专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

21. 发明授权

US10382464B2 Data access verification for enterprise resources 有权
公开(公告)号：US10382464B2
公开(公告)日：2019-08-13
申请号：US15394756
申请日：2016-12-29
申请人： Imperva, Inc.
发明人： Amichai Shulman , Sagie Dulce
IPC分类号： G06F21/55 , H04L29/06
摘要： According to one embodiment, a method in a computing device for responding to a determination that a verification with a user is desired responsive to detection of activity indicative of a possible insider threat is described. The method includes selecting a target role and a target user for the verification based on an activity context and an enterprise context repository, the selecting including selecting the target role from a plurality of target roles based on the activity context and optionally the enterprise context repository and selecting a target user in the selected target role based on the enterprise context repository. The method further includes causing a verification request to be sent to the selected target user; and generating an alert when a verification result indicates that the activity is indicative of the possible insider threat.

22. 发明授权

US10382400B2 Techniques for preventing large-scale data breaches utilizing differentiated protection layers 有权
公开(公告)号：US10382400B2
公开(公告)日：2019-08-13
申请号：US15582363
申请日：2017-04-28
申请人： Imperva, Inc.
发明人： Shiri Margel , Itsik Mantin , Amichai Shulman
IPC分类号： G06F21/62 , H04L29/06
摘要： Techniques related to preventing large-scale data breaches utilizing differentiated data object (DO) protection layers are described. A security gateway placed within a communication path between client end stations and servers receives DO access requests from the client end stations. The DOs are divided into a first subset that are currently classified as active and a second subset that are currently classified as inactive based upon a likelihood of further legitimate access to the DOs. Those of the DO access requests for DOs determined to be in the first subset are subjected to a first protection layer utilizing zero or more protection mechanisms. Those of the plurality of DO access requests for DOs not in the first subset are subjected to a second protection layer utilizing one or more protection mechanisms. Large-scale data breaches are efficiently prevented without disruption to legitimate DO access requests.

23. 发明申请

US20180048665A1 TECHNIQUES FOR DETECTING ENTERPRISE INTRUSIONS UTILIZING ACTIVE TOKENS 审中-公开
公开(公告)号：US20180048665A1
公开(公告)日：2018-02-15
申请号：US15672055
申请日：2017-08-08
申请人： Imperva, Inc.
发明人： Amichai SHULMAN , Sagie DULCE
IPC分类号： H04L29/06
CPC分类号： H04L63/1425 , H04L63/083 , H04L63/102 , Y02D30/30
摘要： A Token Transmission Server transmits active tokens within an enterprise network. The active tokens include either active data tokens or active request tokens, and are fraudulent from the perspective of the enterprise. A Token Monitoring Server monitors network traffic within the enterprise network to detect the presence of network traffic being originated by an enterprise device based upon the active tokens, and generates an alert indicating that the enterprise device is likely compromised.

24. 发明授权

US09674202B1 Techniques for preventing large-scale data breaches utilizing differentiated protection layers 有权
公开(公告)号：US09674202B1
公开(公告)日：2017-06-06
申请号：US14983414
申请日：2015-12-29
申请人： Imperva, Inc.
发明人： Shiri Margel , Itsik Mantin , Amichai Shulman
IPC分类号： H04L29/06
CPC分类号： H04L63/0281 , G06F21/62 , G06F21/6218 , G06F2221/2107 , H04L63/0428 , H04L63/105 , H04L63/1408 , H04L63/168
摘要： Techniques related to preventing large-scale data breaches utilizing differentiated data object (DO) protection layers are described. A security gateway placed within a communication path between client end stations and servers receives DO access requests from the client end stations. The DOs are divided into a first subset that are currently classified as active and a second subset that are currently classified as inactive based upon a likelihood of further legitimate access to the DOs. Those of the DO access requests for DOs determined to be in the first subset are subjected to a first protection layer utilizing zero or more protection mechanisms. Those of the plurality of DO access requests for DOs not in the first subset are subjected to a second protection layer utilizing one or more protection mechanisms. Large-scale data breaches are efficiently prevented without disruption to legitimate DO access requests.

