| 发明名称 | Systems and methods for distributed threat detection in a computer network | ||
| 摘要 | A method and apparatus for distributed threat detection in a computer network is described. The method may include receiving, by a threat detection system of a first computer network, a request for a service from a threat sensor of a second computer network, the service requested of the threat sensor within the second computer network from a network element of the second computer network. The method may also include emulating the service identified in the request to generate a response to the request, and sending the response to the threat sensor for forwarding to the network element within the second computer network. Furthermore, the method may include analyzing one or more communications between the threat detection system and the network element during emulation of the service requested by the network element to determine whether the network element is a threat to the second network. | ||
| 申请公布号 | US9621568(B2) | 申请公布日期 | 2017.04.11 |
| 申请号 | US201414480318 | 申请日期 | 2014.09.08 |
| 申请人 | VARMOUR NETWORKS, INC. | 发明人 | Shieh Choung-Yaw Michael |
| 分类号 | H04L29/06 | 主分类号 | H04L29/06 |
| 代理机构 | Blakely, Sokoloff, Taylor & Zafman LLP | 代理人 | Blakely, Sokoloff, Taylor & Zafman LLP |
| 主权项 | 1. A computer-implemented method comprising: receiving, by a threat detection system of a first computer network, a request for a service forwarded to the threat detection system by a threat sensor sitting on both the first computer network and a second computer network, wherein the threat sensor is a virtual network element that does not provide services in the second computer network, and wherein the service is requested of the threat sensor within the second computer network in an unsolicited request received from a network element of the second computer network, and wherein the network element and the service requested by the network element are identified by the threat sensor and the threat detection system using a combination of identification data including one or more internet protocol (IP) addresses associated with the network element, one or more port numbers associated with the service request, and one or more protocols associated with the communication of the service request; emulating the service identified in the request forwarded from the threat sensor to the threat detection system to generate a response to the request by the threat detection system in the first computer network; sending the response from the threat detection system to the threat sensor, the threat sensor to forward the response generated by the threat detection system to the network element within the second computer network based on the combination of identification data; sending and receiving, by the threat detection system through the threat sensor, one or more communications exchanged with the network element in connection with the emulation of the service by the threat detection system, wherein the threat sensor coordinates the exchange of the one or more communications using the combination of identification data; and analyzing the one or more communications between the threat detection system and the network element during emulation of the service requested by the network element to determine whether the network element is a threat to the second network. | ||
| 地址 | Mountain View CA US | ||