专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

21. 发明申请

US20220321533A1 FEEDBACK MECHANISM TO ENFORCE A SECURITY POLICY 有权
公开(公告)号：US20220321533A1
公开(公告)日：2022-10-06
申请号：US17217682
申请日：2021-03-30
申请人： Palo Alto Networks, Inc.
发明人： Zhou Olivier Zheng
IPC分类号： H04L29/06 , H04L29/12
摘要： Techniques for providing a feedback mechanism to enforce a security policy are provided. In some embodiments, dynamic resolution of Fully Qualified Domain Name (FQDN) address objects in policy definitions includes receiving a security policy that includes a domain name (e.g., the network policy can include a network security rule that is based on the domain name); and periodically updating Internet Protocol (IP) address information associated with the domain name based on a feedback mechanism that utilizes network logs (e.g., implemented using a learning process for FQDN to IP address mappings) to facilitate a more effective security policy enforcement. For example, a security device (e.g., a firewall or other network gateway) can perform a learning process for FQDN to IP address mappings that utilizes past successful sessions or trusted information sources to be used as an authorized IP range, and then the security policy can be enriched with the layer 3 information (e.g., IP addresses) and matching the FQDN address objects (e.g., web addresses, such as Uniform Resource Locations). As such, the security device can then be configured to block all connection attempts at layer 3 (e.g., using IP addresses), which improves network security by reducing the opportunity for attackers to, for example, send/download malicious traffic prior to enforcement based on layer 7 information.

22. 发明申请

US20220321532A1 IOT DEVICE APPLICATION WORKLOAD CAPTURE 有权
公开(公告)号：US20220321532A1
公开(公告)日：2022-10-06
申请号：US17219481
申请日：2021-03-31
申请人： Palo Alto Networks, Inc.
发明人： Jun Du
IPC分类号： H04L29/06 , G16Y10/75 , G16Y30/10 , H04L12/24
摘要： Internet of Things (IoT) device application workload capture is disclosed. A target IoT device is selected. A flow associated with the target device is determined and tagged. Packets from the tagged flow are admitted into a ring buffer. An indication is received that an extraction should be performed on a portion of the packets included in the ring buffer.

23. 发明申请

US20220318386A1 GENERATION OF A CAUSALITY TREE REPRESENTATION OF THREAT ANALYSIS REPORT DATA 有权
公开(公告)号：US20220318386A1
公开(公告)日：2022-10-06
申请号：US17219484
申请日：2021-03-31
申请人： Palo Alto Networks, Inc.
发明人： Swati Vaibhav Bhosale , Eyal Firstenberg , Edward Thomas Spencer , Christopher Jacobs
IPC分类号： G06F21/56 , G06F21/55
摘要： A report generated from analysis of a software sample is obtained and parsed. A root node of a causality tree is determined based on source-target relationships and a primary malware instance indicated in the report. Actions, behaviors, and additional malware instances are identified based on the report. Additional relationships among the data which are not explicitly represented are extracted from further parsing and processing of the report by tracing the relationships in the report data starting from the data of the entity represented by the root node, with child nodes added for processes and files discovered from the tracing. For each entity for which a node is added to the causality tree, counts of the related behaviors and actions are determined and associated with the node along with the corresponding details. A GUI depiction of the resulting causality tree is generated and displayed for visualizing and navigating the causality tree.

24. 发明授权

US11436329B2 Using browser context in evasive web-based malware detection 有权
公开(公告)号：US11436329B2
公开(公告)日：2022-09-06
申请号：US16927494
申请日：2020-07-13
申请人： Palo Alto Networks, Inc.
发明人： Tongbo Luo , Xin Ouyang , Zhaoyan Xu , Xing Jin
IPC分类号： G06F21/00 , G06F21/56 , G06F9/54 , G06F9/455 , G06F16/955 , H04L67/02
摘要： The use of browser context in detecting malware is disclosed. A client device requests content from a remote server. Data received by the client device from the remote server is transmitted to an external scanner for analysis by the external scanner. The external scanner is configured to use a browser executed in an instrumented virtual machine environment to analyze the data provided by the client device. The client device is configured to act as a proxy on behalf of the external scanner.

25. 发明授权

US11436012B1 Automated orchestration of large-scale flow log transformation 有权
公开(公告)号：US11436012B1
公开(公告)日：2022-09-06
申请号：US17321175
申请日：2021-05-14
申请人： Palo Alto Networks, Inc.
发明人： Krishnan Shankar Narayan
IPC分类号： H04L9/40 , G06F9/30 , G06F9/46 , G06F9/54 , G06F16/18 , G06F9/38 , G06F9/50
摘要： When a transformation job of flow logs generated for a cloud environment is triggered, a security service determines a parameterized template for batch data processing operations offered by the cloud service provider (CSP) to use based on the type of transformation job. The security service communicates an indication of the template and the corresponding parameter values to a data processing service/pipeline offered by the CSP. The provisioned processing resources retrieve the flow logs from a designated location in cloud storage, complete the transformation, and store the transformed flow logs in a new storage location. If the CSP does not provide a data processing service/pipeline which can perform bulk data transformation, the security service uses a generic parameterized template specifying a transformation job to be run on a cluster. Upon completion, the security service retrieves and analyzes the transformed flow logs as part of threat detection performed for securing the cloud environment.

