专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US11539664B2 Methods and systems for efficient adaptive logging of cyber threat incidents 有权
公开(公告)号：US11539664B2
公开(公告)日：2022-12-27
申请号：US17838478
申请日：2022-06-13
申请人： Centripetal Networks, Inc.
发明人： John Fenton , Peter Geremia , Richard Goodwin , Sean Moore , Vincent Mutolo , Jess Parnell , Jonathan R. Rogers
IPC分类号： H04L29/06 , H04L9/40
摘要： A packet-filtering network appliance such as a threat intelligence gateway (TIG) protects TCP/IP networks from Internet threats by enforcing certain policies on in-transit packets that are crossing network boundaries. The policies are composed of packet filtering rules derived from cyber threat intelligence (CTI). Logs of rule-matching packets and their associated flows are sent to cyberanalysis applications located at security operations centers (SOCs) and operated by cyberanalysts. Some cyber threats/attacks, or incidents, are composed of many different flows occurring at a very high rate, which generates a flood of logs that may overwhelm computer, storage, network, and cyberanalysis resources, thereby compromising cyber defenses. The present disclosure describes incident logging, in which a single incident log efficiently incorporates the logs of the many flows that comprise the incident, thereby potentially reducing resource consumption while improving the informational/cyberanalytical value of the incident log for cyberanalysis when compared to the component flow logs. Incident logging vs. flow logging can be automatically and adaptively switched on or off depending on the combination of resource consumption and informational/cyberanalytical value.

2. 发明授权

US11463405B2 Methods and systems for efficient encrypted SNI filtering for cybersecurity applications 有权
公开(公告)号：US11463405B2
公开(公告)日：2022-10-04
申请号：US17688108
申请日：2022-03-07
申请人： Centripetal Networks, Inc.
发明人： Sean Moore , Vincent Mutolo , Jonathan R. Rogers
IPC分类号： H04L9/40 , H04L61/4511
摘要： A packet-filtering system described herein may be configured to filter packets with encrypted hostnames in accordance with one or packet-filtering rules. The packet-filtering system may resolve a plaintext hostname from ciphertext comprising an encrypted Server Name Indication (eSNI) value. The packet-filtering system may resolve the plaintext hostname using a plurality of techniques. Once the plaintext hostname is resolved, the packet-filtering system may then use the plaintext hostname to determine whether the packets are associated with one or more threat indicators. If the packet-filtering system determines that the packets are associated with one or more threat indicators, the packet-filtering system may apply a packet filtering operation associated with the packet-filtering rules to the packets.

3. 发明申请

US20220191171A1 Methods and Systems for Efficient Encrypted SNI filtering for Cybersecurity Applications 有权
公开(公告)号：US20220191171A1
公开(公告)日：2022-06-16
申请号：US17688108
申请日：2022-03-07
申请人： Centripetal Networks, Inc.
发明人： Sean Moore , Vincent Mutolo , Jonathan R. Rogers
IPC分类号： H04L9/40 , H04L61/4511
摘要： A packet-filtering system described herein may be configured to filter packets with encrypted hostnames in accordance with one or packet-filtering rules. The packet-filtering system may resolve a plaintext hostname from ciphertext comprising an encrypted Server Name Indication (eSNI) value. The packet-filtering system may resolve the plaintext hostname using a plurality of techniques. Once the plaintext hostname is resolved, the packet-filtering system may then use the plaintext hostname to determine whether the packets are associated with one or more threat indicators. If the packet-filtering system determines that the packets are associated with one or more threat indicators, the packet-filtering system may apply a packet filtering operation associated with the packet-filtering rules to the packets.

4. 发明授权

US11362996B2 Methods and systems for efficient adaptive logging of cyber threat incidents 有权
公开(公告)号：US11362996B2
公开(公告)日：2022-06-14
申请号：US17380519
申请日：2021-07-20
申请人： Centripetal Networks, Inc.
发明人： John Fenton , Peter Geremia , Richard Goodwin , Sean Moore , Vincent Mutolo , Jess Parnell , Jonathan R. Rogers
IPC分类号： H04L29/06 , H04L9/40
摘要： A packet-filtering network appliance protects networks from threats by enforcing policies on in-transit packets crossing network boundaries. The policies are composed of packet filtering rules derived from cyber threat intelligence (CTI). Logs of rule-matching packets and their flows are sent to cyberanalysis applications located at security operations centers (SOCs). Some cyber threats/attacks, or incidents, are composed of many different flows occurring at a very high rate, generating a flood of logs that may overwhelm computer, storage, network, and cyberanalysis resources, thereby compromising cyber defenses. The present disclosure describes incident logging that efficiently incorporates logs of many flows that comprise the incident, potentially reducing resource consumption while improving the informational/cyberanalytical value for cyberanalysis when compared to the component flow logs. Incident logging vs. flow logging can be automatically and adaptively switched on or off.

