专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

81. 发明申请

US20190311149A1 DETECTING ATTACKS ON DATABASES BASED ON TRANSACTION CHARACTERISTICS DETERMINED FROM ANALYZING DATABASE LOGS 审中-公开
公开(公告)号：US20190311149A1
公开(公告)日：2019-10-10
申请号：US15995123
申请日：2018-05-31
申请人： Imperva, Inc.
发明人： Shiri MARGEL , Itsik MANTIN , Guy SHTAR , Yury GEILER
IPC分类号： G06F21/62 , G06F21/55
摘要： A method by a security system implemented by one or more electronic for detecting attacks on one or more databases. The method includes analyzing database logs of one or more databases to determine transaction characteristics of each of the one or more databases, selecting, for each of a plurality of database accesses to the one or more databases, one or more security rules to apply to that database access, wherein different security rules are selected for different ones of the plurality of database accesses depending on the determined transaction characteristics of the database being accessed, and causing, for each of the plurality of database accesses, the one or more security rules selected for that database access to be applied to that database access.

82. 发明授权

US10404742B2 Coordinated detection and differentiation of denial of service attacks 有权
公开(公告)号：US10404742B2
公开(公告)日：2019-09-03
申请号：US15286487
申请日：2016-10-05
申请人： Imperva, Inc.
发明人： Tal Arieh Be'ery , Amichai Shulman
IPC分类号： G06F11/00 , H04L29/06 , H04L12/24
摘要： According to one embodiment, an analyzer module (AM) within a same protected network and on-premise with a web application server (WAS) detects and distinguishes between types of Denial-of-Service (DoS) attacks. The AM tracks whether test HTTP messages, which include test HTTP request messages that a signal generation module (SGM) is configured to transmit to the WAS and test HTTP response messages that the WAS is expected to transmit in response to the test HTTP request messages, are timely received. The AM is aware of a timeliness that the SGM is expected to transmit the test HTTP request messages and that the WAS is expected to transmit the test response HTTP messages. The AM detects an occurrence of a DoS attack and identifies the type of the DoS attack based upon the result of the tracking indicating that a number of the test HTTP messages have not been timely received.

83. 发明申请

US20170244749A1 TECHNIQUES FOR DETECTING COMPROMISES OF ENTERPRISE END STATIONS UTILIZING NOISY TOKENS 审中-公开
公开(公告)号：US20170244749A1
公开(公告)日：2017-08-24
申请号：US15345445
申请日：2016-11-07
申请人： Imperva, Inc.
发明人： Amichai SHULMAN , Sagie DULCE
IPC分类号： H04L29/06
CPC分类号： H04L63/1441 , H04L63/0209 , H04L63/029 , H04L63/1416 , H04L63/1425 , H04L63/1491
摘要： Noisy tokens can be placed in locations of client end stations such that local operations performed upon the noisy tokens generate network traffic. A traffic monitoring module (TMM) can determine normal activity patterns of network traffic resulting from one or more of the placed noisy tokens being activated by one or more non-malicious operations, and identify that other network traffic resulting from one or more of the noisy tokens being activated does not meet the one or more normal activity patterns. In response, the TMM can cause an alert to be generated.

84. 发明申请

US20170237711A1 TECHNIQUES FOR PREVENTING LARGE-SCALE DATA BREACHES UTILIZING DIFFERENTIATED PROTECTION LAYERS 审中-公开
公开(公告)号：US20170237711A1
公开(公告)日：2017-08-17
申请号：US15582363
申请日：2017-04-28
申请人： Imperva, Inc.
发明人： Shiri MARGEL , Itsik MANTIN , Amichai SHULMAN
IPC分类号： H04L29/06 , G06F21/62
CPC分类号： H04L63/0281 , G06F21/62 , G06F21/6218 , G06F2221/2107 , H04L63/0428 , H04L63/105 , H04L63/1408 , H04L63/168
摘要： Techniques related to preventing large-scale data breaches utilizing differentiated data object (DO) protection layers are described. A security gateway placed within a communication path between client end stations and servers receives DO access requests from the client end stations. The DOs are divided into a first subset that are currently classified as active and a second subset that are currently classified as inactive based upon a likelihood of further legitimate access to the DOs. Those of the DO access requests for DOs determined to be in the first subset are subjected to a first protection layer utilizing zero or more protection mechanisms. Those of the plurality of DO access requests for DOs not in the first subset are subjected to a second protection layer utilizing one or more protection mechanisms. Large-scale data breaches are efficiently prevented without disruption to legitimate DO access requests.

