2 (en) | 2013-03-15 | 2016-06-21 | NETBRAIN Technologies, Inc | Graphic user interface based network management system to define and execute troubleshooting procedure |
US9448826B2 (en) | 2013-03-15 | 2016-09-20 | Symantec Corporation | Enforcing policy-based compliance of virtual machine image configurations |
US9787686B2 (en) | 2013-04-12 | 2017-10-10 | Airwatch Llc | On-demand security policy activation |
US9647922B2 (en) | 2013-05-15 | 2017-05-09 | Salesforce, Inc. | Computer implemented methods and apparatus for trials onboarding |
RU2568295C2 (ru) | 2013-08-07 | 2015-11-20 | Закрытое акционерное общество "Лаборатория Касперского" | Система и способ временной защиты операционной системы программно-аппаратных устройств от приложений, содержащих уязвимости |
US9491189B2 (en) | 2013-08-26 | 2016-11-08 | Guardicore Ltd. | Revival and redirection of blocked connections for intention inspection in computer networks |
US9292684B2 (en) | 2013-09-06 | 2016-03-22 | Michael Guidry | Systems and methods for security in computer systems |
US10341296B2 (en) | 2013-09-13 | 2019-07-02 | Vmware, Inc. | Firewall configured with dynamic collaboration from network services in a virtual network environment |
US9538423B2 (en) * | 2013-11-01 | 2017-01-03 | Cisco Technology, Inc. | Routing packet traffic using hierarchical forwarding groups |
US9407602B2 (en) | 2013-11-07 | 2016-08-02 | Attivo Networks, Inc. | Methods and apparatus for redirecting attacks on a network |
US9825908B2 (en) | 2013-12-11 | 2017-11-21 | At&T Intellectual Property I, L.P. | System and method to monitor and manage imperfect or compromised software |
US9210183B2 (en) * | 2013-12-19 | 2015-12-08 | Microsoft Technology Licensing, Llc | Detecting anomalous activity from accounts of an online service |
US9563771B2 (en) | 2014-01-22 | 2017-02-07 | Object Security LTD | Automated and adaptive model-driven security system and method for operating the same |
US20170134422A1 (en) | 2014-02-11 | 2017-05-11 | Varmour Networks, Inc. | Deception Techniques Using Policy |
US10091238B2 (en) | 2014-02-11 | 2018-10-02 | Varmour Networks, Inc. | Deception using distributed threat detection |
US9973472B2 (en) | 2015-04-02 | 2018-05-15 | Varmour Networks, Inc. | Methods and systems for orchestrating physical and virtual switches to enforce security boundaries |
US10264025B2 (en) | 2016-06-24 | 2019-04-16 | Varmour Networks, Inc. | Security policy generation for virtualization, bare-metal server, and cloud computing environments |
US20180191779A1 (en) | 2016-12-29 | 2018-07-05 | Varmour Networks, Inc. | Flexible Deception Architecture |
US20170374032A1 (en) | 2016-06-24 | 2017-12-28 | Varmour Networks, Inc. | Autonomic Protection of Critical Network Applications Using Deception Techniques |
JP6252254B2 (ja) | 2014-02-28 | 2017-12-27 | 富士通株式会社 | 監視プログラム、監視方法および監視装置 |
US9516054B2 (en) | 2014-04-14 | 2016-12-06 | Trap Data Security Ltd. | System and method for cyber threats detection |
US9894100B2 (en) * | 2014-12-30 | 2018-02-13 | Fortinet, Inc. | Dynamically optimized security policy management |
US9961105B2 (en) * | 2014-12-31 | 2018-05-01 | Symantec Corporation | Systems and methods for monitoring virtual networks |
US9934406B2 (en) * | 2015-01-08 | 2018-04-03 | Microsoft Technology Licensing, Llc | Protecting private information in input understanding system |
US9294442B1 (en) | 2015-03-30 | 2016-03-22 | Varmour Networks, Inc. | System and method for threat-driven security policy controls |
US10193929B2 (en) | 2015-03-13 | 2019-01-29 | Varmour Networks, Inc. | Methods and systems for improving analytics in distributed networks |
US10009381B2 (en) | 2015-03-30 | 2018-06-26 | Varmour Networks, Inc. | System and method for threat-driven security policy controls |