5. 发明申请

US20230083949A1 MALICIOUS HOMOGLYPHIC DOMAIN NAME DETECTION AND ASSOCIATED CYBER SECURITY APPLICATIONS 有权
公开(公告)号：US20230083949A1
公开(公告)日：2023-03-16
申请号：US17946900
申请日：2022-09-16
申请人： Centripetal Networks, Inc.
发明人： Vincent Mutolo , Alexander Chinchilli , Sean Moore , Matthew Sparrow , Connor Tess
IPC分类号： H04L9/40
摘要： Malicious homoglyphic domain name (MHDN) detection and associated cyber security applications are described. A domain name may be received that may be a potential MHDN. Homoglyphic domain name detection may be performed by, for example, generating a normalized character string corresponding to the input domain name by applying one or more normalization operations to the input domain name, wherein the one or more normalization operations may be configured to reduce homoglyphic characteristics in the input domain name; and generating a plurality of segmentations of the normalized character string, wherein generating each segmentation, of the plurality of segmentations, may comprise segmenting the normalized character string into a respective plurality of segments, and wherein each segmentation may comprise a different plurality of segments. A segmentation may be selected based on cost values corresponding to each respective segmentation determined using a cost function. The received domain name may be determined to be a homoglyphic domain name based on a determination that one or more segments of the selected first segmentation match a base of a known domain name in the at least one list of known domain names.

6. 发明授权

US11444963B1 Efficient threat context-aware packet filtering for network protection 有权
公开(公告)号：US11444963B1
公开(公告)日：2022-09-13
申请号：US17695047
申请日：2022-03-15
申请人： Centripetal Networks, Inc.
发明人： Sean Moore , Jonathan R. Rogers , Vincent Mutolo , Peter P. Geremia
IPC分类号： H04L29/06 , H04L9/40
摘要： A threat intelligence gateway (TIG) may protect TCP/IP networks from network (e.g., Internet) threats by enforcing certain policies on in-transit packets that are crossing network boundaries. The policies may be composed of packet filtering rules with packet-matching criteria derived from cyber threat intelligence (CTI) associated with Internet threats. These CTI-derived packet-filtering rules may be created offline by policy creation and management servers, which may distribute the policies to subscribing TIGs that subsequently enforce the policies on in-transit packets. Each packet filtering rule may specify a disposition that may be applied to a matching in-transit packet, such as deny/block/drop the in-transit packet or pass/allow/forward the in-transit packet, and also may specify directives that may be applied to a matching in-transit packet, such as log, capture, spoof-tcp-rst, etc. Often, however, the selection of a rule's disposition and directives that best protect the associated network may not be optimally determined before a matching in-transit packet is observed by the associated TIG. In such cases, threat context information that may only be available (e.g., computable) at in-transit packet observation and/or filtering time, such as current time-of-day, current TIG/network location, current TIG/network administrator, the in-transit packet being determined to be part of an active attack on the network, etc., may be helpful to determine the disposition and directives that may best protect the network from the threat associated with the in-transit packet. The present disclosure describes examples of methods, systems, and apparatuses that may be used for efficiently determining (e.g., accessing and/or computing), in response to the in-transit packet, threat context information associated with an in-transit packet. The threat context information may be used to efficiently determine the disposition and/or one or more directives to apply to the in-transit packet. This may result in dispositions and/or directives being applied to in-transit packets that better protect the network as compared with solely using dispositions and directives that were predetermined prior to receiving the in-transit packet.

7. 发明申请

US20220021650A1 METHODS AND SYSTEMS FOR EFFICIENT ENCRYPTED SNI FILTERING FOR CYBERSECURITY APPLICATIONS 有权
公开(公告)号：US20220021650A1
公开(公告)日：2022-01-20
申请号：US17175747
申请日：2021-02-15
申请人： Centripetal Networks, Inc.
发明人： Sean Moore , Vincent Mutolo , Jonathan R. Rogers
IPC分类号： H04L29/06 , H04L29/12
摘要： A packet-filtering system described herein may be configured to filter packets with encrypted hostnames in accordance with one or packet-filtering rules. The packet-filtering system may resolve a plaintext hostname from ciphertext comprising an encrypted Server Name Indication (eSNI) value. The packet-filtering system may resolve the plaintext hostname using a plurality of techniques. Once the plaintext hostname is resolved, the packet-filtering system may then use the plaintext hostname to determine whether the packets are associated with one or more threat indicators. If the packet-filtering system determines that the packets are associated with one or more threat indicators, the packet-filtering system may apply a packet filtering operation associated with the packet-filtering rules to the packets.