85. 发明申请

US20160381023A1 DETECTION OF COMPROMISED UNMANAGED CLIENT END STATIONS USING SYNCHRONIZED TOKENS FROM ENTERPRISE-MANAGED CLIENT END STATIONS 有权
标题翻译：使用来自企业管理的客户端站的同步手柄来检测非易失性客户终端站
公开(公告)号：US20160381023A1
公开(公告)日：2016-12-29
申请号：US14750539
申请日：2015-06-25
申请人： Imperva, Inc.
发明人： Sagie DULCE , Amichai SHULMAN
IPC分类号： H04L29/06
CPC分类号： H04L63/10 , H04L63/1408 , H04L63/1491
摘要： Techniques related to detecting compromised unmanaged client end stations using synchronized tokens placed on enterprise-managed client end stations are described. A token distribution module causes token(s) to be placed with user data of a managed client end station in specific locations. The placement locations are selected due to the token(s) likely being synchronized, the token(s) being unlikely to be discovered or used by an authorized user, but likely discovered by an attacker. During a synchronization process, the token(s) are sent to an unmanaged client end station. The token(s) can be detected and/or acquired from the unmanaged client end station by an attacker, and thereafter used in an attempt to access an apparent enterprise resource. A token detection module can detect this use of the token(s) to thereby detect the compromise of the unmanaged client end station, without needing direct access to the unmanaged client end station.
摘要翻译：描述了使用放置在企业管理的客户端站上的同步令牌来检测受管理的非托管客户端站的技术。令牌分发模块使令牌与被管理客户端站的用户数据放在特定位置。由于可能被同步的令牌，选择位置位置，令牌不太可能被授权用户发现或使用，而是可能被攻击者发现。在同步过程中，令牌被发送到非托管客户端站。令牌可以被攻击者从非托管客户终端检测和/或获取，然后用于尝试访问明显的企业资源。令牌检测模块可以检测到令牌的这种使用，从而检测非托管客户端站的折中，而不需要直接访问非托管客户端站。

86. 发明申请

US20150381657A1 SELECTIVE MODIFICATION OF ENCRYPTED APPLICATION LAYER DATA IN A TRANSPARENT SECURITY GATEWAY 有权
公开(公告)号：US20150381657A1
公开(公告)日：2015-12-31
申请号：US14833013
申请日：2015-08-21
申请人： Imperva, Inc.
发明人： Ido KELSON , Dmitry BABICH
IPC分类号： H04L29/06 , H04L29/08
CPC分类号： H04L63/168 , H04L63/0281 , H04L63/0428 , H04L63/0435 , H04L63/0471 , H04L63/166 , H04L63/20 , H04L67/02
摘要： According to one embodiment, a transparent security gateway is coupled between a client end station (CES) and a web application server (WAS). The security gateway monitors an encryption protocol handshake between the CES and the WAS to capture, using a provided private key of the WAS, a generated symmetric key to be used for an encryption layer connection. Using the captured symmetric key, the security gateway receives an encrypted connection record of the encryption layer connection, decrypts the encrypted connection record to yield a plaintext connection record, modifies the plaintext connection record, encrypts the modified plaintext connection record using the symmetric key, and transmits one or more packets carrying the encrypted modification plaintext connection record instead of the received encrypted connection record such that neither the CES or WAS is aware of the modification of the encrypted data.

87. 发明申请

US20150381656A1 SELECTIVE MODIFICATION OF ENCRYPTED APPLICATION LAYER DATA IN A TRANSPARENT SECURITY GATEWAY 有权
标题翻译：加密应用层数据在透明安全网关中的选择性修改
公开(公告)号：US20150381656A1
公开(公告)日：2015-12-31
申请号：US14833012
申请日：2015-08-21
申请人： Imperva, Inc.
发明人： Ido KELSON , Dmitry BABICH
IPC分类号： H04L29/06 , H04L29/08
CPC分类号： H04L63/168 , H04L63/0281 , H04L63/0428 , H04L63/0435 , H04L63/0471 , H04L63/166 , H04L63/20 , H04L67/02
摘要： According to one embodiment, a transparent security gateway is coupled between a client end station (CES) and a web application server (WAS). The security gateway monitors an encryption protocol handshake between the CES and the WAS to capture, using a provided private key of the WAS, a generated symmetric key to be used for an encryption layer connection. Using the captured symmetric key, the security gateway receives an encrypted connection record of the encryption layer connection, decrypts the encrypted connection record to yield a plaintext connection record, modifies the plaintext connection record, encrypts the modified plaintext connection record using the symmetric key, and transmits one or more packets carrying the encrypted modification plaintext connection record instead of the received encrypted connection record such that neither the CES or WAS is aware of the modification of the encrypted data.
摘要翻译：根据一个实施例，透明安全网关耦合在客户终端站（CES）和Web应用服务器（WAS）之间。安全网关监视CES和WAS之间的加密协议握手，以使用所提供的WAS私钥来捕获要用于加密层连接的生成的对称密钥。使用所捕获的对称密钥，安全网关接收加密层连接的加密连接记录，解密加密的连接记录以产生明文连接记录，修改明文连接记录，使用对称密钥加密修改的明文连接记录，以及发送携带加密的修改明文连接记录的一个或多个分组，而不是接收到的加密连接记录，使得CES或WAS都不知道加密数据的修改。