25. 发明授权

US09553892B2 Selective modification of encrypted application layer data in a transparent security gateway 有权
标题翻译：在透明安全网关中选择性修改加密的应用层数据
公开(公告)号：US09553892B2
公开(公告)日：2017-01-24
申请号：US14833013
申请日：2015-08-21
申请人： Imperva, Inc.
发明人： Ido Kelson , Dmitry Babich
IPC分类号： H04L29/06 , H04L29/08
CPC分类号： H04L63/168 , H04L63/0281 , H04L63/0428 , H04L63/0435 , H04L63/0471 , H04L63/166 , H04L63/20 , H04L67/02
摘要： According to one embodiment, a transparent security gateway is coupled between a client end station (CES) and a web application server (WAS). The security gateway monitors an encryption protocol handshake between the CES and the WAS to capture, using a provided private key of the WAS, a generated symmetric key to be used for an encryption layer connection. Using the captured symmetric key, the security gateway receives an encrypted connection record of the encryption layer connection, decrypts the encrypted connection record to yield a plaintext connection record, modifies the plaintext connection record, encrypts the modified plaintext connection record using the symmetric key, and transmits one or more packets carrying the encrypted modification plaintext connection record instead of the received encrypted connection record such that neither the CES or WAS is aware of the modification of the encrypted data.
摘要翻译：根据一个实施例，透明安全网关耦合在客户终端站（CES）和Web应用服务器（WAS）之间。安全网关监视CES和WAS之间的加密协议握手，以使用所提供的WAS私钥来捕获要用于加密层连接的生成的对称密钥。使用所捕获的对称密钥，安全网关接收加密层连接的加密连接记录，解密加密的连接记录以产生明文连接记录，修改明文连接记录，使用对称密钥加密修改的明文连接记录，以及发送携带加密的修改明文连接记录的一个或多个分组，而不是接收到的加密连接记录，使得CES或WAS都不知道加密数据的修改。

26. 发明申请

US20150135266A1 COMPROMISED INSIDER HONEY POTS USING REVERSE HONEY TOKENS 有权
标题翻译：使用反向HONEY TOKENS的压缩内脏蜂蜜点
公开(公告)号：US20150135266A1
公开(公告)日：2015-05-14
申请号：US14600855
申请日：2015-01-20
申请人： Imperva, Inc.
发明人： Amichai Shulman , Michael Cherny , Sagie Dulce
IPC分类号： H04L29/06
CPC分类号： H04L63/1491 , H04L63/0263 , H04L63/1416 , H04L63/20
摘要： According to one embodiment, a method for setting a trap to detect that an intruder has compromised a client end station (CES) in an attempt to gain unauthorized access to enterprise data provided by a server is described. The method includes causing a honey token to be placed on the CES secluded within a configuration repository, wherein the honey token is metadata and/or instructions indicating how applications can seemingly access the enterprise data but that is actually invalid, and the honey token is placed on the CES and not on the server. The method also includes causing attribute values to be installed on a security gateway for a security rule causing the security gateway to monitor network traffic for attempted use of the honey token, and to generate an alert when a set of one or more packets that include the honey token are received.
摘要翻译：根据一个实施例，描述了一种用于设置陷阱以检测入侵者已经破坏了客户端站（CES）以尝试获得未经授权的访问由服务器提供的企业数据的方法。该方法包括使蜂蜜令牌放置在配置库内隐藏的CES上，其中蜂蜜令牌是元数据和/或指示应用程序如何看起来访问企业数据但实际上无效的指令，并且蜂蜜令牌被放置在CES上，而不是在服务器上。该方法还包括使属性值安装在用于安全规则的安全网关上的安全规则，导致安全网关监视网络流量以尝试使用蜂蜜令牌，并且当包括一个或多个分组的一个或多个分组的集合时生成警报收到蜂蜜令牌。

27. 发明授权

US08997232B2 Iterative automatic generation of attribute values for rules of a web application layer attack detector 有权
标题翻译：迭代自动生成Web应用层攻击检测器规则的属性值
公开(公告)号：US08997232B2
公开(公告)日：2015-03-31
申请号：US13948148
申请日：2013-07-22
申请人： Imperva, Inc.
发明人： Tal Arieh Be'ery , Shelly Hershkovitz , Nitzan Niv , Amichai Shulman
IPC分类号： H04L29/06
CPC分类号： H04L63/14 , H04L63/1408 , H04L63/16 , H04L63/168 , H04L63/20 , H04L63/30 , H04L67/02
摘要： According to one embodiment, a computing device is coupled to a set of web application layer attack detectors (AD), which are coupled between HTTP clients and web application servers. The computing device learns a new set of attribute values for a set of attribute identifiers for each of a sequence of rules through an iterative process having a plurality of iterations. The iterative process begins with an attack specific rule, and the sequence of rules includes an attacker specific rule and another attack specific rule. Each iteration includes receiving a current alert package from one of the ADs sent responsive to a set of packets carrying a web application layer request meeting a condition of a current rule used by the AD, automatically generating a new set of attribute values based upon the current alert package, and transmitting the new set of attribute values to the set of ADs.
摘要翻译：根据一个实施例，计算设备耦合到一组web应用层攻击检测器（AD），其耦合在HTTP客户端和web应用服务器之间。计算设备通过具有多个迭代的迭代过程来学习用于规则序列中的每一个的一组属性标识符的新集合的属性值。迭代过程从攻击特定规则开始，规则序列包括攻击者特定规则和另一个攻击特定规则。每次迭代包括从响应于一组传送的AD发送的当前警报包，该组包携带满足AD使用的当前规则的条件的web应用层请求，基于当前的自动生成一组新的属性值警报包，并将新的属性值集合发送到AD集合。

