Distributed split browser content inspection and analysis
First Claim
1. A computer-implemented method of detecting malware threats, the method comprising:
- receiving over a network at a computer system from a first client browser, during a browsing session, a threat inspection request for a first item of content associated with a first webpage requested by the first client browser in accordance with configurable browser-based rules, the browser-based rules configured to selectively submit threat inspection requests, the first webpage comprising HTML layout information, the first item of content, associated with the first webpage, comprising embedded content received from a content source or a link in the first webpage to content, wherein the first client browser is hosted on a computing device remote from the computer system;
accessing, by the computer system, threat determination criteria;
based at least in part on the accessed threat determination criteria, determining by the computer system a malware indicator associated with whether the first item of content comprising embedded content received from a content source or a link in the first webpage to content, associated with the threat inspection request from the first client browser, comprises malware, wherein determining by the computer system a malware indicator associated with whether the first item of content comprises malware comprises generating a content hash for the first item of content and comparing the generated content hash for the first item of content with content hashes of known threats; and
transmitting by the computer system to the first client browser, from which the threat inspection request was received, the malware indicator, wherein the first client browser is configured to process the malware indicator.
0 Assignments
0 Petitions
Accused Products
Abstract
Content inspection and analysis are described. A server stores a definition of sets of browser policies. A definition of one or more sets of users is stored. The server stores an association with a respective set of browser policies for the one or more sets of users. A request is received from a client browser associated with a user, wherein the client browser is configured to communicate with the server. The server determines which set of users the user is associated with. The server identifies a first set of browser policies that is associated with the determined set of users and applies the identified first set of browser policies to the request.
-
Citations
17 Claims
-
1. A computer-implemented method of detecting malware threats, the method comprising:
-
receiving over a network at a computer system from a first client browser, during a browsing session, a threat inspection request for a first item of content associated with a first webpage requested by the first client browser in accordance with configurable browser-based rules, the browser-based rules configured to selectively submit threat inspection requests, the first webpage comprising HTML layout information, the first item of content, associated with the first webpage, comprising embedded content received from a content source or a link in the first webpage to content, wherein the first client browser is hosted on a computing device remote from the computer system; accessing, by the computer system, threat determination criteria;
based at least in part on the accessed threat determination criteria, determining by the computer system a malware indicator associated with whether the first item of content comprising embedded content received from a content source or a link in the first webpage to content, associated with the threat inspection request from the first client browser, comprises malware, wherein determining by the computer system a malware indicator associated with whether the first item of content comprises malware comprises generating a content hash for the first item of content and comparing the generated content hash for the first item of content with content hashes of known threats; andtransmitting by the computer system to the first client browser, from which the threat inspection request was received, the malware indicator, wherein the first client browser is configured to process the malware indicator. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer system, comprising:
-
a computer data repository that stores threat criteria, said computer data repository comprising a non-transitory storage device; one or more computing devices, said computing system programmed to implement a threat detection system configured to; receive a threat inspection request from a first client browser, during a browsing session, for a first item of content associated with a first webpage requested by the first client browser in accordance with configurable browser-based rules, the browser-based rules configured to selectively submit threat inspection requests, the first webpage comprising HTML layout information, wherein the first client browser is hosted on a networked computing device remote from the threat inspection system; access threat determination criteria from the computer data repository; based at least in part on the threat determination criteria, determine a malware indicator associated with whether the first item of content, associated with the threat inspection request from the first client browser, comprises malware, wherein determining a malware indicator associated with whether the first item of content comprises malware comprises generation of a content hash for the first item of content and comparison of the generated content hash for the first item of content with content hashes of known threats; and transmit the malware indicator to the first client browser from which the threat inspection request was received, wherein the first client browser is configured to process the malware indicator. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A computer storage system comprising a non-transitory storage device, said computer storage system having stored thereon executable program instructions that direct a computer system to at least:
-
receive a threat inspection request from a first client browser, during a browsing session, for a first item of content associated with a first webpage requested by the first client browser in accordance with configurable browser-based rules, the browser-based rules configured to selectively submit threat inspection requests, the first webpage comprising HTML layout information, wherein the first client browser is hosted on a networked computing device remote from the computer system;
access threat determination criteria;based at least in part on the threat determination criteria, determine malware indicator associated with whether the first item of content, associated with the threat inspection request from the first client browser, comprises malware, wherein determining a malware indicator associated with whether the first item of content comprises malware comprises generation of a content hash for the first item of content and comparison of the generated content hash for the first item of content with content hashes of known threats; and transmit the malware indicator to the first client browser, wherein the first client browser is configured to process the malware indicator. - View Dependent Claims (16, 17)
-
Specification