×

Security threat detection

  • US 10,057,284 B2
  • Filed: 02/18/2017
  • Issued: 08/21/2018
  • Est. Priority Date: 03/19/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • maintaining, by a network security device associated with a private network, a network traffic log, wherein the network traffic log includes a plurality of entries each including features associated with one of a plurality of network activities observed by the network security device, wherein the network activities include a plurality of interactions, including requests and responses relating to web resources, between hosts associated with the private network and external servers hosting the web resources;

    responsive to one or more events, retrospectively scanning, by the network security device, a subset of the plurality of entries of the network traffic log in an attempt to identify a security threat that was not identified as such by a previous real-time signature-based scan or a previous real-time reputation-based scan of the observed network activities, wherein the subset of the plurality of entries includes only those entries of the plurality of entries corresponding to those of the network activities observed within a particular timeframe, wherein the one or more events comprise receipt by the network security device of updated reputation database information for use by the network security device in connection with performing reputation-based scanning and wherein said retrospectively scanning comprises applying the updated reputation database information to the network traffic log by performing the reputation-based scanning based on one or more of the features; and

    when the security threat is identified as a result of said retrospectively scanning, then performing, by the network security device, one or more of a remedial action and a preventive action to address the security threat.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×