8. 发明授权

US10924456B1 Methods and systems for efficient encrypted SNI filtering for cybersecurity applications 有权
公开(公告)号：US10924456B1
公开(公告)日：2021-02-16
申请号：US16928083
申请日：2020-07-14
申请人： Centripetal Networks, Inc.
发明人： Sean Moore , Vincent Mutolo , Jonathan R. Rogers
IPC分类号： H04L29/06 , H04L29/12
摘要： A packet-filtering system described herein may be configured to filter packets with encrypted hostnames in accordance with one or packet-filtering rules. The packet-filtering system may resolve a plaintext hostname from ciphertext comprising an encrypted Server Name Indication (eSNI) value. The packet-filtering system may resolve the plaintext hostname using a plurality of techniques. Once the plaintext hostname is resolved, the packet-filtering system may then use the plaintext hostname to determine whether the packets are associated with one or more threat indicators. If the packet-filtering system determines that the packets are associated with one or more threat indicators, the packet-filtering system may apply a packet filtering operation associated with the packet-filtering rules to the packets.

9. 发明申请

US20220360598A1 Efficient Threat Context-Aware Packet Filtering For Network Protection 有权
公开(公告)号：US20220360598A1
公开(公告)日：2022-11-10
申请号：US17866208
申请日：2022-07-15
申请人： Centripetal Networks, Inc.
发明人： Sean Moore , Jonathan R. Rogers , Vincent Mutolo , Peter P. Geremia
IPC分类号： H04L9/40
摘要： A threat intelligence gateway (TIG) may protect TCP/IP networks from network (e.g., Internet) threats by enforcing certain policies on in-transit packets that are crossing network boundaries. The policies may be composed of packet filtering rules with packet-matching criteria derived from cyber threat intelligence (CTI) associated with Internet threats. These CTI-derived packet-filtering rules may be created offline by policy creation and management servers, which may distribute the policies to subscribing TIGs that subsequently enforce the policies on in-transit packets. Each packet filtering rule may specify a disposition that may be applied to a matching in-transit packet, such as deny/block/drop the in-transit packet or pass/allow/forward the in-transit packet, and also may specify directives that may be applied to a matching in-transit packet, such as log, capture, spoof-tcp-rst, etc. Often, however, the selection of a rule's disposition and directives that best protect the associated network may not be optimally determined before a matching in-transit packet is observed by the associated TIG. In such cases, threat context information that may only be available (e.g., computable) at in-transit packet observation and/or filtering time, such as current time-of-day, current TIG/network location, current TIG/network administrator, the in-transit packet being determined to be part of an active attack on the network, etc., may be helpful to determine the disposition and directives that may best protect the network from the threat associated with the in-transit packet. The present disclosure describes examples of methods, systems, and apparatuses that may be used for efficiently determining (e.g., accessing and/or computing), in response to the in-transit packet, threat context information associated with an in-transit packet. The threat context information may be used to efficiently determine the disposition and/or one or more directives to apply to the in-transit packet. This may result in dispositions and/or directives being applied to in-transit packets that better protect the network as compared with solely using dispositions and directives that were predetermined prior to receiving the in-transit packet.

10. 发明授权

US11349854B1 Efficient threat context-aware packet filtering for network protection 有权
公开(公告)号：US11349854B1
公开(公告)日：2022-05-31
申请号：US17508614
申请日：2021-10-22
申请人： Centripetal Networks, Inc.
发明人： Sean Moore , Jonathan R. Rogers , Vincent Mutolo , Peter P. Geremia
IPC分类号： H04L29/06 , H04L9/40
摘要： A threat intelligence gateway (TIG) may protect TCP/IP networks from network (e.g., Internet) threats by enforcing certain policies on in-transit packets that are crossing network boundaries. The policies may be composed of packet filtering rules with packet-matching criteria derived from cyber threat intelligence (CTI) associated with Internet threats. These CTI-derived packet-filtering rules may be created offline by policy creation and management servers, which may distribute the policies to subscribing TIGs that subsequently enforce the policies on in-transit packets. Each packet filtering rule may specify a disposition that may be applied to a matching in-transit packet, such as deny/block/drop the in-transit packet or pass/allow/forward the in-transit packet, and also may specify directives that may be applied to a matching in-transit packet, such as log, capture, spoof-tcp-rst, etc. Often, however, the selection of a rule's disposition and directives that best protect the associated network may not be optimally determined before a matching in-transit packet is observed by the associated TIG. In such cases, threat context information that may only be available (e.g., computable) at in-transit packet observation and/or filtering time, such as current time-of-day, current TIG/network location, current TIG/network administrator, the in-transit packet being determined to be part of an active attack on the network, etc., may be helpful to determine the disposition and directives that may best protect the network from the threat associated with the in-transit packet. The present disclosure describes examples of methods, systems, and apparatuses that may be used for efficiently determining (e.g., accessing and/or computing), in response to the in-transit packet, threat context information associated with an in-transit packet. The threat context information may be used to efficiently determine the disposition and/or one or more directives to apply to the in-transit packet. This may result in dispositions and/or directives being applied to in-transit packets that better protect the network as compared with solely using dispositions and directives that were predetermined prior to receiving the in-transit packet.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式