28. 发明申请

US20140317741A1 AUTOMATIC GENERATION OF DIFFERENT ATTRIBUTE VALUES FOR DETECTING A SAME TYPE OF WEB APPLICATION LAYER ATTACK 有权
标题翻译：用于检测同一类WEB应用层攻击的不同属性值的自动生成
公开(公告)号：US20140317741A1
公开(公告)日：2014-10-23
申请号：US13948156
申请日：2013-07-22
申请人： Imperva, Inc.
发明人： Tal Arieh Be'ery , Nitzan Niv , Amichai Shulman
IPC分类号： H04L29/06
CPC分类号： H04L63/14 , H04L63/1408 , H04L63/16 , H04L63/168 , H04L63/20 , H04L63/30 , H04L67/02
摘要： According to one embodiment, a computing device is coupled to a web application layer attack detector (AD), which itself is coupled between an HTTP client and a web application server. The computing device automatically learns a new condition to detect a first type of web application layer attack. Responsive receiving a web application layer message from the HTTP client that violates a rule for detecting the first type of web application layer attack, the AD transmits an alert package to the computing device, which uses the alert package, and optionally other alert packages, to automatically generate a new set of attribute values for each of a set of attribute identifiers to be transmitted to the AD or optionally other ADs for use in a different rule than the violated rule. The different rule is another attack specific rule for detecting the first type of web application layer attack.
摘要翻译：根据一个实施例，计算设备耦合到web应用层攻击检测器（AD），其自身耦合在HTTP客户端和web应用服务器之间。计算设备自动学习检测第一类Web应用层攻击的新条件。响应于从HTTP客户端接收到违反用于检测第一类型的web应用层攻击的规则的Web应用层消息，AD向使用警报包和可选地其他警报包的计算设备发送警报包，为要发送到AD或可选的其他AD的属性标识符集合中的每一个自动生成一组新的属性值，以便与违反规则不同的规则使用。不同的规则是用于检测第一类Web应用层攻击的另一种攻击特定规则。

29. 发明申请

US20140317740A1 COMMUNITY-BASED DEFENSE THROUGH AUTOMATIC GENERATION OF ATTRIBUTE VALUES FOR RULES OF WEB APPLICATION LAYER ATTACK DETECTORS 有权
标题翻译：通过自动生成WEB应用层攻击检测器规则的属性值进行社区防御
公开(公告)号：US20140317740A1
公开(公告)日：2014-10-23
申请号：US13948153
申请日：2013-07-22
申请人： Imperva, Inc.
发明人： Tal Arieh Be'ery , Shelly Hershkovitz , Nitzan Niv , Amichai Shulman
IPC分类号： H04L29/06
CPC分类号： H04L63/14 , H04L63/1408 , H04L63/16 , H04L63/168 , H04L63/20 , H04L63/30 , H04L67/02
摘要： According to one embodiment, a computing device is coupled to a set of web application layer attack detectors (ADs), which are coupled between HTTP clients and web application servers. The computing device automatically learns a new condition shared by a plurality of alert packages reported by the set of ADs due to a triggering of one or more rules that is indicative of a web application layer attack. The computing device automatically generates a new set of attribute values by analyzing the plurality of alert packages to identify the condition shared by the plurality of alert packages, and transmits the new set of attribute values for delivery to the set of ADs for a different rule to be used to protect against the web application layer attack from the HTTP clients or any other HTTP client.
摘要翻译：根据一个实施例，计算设备耦合到一组web应用层攻击检测器（AD），其耦合在HTTP客户端和web应用服务器之间。由于触发一个或多个指示web应用层攻击的规则，计算设备自动学习由该组AD报告的多个警报包共享的新条件。计算设备通过分析多个警报包来自动生成一组新的属性值，以识别由多个警报包共享的条件，并且将新的属性值集合发送给用于不同规则的AD集合用于防止HTTP客户端或任何其他HTTP客户端的Web应用程序层攻击。

30. 发明授权

US11792209B2 Robust learning of web traffic 有权
公开(公告)号：US11792209B2
公开(公告)日：2023-10-17
申请号：US17139644
申请日：2020-12-31
申请人： Imperva, Inc.
发明人： Itsik Mantin
IPC分类号： H04L43/04 , H04L9/40
CPC分类号： H04L63/1408 , H04L43/04 , H04L63/0236 , H04L63/0254
摘要： A method includes monitoring web traffic until a threshold of network traffic is collected. The method further includes determining a number of location characteristics corresponding to the network traffic. The method further includes monitoring traffic information corresponding to the number of location characteristics until a threshold of traffic information is collected. The method further includes determining a number of location content flags corresponding to the traffic information. The method further includes generating, by a processing device, a location profile based on the number of location characteristics and the number of content flags. The method further includes blocking impermissible web traffic from reaching a client device based on the location profile.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式