Patent application number | Description | Published |
20120331556 | SYSTEM AND METHOD FOR PROTOCOL FINGERPRINTING AND REPUTATION CORRELATION - A method is provided in one example embodiment that includes generating a fingerprint based on properties extracted from data packets received over a network connection and requesting a reputation value based on the fingerprint. A policy action may be taken on the network connection if the reputation value received indicates the fingerprint is associated with malicious activity. The method may additionally include displaying information about protocols based on protocol fingerprints, and more particularly, based on fingerprints of unrecognized protocols. In yet other embodiments, the reputation value may also be based on network addresses associated with the network connection. | 12-27-2012 |
20130074143 | SYSTEM AND METHOD FOR REAL-TIME CUSTOMIZED THREAT PROTECTION - A method is provided in one example embodiment that includes receiving event information associated with reports from sensors distributed throughout a network environment and correlating the event information to identify a threat. A customized security policy based on the threat may be sent to the sensors. | 03-21-2013 |
20130263248 | SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR PREVENTING COMMUNICATION OF UNWANTED NETWORK TRAFFIC BY HOLDING ONLY A LAST PORTION OF THE NETWORK TRAFFIC - A system, method, and computer program product are provided for preventing communication of unwanted network traffic by holding only a last portion of the network traffic. In use, network traffic associated with a file transfer is received. Additionally, only a last portion of the network traffic associated with the file transfer is held for determining whether the file is unwanted. Further, the last portion of the network traffic associated with the file transfer is conditionally forwarded to a destination device, based on the determination. | 10-03-2013 |
20140351930 | GENERIC PRIVILEGE ESCALATION PREVENTION - An apparatus, method, computer readable storage medium are provided in one or more examples and comprise accessing an application, identifying an access token of the application, determining if the access token is a system token, and responsive to the access token failing to be a system token, enabling a runtime module. | 11-27-2014 |
20140380473 | ZERO-DAY DISCOVERY SYSTEM - A method for determining a zero-day attack by an electronic device is described. According to one embodiment, the method comprises instantiating, by the electronic device, at least one virtual machine, the at least one virtual machine being based on a fortified software profile. The method further comprises executing content capable of behaving as an exploit on the at least one virtual machine, and determining that the exploit is associated with zero-day exploit when the exploit, upon execution of the content on the at least one virtual machine, performs an undesired behavior. | 12-25-2014 |
20150096030 | SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR PREVENTING COMMUNICATION OF UNWANTED NETWORK TRAFFIC BY HOLDING ONLY A LAST PORTION OF THE NETWORK TRAFFIC - A system, method, and computer program product are provided for preventing communication of unwanted network traffic by holding only a last portion of the network traffic. In use, network traffic associated with a file transfer is received. Additionally, only a last portion of the network traffic associated with the file transfer is held for determining whether the file is unwanted. Further, the last portion of the network traffic associated with the file transfer is conditionally forwarded to a destination device, based on the determination. | 04-02-2015 |
20150186645 | SYSTEM, APPARATUS AND METHOD FOR AUTOMATICALLY VERIFYING EXPLOITS WITHIN SUSPECT OBJECTS AND HIGHLIGHTING THE DISPLAY INFORMATION ASSOCIATED WITH THE VERIFIED EXPLOITS - According to one embodiment, a threat detection system is integrated with intrusion protection system (IPS) logic and virtual execution logic. The IPS logic is configured to receive a first plurality of objects and filter the first plurality of objects by identifying a second plurality of objects as suspicious objects. The second plurality of objects is a subset of the first plurality of objects and is lesser or equal in number to the first plurality of objects. The virtual execution logic is configured to automatically verify whether any of the suspicious objects is an exploit. The virtual execution logic comprises at least one virtual machine configured to virtually process content within the suspicious objects and monitor for anomalous behaviors during the virtual processing that are indicative of exploits. | 07-02-2015 |
20160070906 | GENERIC PRIVILEGE ESCALATION PREVENTION - An apparatus, method, computer readable storage medium are provided in one or more examples and comprise accessing an application, identifying an access token of the application, determining if the access token is a system token, and responsive to the access token failing to be a system token, enabling a runtime module. | 03-10-2016 |