26. 发明申请

US20220261481A1 SOFTWARE PACKER-AGNOSTIC UNPACKING OF PACKED EXECUTABLES 有权
公开(公告)号：US20220261481A1
公开(公告)日：2022-08-18
申请号：US17175321
申请日：2021-02-12
申请人： Palo Alto Networks, Inc.
发明人： James Thomas Fitzgerald
IPC分类号： G06F21/56 , G06F21/53
摘要： To unpack packed executables generated with a packer or packing technique that cannot be identified, a universal unpacker unpacks the executable by running the packed executable in a controlled environment and monitoring execution of the program code which unpacks the executable and memory accessed as a result. The unpacker intercepts system calls issued during execution and can allow, emulate, or block intercepted system calls to provide maximum protection of the host system on which it executes. Unpacking and monitoring can continue until a criterion for termination has been satisfied, such as whether a specified time has elapsed, a specified number of instructions have executed, or a system call which triggers termination has been intercepted. The unpacker writes the memory that comprises the unpacked executable to disk. Malware analysis can then be performed on the unpacked executable.

27. 发明申请

US20220239674A1 SECURITY APPLIANCE TO MONITOR NETWORKED COMPUTING ENVIRONMENT 有权
公开(公告)号：US20220239674A1
公开(公告)日：2022-07-28
申请号：US17658683
申请日：2022-04-11
申请人： Palo Alto Networks, Inc.
发明人： Chandra Mouleeswaran , Wayne Jensen
IPC分类号： H04L9/40 , H04L41/14 , G06F16/23 , G06F16/2458 , G06F16/901 , G06F16/9032 , G06F16/2455
摘要： A security appliance is used to evaluate the software defined infrastructure. The security appliance includes a data ingestion and query engine. The data ingestion and query engine is configured to retrieve data associated with a resource in the software defined infrastructure, the data stored in a tree structure, extract selective information for the resource from the retrieved data, and generate a NI model for the resource, with the NI model including a plurality of fields and associated value types. A path document for each of the fields is generated, with the path document including a plurality of attributes related to the resource in the software defined infrastructure. The generated path document for each of the fields of the NI model is stored in a data store of the security appliance.

28. 发明授权

US11374957B2 Determining risk associated with internet protocol (IP) addresses involved in internet communications 有权
公开(公告)号：US11374957B2
公开(公告)日：2022-06-28
申请号：US16166972
申请日：2018-10-22
申请人： Palo Alto Networks, Inc.
发明人： Matthew Kraning , Gregory Heon , Pamela Toman
IPC分类号： H04L9/40 , H04L43/026 , H04L43/50 , H04L43/16 , H04L43/062 , H04L43/10 , H04L41/0213
摘要： Introduced here are security management platforms configured to estimate the risk posed by a public communication activity that involves an internal Internet Protocol (IP) address that resides on an internal network. Initially, a security management platform can examine network data to detect a public communication activity involving an internal IP address and an external IP address. Thereafter, the security management platform can probe the external IP address by transmitting a query designed to elicit a response, and then evaluate a risk posed by the public communication activity by analyzing response(s) received from the external IP address, if any, responsive to the query. For example, the security management platform may be able to determine whether a service determined to be vulnerable to unauthorized access is running on the external IP address.

29. 发明申请

US20220191252A1 MOBILE EQUIPMENT IDENTITY AND/OR IOT EQUIPMENT IDENTITY AND APPLICATION IDENTITY BASED SECURITY ENFORCEMENT IN SERVICE PROVIDER NETWORKS 有权
公开(公告)号：US20220191252A1
公开(公告)日：2022-06-16
申请号：US17688675
申请日：2022-03-07
申请人： Palo Alto Networks, Inc.
发明人： Sachin Verma , Leonid Burakovsky , Jesse C. Shu , Chang Li
IPC分类号： H04L9/40 , H04W12/06 , H04W12/48 , H04W12/088
摘要： Techniques for mobile equipment identity and/or IoT equipment identity and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for mobile equipment identity and/or IoT equipment identity and application identity based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a device identifier for a new session; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the device identifier and the application identifier.

30. 发明申请

US20220159043A1 MULTI-PERSPECTIVE SECURITY CONTEXT PER ACTOR 有权
公开(公告)号：US20220159043A1
公开(公告)日：2022-05-19
申请号：US17650260
申请日：2022-02-08
申请人： Palo Alto Networks, Inc.
发明人： Jeffrey James Fitz-Gerald, JR. , Ashwath Sreenivasa Murthy
IPC分类号： H04L9/40
摘要： A flexible security system has been created that allows for fluid security operations that adapt to the dynamic nature of user behavior while also allowing the security related operations themselves to be dynamic. This flexible system includes ongoing collection and/or updating of multi-perspective “security contexts” per actor and facilitating consumption of these multi-perspective security contexts for security related operations on the users. These security related operations can include policy-based security enforcement and inspection. A security platform component or security entity uses a multi-perspective security context for a user or actor. Aggregating and maintaining behavioral information into a data structure for an actor over time from different sources allows a security platform component or entity to have historical context for an actor from one or more security perspectives. Descriptors that form a security context can originate from various sources having visibility of user behavior and/or user attributes.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式