88. 发明授权

US09148440B2 Coordinated detection and differentiation of denial of service attacks 有权
标题翻译：协调检测和区分拒绝服务攻击
公开(公告)号：US09148440B2
公开(公告)日：2015-09-29
申请号：US14088788
申请日：2013-11-25
申请人： IMPERVA, INC.
发明人： Tal Arieh Be'ery , Amichai Shulman
IPC分类号： G06F11/00 , H04L29/06
CPC分类号： H04L63/1458 , H04L41/0686 , H04L63/1416
摘要： According to one embodiment, an analyzer module (AM) within a same protected network and on-premise with a web application server (WAS) detects and distinguishes between types of Denial-of-Service (DoS) attacks. The AM tracks whether test HTTP messages, which include test HTTP request messages that a signal generation module (SGM) is configured to transmit to the WAS and test HTTP response messages that the WAS is expected to transmit in response to the test HTTP request messages, are timely received. The AM is aware of a timeliness that the SGM is expected to transmit the test HTTP request messages and that the WAS is expected to transmit the test response HTTP messages. The AM detects an occurrence of a DoS attack and identifies the type of the DoS attack based upon the result of the tracking indicating that a number of the test HTTP messages have not been timely received.
摘要翻译：根据一个实施例，同一受保护网络内的分析器模块（AM）和与Web应用服务器（WAS）的内部部署检测并区分拒绝服务（DoS）攻击的类型。 AM跟踪测试HTTP消息，其中包括测试HTTP请求消息，信号生成模块（SGM）配置为传输到WAS，并测试WAS预期响应于测试HTTP请求消息传输的HTTP响应消息，及时收到。 AM意识到SGM有望传送测试HTTP请求消息的及时性，并且WAS预期将传送测试响应HTTP消息。 AM检测到DoS攻击的发生，并且基于跟踪的结果来识别DoS攻击的类型，指示许多测试HTTP消息未被及时接收。

89. 发明授权

US09128941B2 On-demand content classification using an out-of-band communications channel for facilitating file activity monitoring and control 有权
标题翻译：使用带外通信通道进行点播内容分类，便于文件活动监控和控制
公开(公告)号：US09128941B2
公开(公告)日：2015-09-08
申请号：US13787536
申请日：2013-03-06
申请人： Imperva, Inc.
发明人： Amichai Shulman , Rotem Naar , Moshe Einhorn
IPC分类号： G06F17/30 , G06F17/27 , H04L12/851
CPC分类号： G06F17/30082 , G06F17/2785 , H04L47/2441
摘要： Communications to a server over an in-band communications channel are monitored for requests to access a file. Based on the communications, a request to access a particular file stored by the server is identified. Security and/or audit rules are identified based on the request. A determination is thereafter made that the security and/or audit rules require evaluation of classification information for contents of the requested file. Thus, a determination is made as to whether classification information for the contents of the particular file is available, such as determining whether the classification information is stored in a local classification cache. Responsive to a determination that the classification information is not available, classification information is obtained for the contents of the particular file using an out-of-band communications channel. Thereafter, processing with respect to the request to access the particular file is performed based on the obtained classification information and the one or more security and/or audit rules.
摘要翻译：监视通过带内通信信道到服务器的通信，以访问文件的请求。基于通信，识别访问由服务器存储的特定文件的请求。根据请求确定安全和/或审核规则。此后，确定安全和/或审核规则要求评估所请求文件内容的分类信息。因此，确定特定文件的内容的分类信息是否可用，诸如确定分类信息是否存储在本地分类高速缓存中。响应于分类信息不可用的确定，使用带外通信信道获得特定文件的内容的分类信息。此后，基于获得的分类信息和一个或多个安全和/或审核规则来执行关于访问特定文件的请求的处理。

90. 发明申请

US20150150123A1 COORDINATED DETECTION AND DIFFERENTIATION OF DENIAL OF SERVICE ATTACKS 有权
公开(公告)号：US20150150123A1
公开(公告)日：2015-05-28
申请号：US14088788
申请日：2013-11-25
申请人： IMPERVA, INC.
发明人： Tal Arieh Be'ery , Amichai Shulman
IPC分类号： H04L29/06
CPC分类号： H04L63/1458 , H04L41/0686 , H04L63/1416
摘要： According to one embodiment, an analyzer module (AM) within a same protected network and on-premise with a web application server (WAS) detects and distinguishes between types of Denial-of-Service (DoS) attacks. The AM tracks whether test HTTP messages, which include test HTTP request messages that a signal generation module (SGM) is configured to transmit to the WAS and test HTTP response messages that the WAS is expected to transmit in response to the test HTTP request messages, are timely received. The AM is aware of a timeliness that the SGM is expected to transmit the test HTTP request messages and that the WAS is expected to transmit the test response HTTP messages. The AM detects an occurrence of a DoS attack and identifies the type of the DoS attack based upon the result of the tracking indicating that a number of the test HTTP messages have not been timely received.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式