Providing security in a communication network

US 10,594,708 B2
Filed: 04/12/2018
Issued: 03/17/2020
Est. Priority Date: 07/31/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a network security device protecting a private network, information specifying a set of reputable websites deemed to be trustworthy from one or more web filtering services;

receiving, by the network security device, one or more directives from a network administrator of the private network via a graphical user interface (GUI) of the network security device identifying one or more security features of a plurality of security features implemented by the network security device that are to be disabled for the set of reputable websites;

intercepting, by the network security device, network traffic from an external network responsive to an application protocol request originated by a client device associated with the private network;

determining, by the network security device, whether the external network is among the set of reputable websites; and

when said determining is affirmative, foregoing application, by the network security device, of the one or more identified security features to the network traffic.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for optimizing system resources by selectively enabling various scanning functions of a network security device are provided. According to one embodiment, information specifying a set of reputable websites deemed to be trustworthy by one or more web filtering services is received by a network security device protecting a private network. One or more directives are received by the network security device from a network administrator via a GUI of the network security device identifying one or more security features that are to be disabled for the set of reputable websites. Network traffic is intercepted by the network security device from an external network. When it is determined by the network security device that the external network is among the set of reputable websites, the network security device foregoes application of the one or more identified security features to the network traffic.

Citations

20 Claims

1. A method comprising:
- receiving, by a network security device protecting a private network, information specifying a set of reputable websites deemed to be trustworthy from one or more web filtering services;
  
  receiving, by the network security device, one or more directives from a network administrator of the private network via a graphical user interface (GUI) of the network security device identifying one or more security features of a plurality of security features implemented by the network security device that are to be disabled for the set of reputable websites;
  
  intercepting, by the network security device, network traffic from an external network responsive to an application protocol request originated by a client device associated with the private network;
  
  determining, by the network security device, whether the external network is among the set of reputable websites; and
  
  when said determining is affirmative, foregoing application, by the network security device, of the one or more identified security features to the network traffic.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein the one or more identified security features comprises sandbox analysis.
  - 3. The method of claim 1, wherein the one or more identified security features comprises antivirus scanning.
  - 4. The method of claim 1, wherein the one or more identified security features comprises Secure Sockets Layer (SSL) deep inspection.
  - 5. The method of claim 1, further comprising allowing the network administrator to supplement the set of reputable websites by specifying one or more categories of websites or Internet Protocol (IP) addresses via the GUI.
  - 6. The method of claim 1, wherein the network security device comprises a unified threat management (UTM) appliance.
  - 7. The method of claim 1, wherein the one or more identified security features comprises sandbox analysis.
  - 8. The method of claim 1, wherein the one or more identified security features comprises antivirus scanning.
  - 9. The method of claim 1, wherein the one or more identified security features comprises Secure Sockets Layer (SSL) deep inspection.
  - 10. The method of claim 1, further comprising when said determining is negative, applying, by the network security device, the plurality of security features to the network traffic.
  - 11. The method of claim 1, further comprising allowing the network administrator to supplement the set of reputable websites by specifying one or more categories of websites or Internet Protocol (IP) addresses via the GUI.
  - 12. The method of claim 1, wherein the network security device comprises a unified threat management (UTM) appliance.
  - 13. The method of claim 1, further comprising when said determining is negative, applying, by the network security device, the plurality of security features to the network traffic.
  - 14. The method of claim 13, wherein the one or more identified security features comprises sandbox analysis.
  - 15. The method of claim 13, wherein the one or more identified security features comprises antivirus scanning.
  - 16. The method of claim 13, wherein the one or more identified security features comprises Secure Sockets Layer (SSL) deep inspection.
  - 17. The method of claim 13, wherein the one or more identified security features comprises sandbox analysis.
  - 18. The method of claim 13, wherein the one or more identified security features comprises antivirus scanning.
  - 19. The method of claim 13, wherein the one or more identified security features comprises Secure Sockets Layer (SSL) deep inspection.

20. A network security device protecting a private network comprising:
- at least one processor; and
  
  a computer-readable medium storing instructions that, when executed by the at least one processor, cause the at least one processor to perform a method comprising;
  
  receiving information specifying a set of reputable websites deemed to be trustworthy from one or more web filtering services;
  
  receiving one or more directives from a network administrator of the private network via a graphical user interface (GUI) of the network security device identifying one or more security features of a plurality of security features implemented by the network security device that are to be disabled for the set of reputable websites;
  
  intercepting network traffic from an external network responsive to an application protocol request originated by a client device associated with the private network;
  
  determining whether the external network is among the set of reputable web sites; and
  
  when said determining is affirmative, foregoing application of the one or more identified security features to the network traffic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fortinet Inc.
Original Assignee
Fortinet Inc.
Inventors
May, Robert A.
Primary Examiner(s)
Lipman, Jacob

Application Number

US15/951,831
Publication Number

US 20180234440A1
Time in Patent Office

705 Days
Field of Search

726 23
US Class Current
CPC Class Codes

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Providing security in a communication network

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Providing security in a communication network

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links