US9380027B1 (en) | 2015-03-30 | 2016-06-28 | Varmour Networks, Inc. | Conditional declarative policies |
US10104107B2 (en) | 2015-05-11 | 2018-10-16 | Qualcomm Incorporated | Methods and systems for behavior-specific actuation for real-time whitelisting |
US9582268B2 (en) | 2015-05-27 | 2017-02-28 | Runnable Inc. | Automatic communications graphing for a source application |
US9787641B2 (en) | 2015-06-30 | 2017-10-10 | Nicira, Inc. | Firewall rule management |
US10191758B2 (en) | 2015-12-09 | 2019-01-29 | Varmour Networks, Inc. | Directing data traffic between intra-server virtual machines |
US9680852B1 (en) | 2016-01-29 | 2017-06-13 | Varmour Networks, Inc. | Recursive multi-layer examination for computer network security remediation |
US9762599B2 (en) | 2016-01-29 | 2017-09-12 | Varmour Networks, Inc. | Multi-node affinity-based examination for computer network security remediation |
US9521115B1 (en) | 2016-03-24 | 2016-12-13 | Varmour Networks, Inc. | Security policy generation using container metadata |
US10171507B2 (en) | 2016-05-19 | 2019-01-01 | Cisco Technology, Inc. | Microsegmentation in heterogeneous software defined networking environments |
US10755334B2 (en) | 2016-06-30 | 2020-08-25 | Varmour Networks, Inc. | Systems and methods for continually scoring and segmenting open opportunities using client data and product predictors |
-
2015
- 2015-03-13 US US14/657,210 patent/US10193929B2/en active Active
-
2016
- 2016-02-25 WO PCT/US2016/019643 patent/WO2016148865A1/en active Application Filing
- 2016-03-11 TW TW105107656A patent/TW201703483A/zh unknown
Cited By (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9609083B2 (en) | 2011-02-10 | 2017-03-28 | Varmour Networks, Inc. | Distributed service processing of network gateways using virtual machines |
US10091238B2 (en) | 2014-02-11 | 2018-10-02 | Varmour Networks, Inc. | Deception using distributed threat detection |
US10193929B2 (en) | 2015-03-13 | 2019-01-29 | Varmour Networks, Inc. | Methods and systems for improving analytics in distributed networks |
US10333986B2 (en) | 2015-03-30 | 2019-06-25 | Varmour Networks, Inc. | Conditional declarative policies |
US9621595B2 (en) | 2015-03-30 | 2017-04-11 | Varmour Networks, Inc. | Conditional declarative policies |
US10009381B2 (en) | 2015-03-30 | 2018-06-26 | Varmour Networks, Inc. | System and method for threat-driven security policy controls |
US9973472B2 (en) | 2015-04-02 | 2018-05-15 | Varmour Networks, Inc. | Methods and systems for orchestrating physical and virtual switches to enforce security boundaries |
US10191758B2 (en) | 2015-12-09 | 2019-01-29 | Varmour Networks, Inc. | Directing data traffic between intra-server virtual machines |
US9680852B1 (en) | 2016-01-29 | 2017-06-13 | Varmour Networks, Inc. | Recursive multi-layer examination for computer network security remediation |
US9762599B2 (en) | 2016-01-29 | 2017-09-12 | Varmour Networks, Inc. | Multi-node affinity-based examination for computer network security remediation |
US10382467B2 (en) | 2016-01-29 | 2019-08-13 | Varmour Networks, Inc. | Recursive multi-layer examination for computer network security remediation |
US10009317B2 (en) | 2016-03-24 | 2018-06-26 | Varmour Networks, Inc. | Security policy generation using container metadata |
US10264025B2 (en) | 2016-06-24 | 2019-04-16 | Varmour Networks, Inc. | Security policy generation for virtualization, bare-metal server, and cloud computing environments |
US10755334B2 (en) | 2016-06-30 | 2020-08-25 | Varmour Networks, Inc. | Systems and methods for continually scoring and segmenting open opportunities using client data and product predictors |
CN113228585A (zh) * | 2018-10-23 | 2021-08-06 | 阿卡麦科技公司 | 具有基于反馈回路的增强流量分析的网络安全系统 |
