专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09185114B2 Methods and systems for secure storage segmentation based on security context in a virtual environment 有权
标题翻译：基于虚拟环境中的安全上下文的安全存储分段的方法和系统
公开(公告)号：US09185114B2
公开(公告)日：2015-11-10
申请号：US13706256
申请日：2012-12-05
申请人： Symantec Corporation
发明人： Deb Banerjee
IPC分类号： H04L29/06 , G06F9/455
CPC分类号： H04L63/10 , G06F9/45558 , G06F9/5044 , G06F9/5077 , G06F2009/45587 , H04L63/105
摘要： A computer system identifies a request to place a workload in a hypervisor-based host. The computer system identifies a security level of the workload. The computer system identifies a security level of a storage device associated with the hypervisor-based host. If the security level of the workload corresponds to the security level of the storage device, the computer system grants the request to place the workload in the hypervisor-based host. If the security level of the workload does not correspond to the security level of the storage device, the computer system denies the request to place the workload in the hypervisor-based host.
摘要翻译：计算机系统识别将工作负载放置在基于管理程序的主机中的请求。计算机系统识别工作负载的安全级别。计算机系统识别与基于管理程序的主机相关联的存储设备的安全级别。如果工作负载的安全级别对应于存储设备的安全级别，则计算机系统授予将工作负载置于基于管理程序的主机中的请求。如果工作负载的安全级别与存储设备的安全级别不对应，则计算机系统将拒绝将工作负载置于基于管理程序的主机中的请求。

2. 发明授权

US10171483B1 Utilizing endpoint asset awareness for network intrusion detection 有权
公开(公告)号：US10171483B1
公开(公告)日：2019-01-01
申请号：US13974440
申请日：2013-08-23
申请人： Symantec Corporation
发明人： Deb Banerjee
IPC分类号： H04L29/06 , G06F21/55
摘要： An intrusion device identifies network data to be sent to a destination endpoint and determines a sensitivity level of the destination endpoint based on asset valuation. The intrusion device identifies a subset of signatures that corresponds to the sensitivity level of the destination endpoint and determines whether the network data includes an intrusion based on the subset of signatures.

3. 发明授权

US09225735B1 Systems and methods for blocking flanking attacks on computing systems 有权
标题翻译：阻止计算机系统侧翼攻击的系统和方法
公开(公告)号：US09225735B1
公开(公告)日：2015-12-29
申请号：US14139829
申请日：2013-12-23
申请人： Symantec Corporation
发明人： Deb Banerjee
IPC分类号： H04L29/06 , G06F21/55
CPC分类号： H04L63/08 , G06F21/55 , G06F21/554 , H04L63/105 , H04L63/1416 , H04L63/1458 , H04L63/20
摘要： A computer-implemented method for blocking flanking attacks on computing systems may include (1) detecting a denial-of-service attack targeting a computing network, (2) inferring, based at least in part on detecting the denial-of-service attack, a secondary attack targeting at least one computing resource within the computing network, (3) determining that the computing resource is subject to additional protection based on inferring the secondary attack targeting the computing resource, and (4) protecting the computing resource against the secondary attack by adding an authentication requirement for accessing the computing resource. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于阻止对计算系统的侧向攻击的计算机实现的方法可以包括（1）检测针对计算网络的拒绝服务攻击，（2）至少部分地基于检测到拒绝服务攻击来推断，针对计算网络内的至少一个计算资源的次要攻击，（3）基于推断针对计算资源的二次攻击来确定计算资源受到额外保护，以及（4）保护计算资源免受次要攻击通过添加访问计算资源的认证要求。还公开了各种其它方法，系统和计算机可读介质。

4. 发明授权

US09699141B2 Method and apparatus for integrating security context in network routing decisions 有权
公开(公告)号：US09699141B2
公开(公告)日：2017-07-04
申请号：US13856229
申请日：2013-04-03
申请人： Symantec Corporation
发明人： Deb Banerjee
IPC分类号： H04L29/06
CPC分类号： H04L63/02 , H04L63/0245
摘要： An apparatus identifies a request from a user device to access data on a storage server. The apparatus determines a sensitivity level of response data for a response to the request, security context of the response, and a routing action to perform for the response by applying a policy to the sensitivity level of the response data and the security context of the response. The apparatus executes the routing action for the response.

5. 发明授权

US09461984B1 Systems and methods for blocking flanking attacks on computing systems 有权
公开(公告)号：US09461984B1
公开(公告)日：2016-10-04
申请号：US14866634
申请日：2015-09-25
申请人： Symantec Corporation
发明人： Deb Banerjee
IPC分类号： H04L29/06
CPC分类号： H04L63/08 , G06F21/55 , G06F21/554 , H04L63/105 , H04L63/1416 , H04L63/1458 , H04L63/20
摘要： A computer-implemented method for blocking flanking attacks on computing systems may include (1) detecting a denial-of-service attack targeting a computing network, (2) inferring, based at least in part on detecting the denial-of-service attack, a secondary attack targeting at least one computing resource within the computing network, (3) determining that the computing resource is subject to additional protection based on inferring the secondary attack targeting the computing resource, and (4) protecting the computing resource against the secondary attack by adding an authentication requirement for accessing the computing resource. Various other methods, systems, and computer-readable media are also disclosed.

6. 发明授权

US09448826B2 Enforcing policy-based compliance of virtual machine image configurations 有权
标题翻译：执行虚拟机映像配置的基于策略的合规性
公开(公告)号：US09448826B2
公开(公告)日：2016-09-20
申请号：US13838929
申请日：2013-03-15
申请人： Symantec Corporation
发明人： Deb Banerjee
IPC分类号： G06F9/455 , G06F21/53
CPC分类号： G06F9/45533 , G06F21/53 , G06F2009/45575 , G06F2009/45587
摘要： Techniques are disclosed for data risk management in accessing an Infrastructure as a Service (IaaS) cloud network. More specifically, embodiments of the invention evaluate virtual machine images launched in cloud-based environments for compliance with a policy. After intercepting a virtual machine image launch request, an intermediary policy management engine determines whether the request conforms to a policy defined by a policy manager, e.g., an enterprise's information security officer. The policy may be based on user identities, virtual machine image attributes, data classifications, or other criteria. Upon determining whether the request conforms to policy, the policy management engine allows the request, blocks the request, or triggers a management approval workflow.
摘要翻译：公开了在访问基础架构即服务（IaaS）云网络时进行数据风险管理的技术。更具体地，本发明的实施例评估在基于云的环境中启动的符合策略的虚拟机映像。在拦截虚拟机映像启动请求之后，中间策略管理引擎确定请求是否符合由策略管理器（例如企业的信息安全员）定义的策略。该策略可以基于用户身份，虚拟机图像属性，数据分类或其他标准。在确定请求是否符合策略后，策略管理引擎允许请求，阻止请求或触发管理批准工作流程。

7. 发明申请

US20160065618A1 Method and Apparatus for Automating Security Provisioning of Workloads 有权
标题翻译：自动化安全提供工作负载的方法和装置
公开(公告)号：US20160065618A1
公开(公告)日：2016-03-03
申请号：US14474477
申请日：2014-09-02
申请人： Symantec Corporation
发明人： Deb Banerjee
IPC分类号： H04L29/06 , G06F9/455
CPC分类号： H04L63/20 , G06F9/455 , G06F9/50 , G06F2009/4557 , G06F2009/45587
摘要： A method of automating security provisioning is provided. The method includes receiving a request to start a virtual application and determining an owner of the virtual application. The method includes determining a workload based on the virtual application, the workload including an application and a virtual machine and assigning the workload to a security container or sub-container, among a plurality of security containers, based on the owner of the virtual application.
摘要翻译：提供了自动化安全配置的方法。该方法包括接收启动虚拟应用的请求并确定虚拟应用的所有者。该方法包括基于虚拟应用程序确定工作负载，包括应用程序和虚拟机的工作负载，以及基于虚拟应用程序的所有者，将工作负载分配给多个安全容器之中的安全容器或子容器。

8. 发明授权

US09104859B1 Systems and methods for scanning data stored on cloud computing platforms 有权
标题翻译：用于扫描存储在云计算平台上的数据的系统和方法
公开(公告)号：US09104859B1
公开(公告)日：2015-08-11
申请号：US13925357
申请日：2013-06-24
申请人： Symantec Corporation
发明人： Deb Banerjee
IPC分类号： H04L29/06 , G06F21/00 , G06F21/50
CPC分类号： G06F21/554 , G06F21/562 , G06F2221/033 , H04L63/1408
摘要： A computer-implemented method for scanning data stored on cloud computing platforms may include (1) identifying a cloud computing service that hosts a plurality of cloud computing instances and a plurality of data volumes that store data for the plurality of cloud computing instances, (2) determining that a data volume within the plurality of data volumes that stores data for a cloud computing instance within the plurality of cloud computing instances is subject to a security scan, (3) detecting a computing system that is external to the cloud computing instance, and (4) performing the security scan on the data volume from the computing system that is external to the cloud computing instance instead of performing the security scan from within the cloud computing instance. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于扫描存储在云计算平台上的数据的计算机实现的方法可以包括（1）识别托管多个云计算实例的云计算服务和存储多个云计算实例的数据的多个数据卷（2 确定存储多个云计算实例内的云计算实例的数据的多个数据卷内的数据卷经受安全扫描，（3）检测云计算实例外部的计算系统，（4）从云计算实例外部的计算系统对数据卷进行安全扫描，而不是从云计算实例执行安全扫描。还公开了各种其它方法，系统和计算机可读介质。

9. 发明授权

US10291654B2 Automated construction of network whitelists using host-based security controls 有权
公开(公告)号：US10291654B2
公开(公告)日：2019-05-14
申请号：US14871800
申请日：2015-09-30
申请人： Symantec Corporation
发明人： Deb Banerjee , Susan Hassall
IPC分类号： G06F21/55 , H04L12/24 , H04L29/06
摘要： Techniques are disclosed for constructing network whitelists in server endpoints using host-based security controls. Once constructed, the network whitelists are used to detect unauthorized communications at the server endpoints. In one embodiment, a method is disclosed for constructing a network whitelist. The method includes identifying at least a first application hosted on a computing system. The method also includes inspecting one or more configuration files associated with the first application to identify one or more configuration settings that specify how the first application communicates with one or more second applications. The method further includes generating a whitelist that specifies expected network communications activity for the first application, based on the configuration settings.

10. 发明授权

US09880757B1 Copy data management with data security 有权
公开(公告)号：US09880757B1
公开(公告)日：2018-01-30
申请号：US14666137
申请日：2015-03-23
申请人： Symantec Corporation
发明人： Deb Banerjee , Steven A. Vranyes
IPC分类号： G06F12/00 , G06F13/00 , G06F13/28 , G06F3/06 , G06F12/14
CPC分类号： G06F3/0619 , G06F3/065 , G06F3/067 , G06F11/20 , G06F12/14 , G06F21/00
摘要： The present disclosure provides systems and methods for automatically provisioning the security profile for production data to copy data. In some instances the security provisioning for the copy data is made at the time the production data is copied. In other instances, the security provisioning occurs in a secondary application using the copy data.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式