摘要 |
A method for identifying malware or unauthorized software communications implemented within a computer infrastructure, the method including detecting an encrypted communication and determining identification data for the encrypted communication. Additionally, the method includes comparing the detected encrypted communication to at least one of a list of applications authorized for encrypted communications using the identification data and a list of authorized destinations of encrypted communications using the identification data. Furthermore, the method includes identifying the detected encrypted communication as an unauthorized encrypted communication in response to a determination that at least one of the detected encrypted communication is from an unauthorized application, which is not on the list of applications authorized for encrypted communications, based on the comparing and the detected encrypted communication is to an unauthorized destination, which is not on the list of authorized destinations.
|