CN113228585B (zh) * | 2018-10-23 | 2023-03-31 | 阿卡麦科技公司 | 具有基于反馈回路的增强流量分析的网络安全系统 |
US11575563B2 (en) | 2019-05-31 | 2023-02-07 | Varmour Networks, Inc. | Cloud security management |
US11310284B2 (en) | 2019-05-31 | 2022-04-19 | Varmour Networks, Inc. | Validation of cloud security policies |
US11290493B2 (en) | 2019-05-31 | 2022-03-29 | Varmour Networks, Inc. | Template-driven intent-based security |
US11290494B2 (en) | 2019-05-31 | 2022-03-29 | Varmour Networks, Inc. | Reliability prediction for cloud security policies |
US11711374B2 (en) | 2019-05-31 | 2023-07-25 | Varmour Networks, Inc. | Systems and methods for understanding identity and organizational access to applications within an enterprise environment |
US11863580B2 (en) | 2019-05-31 | 2024-01-02 | Varmour Networks, Inc. | Modeling application dependencies to identify operational risk |
US11818152B2 (en) | 2020-12-23 | 2023-11-14 | Varmour Networks, Inc. | Modeling topic-based message-oriented middleware within a security system |
US11876817B2 (en) | 2020-12-23 | 2024-01-16 | Varmour Networks, Inc. | Modeling queue-based message-oriented middleware relationships in a security system |
US11777978B2 (en) | 2021-01-29 | 2023-10-03 | Varmour Networks, Inc. | Methods and systems for accurately assessing application access risk |
US11734316B2 (en) | 2021-07-08 | 2023-08-22 | Varmour Networks, Inc. | Relationship-based search in a computing environment |
Also Published As
Publication number | Publication date |
---|---|
WO2016148865A1 (en) | 2016-09-22 |
US20160269442A1 (en) | 2016-09-15 |
US10193929B2 (en) | 2019-01-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
TW201703483A (zh) | 用於改善分散式網路中分析之方法及系統 | |
US11323469B2 (en) | Entity group behavior profiling | |
US10721243B2 (en) | Apparatus, system and method for identifying and mitigating malicious network threats | |
US10291654B2 (en) | Automated construction of network whitelists using host-based security controls | |
US10469514B2 (en) | Collaborative and adaptive threat intelligence for computer security | |
EP3278516B1 (en) | Behavior analysis based dns tunneling detection and classification framework for network security | |
Rafique et al. | Firma: Malware clustering and network signature generation with mixed network behaviors | |
US9430646B1 (en) | Distributed systems and methods for automatically detecting unknown bots and botnets | |
US20150326588A1 (en) | System and method for directing malicous activity to a monitoring system | |
Khan et al. | A comprehensive review on adaptability of network forensics frameworks for mobile cloud computing | |
CN106576051B (zh) | 一种检测零日威胁的方法、网络设备、非暂态机器可读介质 | |
Bou-Harb et al. | Big data behavioral analytics meet graph theory: on effective botnet takedowns | |
Kondracki et al. | Catching transparent phish: Analyzing and detecting mitm phishing toolkits | |
US11803641B2 (en) | Utilizing Machine Learning to detect malicious executable files efficiently and effectively | |
US11381446B2 (en) | Automatic segment naming in microsegmentation | |
Nguyen et al. | DGA botnet detection using collaborative filtering and density-based clustering | |
Hegarty et al. | Extrusion detection of illegal files in cloud-based systems | |
JP2024023875A (ja) | インラインマルウェア検出 | |
Kondracki et al. | The droid is in the details: Environment-aware evasion of android sandboxes | |
Zhao et al. | Network security model based on active defense and passive defense hybrid strategy | |
US20230353587A1 (en) | Contextual relationship graph based on user's network transaction patterns for investigating attacks | |
Freet | A Security Visualization Analysis Methodology for Improving Network Intrusion Detection Efficiency |