Proactive intrusion protection system
First Claim
1. One or more non-transitory computer-readable media comprising logic corresponding to an application associated with a remote device and a remote system, the logic when executed by one or more processors is operable to perform operations comprising:
- receiving, from the remote system, data identifying a plurality of compromising entities, where the data comprises at least one device identifier and intrusion tactics;
identifying an incoming communication within a network initiated by the remote device;
identifying information regarding the incoming communication, where the information comprises;
information regarding a source of the incoming communication,a MAC address for the source of the incoming communication, andbehavior characteristics of a sender for the incoming communication;
determining an entity associated with the source of the incoming communication by analyzing the information regarding the incoming communication;
determining that the entity associated with the source of the incoming communication matches at least one of the plurality of compromising entities based, at least in part, on comparing the data identifying the plurality of compromising entities to the entity associated with the source of the incoming communication;
comparing the behavior characteristics to the stored intrusion tactics in response to determining that the entity associated with the source of the incoming communication matches at least one of the plurality of compromising entities;
determining that the behavior characteristics match, at least in part, the stored intrusion tactics;
generating a signal configured to block the incoming communication in response to determining that the behavior characteristics match, at least in part, the stored intrusion tactics; and
tracking the source of the incoming communication based on the MAC address of the source of the incoming communication in response to generating the signal for blocking the incoming communication, wherein tracking the source of the incoming communication removes the ability for the source of the incoming communication to access the network.
1 Assignment
0 Petitions
Accused Products
Abstract
An application associated with a remote device executes logic to receive, from a remote system, data identifying a plurality of compromising entities, identify an incoming communication initiated by the remote device, and identify information regarding a source of the incoming communication. Additionally, the logic determines an entity associated with the source of the incoming communication and determines that the entity associated with the source matches at least one of the plurality of compromising entities based on comparing the data identifying the plurality of compromising entities and the entity associated with the source of the incoming communication. In addition, the logic generates a signal configured to block the incoming communication.
-
Citations
20 Claims
-
1. One or more non-transitory computer-readable media comprising logic corresponding to an application associated with a remote device and a remote system, the logic when executed by one or more processors is operable to perform operations comprising:
-
receiving, from the remote system, data identifying a plurality of compromising entities, where the data comprises at least one device identifier and intrusion tactics; identifying an incoming communication within a network initiated by the remote device;
identifying information regarding the incoming communication, where the information comprises;information regarding a source of the incoming communication, a MAC address for the source of the incoming communication, and behavior characteristics of a sender for the incoming communication; determining an entity associated with the source of the incoming communication by analyzing the information regarding the incoming communication; determining that the entity associated with the source of the incoming communication matches at least one of the plurality of compromising entities based, at least in part, on comparing the data identifying the plurality of compromising entities to the entity associated with the source of the incoming communication; comparing the behavior characteristics to the stored intrusion tactics in response to determining that the entity associated with the source of the incoming communication matches at least one of the plurality of compromising entities; determining that the behavior characteristics match, at least in part, the stored intrusion tactics; generating a signal configured to block the incoming communication in response to determining that the behavior characteristics match, at least in part, the stored intrusion tactics; and tracking the source of the incoming communication based on the MAC address of the source of the incoming communication in response to generating the signal for blocking the incoming communication, wherein tracking the source of the incoming communication removes the ability for the source of the incoming communication to access the network. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. One or more non-transitory computer-readable media comprising logic corresponding to an application associated with a remote device and a remote system, the logic when executed by one or more processors is operable to perform operations comprising:
-
identifying an incoming communication within a network initiated by the remote device; sending, to the remote system, information regarding the incoming communication, where the information comprises; information regarding a source of the incoming communication, a MAC address for the source of the incoming communication, and behavior characteristics of a sender for the incoming communication; receiving;
from the remote system, a signal configured to block the incoming communication, wherein the signal is generated in response to a match, at least in part, between the behavior characteristics and intrusion tactics stored in the remote system; andtracking the source of the incoming communication based on the MAC address of the source of the incoming communication in response to receiving the signal for blocking the incoming communication, wherein tracking the source of the incoming communication removes the ability for the source of the incoming communication to access the network. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. One or more non-transitory computer-readable media comprising logic corresponding to an application associated with a remote device and a remote system, the logic when executed by one or more processors is operable to perform operations comprising:
-
identifying an incoming communication within a network initiated by the remote device; sending, to the remote system, information regarding the incoming communication, where the information comprises; information regarding a source of the incoming communication, a MAC address for the source of the incoming communication, and behavior characteristics of a sender for the incoming communication; receiving, from the remote system, an alert indicating that the source of the incoming communication matches a compromising entity and the behavior characteristics match intrusion tactics stored in the remote system, and tracking the source of the incoming communication based on the MAC address of the source of the incoming communication in response to receiving the alert, wherein tracking the source of the incoming communication removes the ability for the source of the incoming communication to access the network. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification