System and method for separated packet processing and static analysis
First Claim
1. A server, comprising:
- a first blade server including a first processing unit and a filtering logic that, when executed by the first processing unit, is configured to receive a first plurality of objects and identify, without execution of any object of the first plurality of objects, at least a first object of the first plurality of objects having characteristics associated with a malicious attack; and
a second blade server communicatively coupled to the first blade server, the second blade server includes a second processing unit being different from the first processing unit, the second processing unit to (i) process at least the first object provided from the first blade server when the first object includes characteristics associated with a malicious attack, (ii) monitor at least behaviors of the first object during processing, and (iii) determine whether any of the monitored behaviors correspond to activities indicative that the first object is associated with a malicious attack.
7 Assignments
0 Petitions
Accused Products
Abstract
According to one embodiment, a system features a network security device and a cloud computing service. The network security device is configured to determine whether an object includes one or more characteristics associated with a malicious attack. The cloud computing service, communicatively coupled to and remotely located from the network security device, includes virtual execution logic that, upon execution by a processing unit deployed as part of the cloud computing service and after the network security device determining that the object includes the one or more characteristics associated with the malicious attack, processes the object and monitors for behaviors of at least the object suggesting the object is associated with a malicious attack.
-
Citations
33 Claims
-
1. A server, comprising:
-
a first blade server including a first processing unit and a filtering logic that, when executed by the first processing unit, is configured to receive a first plurality of objects and identify, without execution of any object of the first plurality of objects, at least a first object of the first plurality of objects having characteristics associated with a malicious attack; and a second blade server communicatively coupled to the first blade server, the second blade server includes a second processing unit being different from the first processing unit, the second processing unit to (i) process at least the first object provided from the first blade server when the first object includes characteristics associated with a malicious attack, (ii) monitor at least behaviors of the first object during processing, and (iii) determine whether any of the monitored behaviors correspond to activities indicative that the first object is associated with a malicious attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system, comprising:
-
a network security device configured to determine whether an object includes one or more characteristics associated with a malicious attack without execution of the object, the one or more characteristics include at least a Uniform Resource Locator (URL) that suggests the object is associated with a known exploit; and a cloud computing service communicatively coupled to and remotely located from the network security device, the cloud computing service including a virtual execution logic that, upon execution of the object by a processing unit deployed as part of the cloud computing service and, after the network security device determining that content of the object includes the one or more characteristics associated with the malicious attack, monitors for behaviors of the object suggesting the object is associated with a malicious attack. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A system, comprising:
-
a network security device configured to determine whether an object includes one or more characteristics associated with a malicious attack without execution of the object, the one or more characteristics include a particular source address that suggests the object is associated with a known exploit; and a cloud computing service communicatively coupled to and remotely located from the network security device, the cloud computing service including a virtual execution logic that, upon execution of the object by a processing unit deployed as part of the cloud computing service and, after the network security device determining that content of the object includes the one or more characteristics associated with the malicious attack, monitors for behaviors of the object suggesting the object is associated with a malicious attack. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 30)
-
-
26. A system, comprising:
-
a network security device configured to determine whether an object includes one or more characteristics associated with a malicious attack without execution of the object, the one or more characteristics include a particular destination address that suggests the object is associated with a known exploit; and a cloud computing service communicatively coupled to and remotely located from the network security device, the cloud computing service including a virtual execution logic that, upon execution of the object by a processing unit deployed as part of the cloud computing service and, after the network security device determining that content of the object includes the one or more characteristics associated with the malicious attack, monitors for behaviors of the object suggesting the object is associated with a malicious attack. - View Dependent Claims (27, 28, 29, 31, 32, 33)
-
Specification