Invention Grant
US09332023B1 Uploading signatures to gateway level unified threat management devices after endpoint level behavior based detection of zero day threats
有权
在基于端点级别的基于行为的检测零日威胁之后,将签名上传到网关级统一威胁管理设备
- Patent Title: Uploading signatures to gateway level unified threat management devices after endpoint level behavior based detection of zero day threats
- Patent Title (中): 在基于端点级别的基于行为的检测零日威胁之后,将签名上传到网关级统一威胁管理设备
-
Application No.: US14467259Application Date: 2014-08-25
-
Publication No.: US09332023B1Publication Date: 2016-05-03
- Inventor: Pengchao Wang
- Applicant: Symantec Corporation
- Agency: Patent Law Works LLP
- Main IPC: G06F15/16
- IPC: G06F15/16 ; H04L29/06
Abstract:
Zero day threats are detected at gateway level and blocked from entering a network. A database containing signatures identifying malware is maintained at the gateway. Inbound network traffic is scanned using the signatures, and files containing malware are detected and blocked by the gateway. When a file is received by a given endpoint in the network, behavior based malware detection is used to determine whether the file contains a zero day threat. Whenever a file is adjudicated by an endpoint as containing a zero day threat, the endpoint generates an identifying signature, and transmits the signature to the gateway in real time. The gateway thus receives signatures identifying multiple zero day threats from multiple endpoints, and subsequently scans inbound network traffic for the received signatures. From that point, the gateway detects files containing the zero day threats, and blocks them from being routed to endpoints in the network.
Information query
