Method, system, and apparatus for detecting and preventing targeted attacks
First Claim
1. A method comprising:
- detecting a request from a computing device of a member of an organization in connection with a communication session between the computing device of the member of the organization and at least one additional computing device;
identifying, within the request, a Uniform Resource Locator (URL) that the computing device of the member of the organization is attempting to access;
computing a unique identifier that represents the URL identified within the request;
comparing the unique identifier that represents the URL against a database that includes unique identifiers that represent URLs embedded in emails received by members of the organization;
determining, based at least in part on the comparison, that the URL identified within the request was included in an email received by the member of the organization;
in response to determining that the URL was included in an email received by the member of the organization, elevating a threat level of the communication session between the computing device of the member of the organization and the additional computing device; and
in response to elevating the threat level of the communication session, selectively performing a Layer 7 Deep Packet Inspection (DPI) on the communication session.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosed computer-implemented method may include (1) detecting a request from a computing device of a member of an organization in connection with a communication session between the computing device and at least one additional computing device, (2) identifying, within the request, a URL that the computing device is attempting to access, (3) computing a unique identifier that represents the URL, (4) comparing the unique identifier against a database that includes unique identifiers that represent URLs embedded in emails received by members of the organization, (5) determining, based at least in part on the comparison, that the URL was included in an email received by the member of the organization, and then in response, (6) elevating a threat level of the communication session between the computing device and the additional computing device. Various other methods, systems, and apparatuses are also disclosed.
30 Citations
18 Claims
-
1. A method comprising:
-
detecting a request from a computing device of a member of an organization in connection with a communication session between the computing device of the member of the organization and at least one additional computing device; identifying, within the request, a Uniform Resource Locator (URL) that the computing device of the member of the organization is attempting to access; computing a unique identifier that represents the URL identified within the request; comparing the unique identifier that represents the URL against a database that includes unique identifiers that represent URLs embedded in emails received by members of the organization; determining, based at least in part on the comparison, that the URL identified within the request was included in an email received by the member of the organization; in response to determining that the URL was included in an email received by the member of the organization, elevating a threat level of the communication session between the computing device of the member of the organization and the additional computing device; and in response to elevating the threat level of the communication session, selectively performing a Layer 7 Deep Packet Inspection (DPI) on the communication session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system comprising:
-
a detection module, stored in memory, that detects a request from a computing device of a member of an organization in connection with a communication session between the computing device of the member of the organization and at least one additional computing device; an identification module, stored in memory, that identifies, within the request, a Uniform Resource Locator (URL) that the computing device of the member of the organization is attempting to access; a computation module, stored in memory, that computes a unique identifier that represents the URL identified within the request; a determination module, stored in memory, that; compares the unique identifier that represents the URL against a database that includes unique identifiers that represent URLs embedded in emails received by members of the organization; determines, based at least in part on the comparison, that the URL identified within the request was included in an email received by the member of the organization; a security module, stored in memory, that; elevates, in response to the determination that the URL was included in an email received by the member of the organization, a threat level of the communication session between the computing device of the member of the organization and the additional computing device; and selectively performs, in response to elevating the threat level of the communication session, a Layer 7 Deep Packet Inspection (DPI) on the communication session; and at least one physical processor configured to execute the detection module, the identification module, the computation module, the determination module, and the security module. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. An apparatus comprising:
-
a storage device that stores a database that includes unique identifiers that represent Uniform Resource Locator (URLs) embedded in emails received by members of an organization; and a physical processing unit communicatively coupled to the storage device, wherein the physical processing unit; detects a request from a computing device of a member of an organization in connection with a communication session between the computing device of the member of the organization and at least one additional computing device; identifies, within the request, a URL that the computing device of the member of the organization is attempting to access; computes a unique identifier that represents the URL identified within the request; compares the unique identifier that represents the URL against a database that includes unique identifiers that represent URLs embedded in emails received by members of the organization; determines, based at least in part on the comparison, that the URL identified within the request was included in an email received by the member of the organization; elevates, in response to determining that the URL was included in an email received by the member of the organization, a threat level of the communication session between the computing device of the member of the organization and the additional computing device; and selectively performs, in response to elevating the threat level of the communication session, a Layer 7 Deep Packet Inspection (DPI) on the communication session.
-
Specification