SYSTEM AND METHOD OF SECURING NETWORKS AGAINST APPLICATIONS THREATS
First Claim
Patent Images
1. A method of securing a Web application, the method comprising:
- receiving Web traffic;
verifying the traffic against a profile of acceptable behavior for a user of the application and identifying anomalous user traffic;
analyzing the anomalous traffic by at least one threat-detection engine; and
correlating and results from the at least one threat-detection engine to determine if there is a threat to the Web application.
13 Assignments
0 Petitions
Accused Products
Abstract
A system and method for protection of Web based applications are described. A Web application security system is included within a computer network to monitor traffic received from a wide area network, such as the Internet, and determine if there is a threat to the Web application. The Web application security system monitors web traffic in a non-inline configuration and identifies any anomalous traffic against a profile that identifies acceptable behavior of a user of the application. Any anomalous traffic is analyzed and appropriate protective action is taken to secure the Web application against an attack.
188 Citations
30 Claims
-
1. A method of securing a Web application, the method comprising:
-
receiving Web traffic; verifying the traffic against a profile of acceptable behavior for a user of the application and identifying anomalous user traffic; analyzing the anomalous traffic by at least one threat-detection engine; and correlating and results from the at least one threat-detection engine to determine if there is a threat to the Web application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of profiling acceptable behavior of a user of a Web application, the method comprising:
-
monitoring traffic of the use as the user interacts with the Web application; identifying interaction between the user and the application thereby determining a profile of acceptable behavior of a user while interacting with the application; and continuing monitoring of traffic of users and modifying the profile if additional acceptable behavior is identified. - View Dependent Claims (12, 13)
-
-
14. A Web application security system comprising:
-
a correlation detection module adapted to analyze Web traffic against a profile of acceptable user behavior for interacting with the Web applications and to identify and analyze anomalous user behavior and to output results of the analysis; an adaption module adapted to monitor user behavior and modify the profile during the life of the application; and a correlation engine adapted to analyze the outputs of the collaborative detection module to determine if there is a threat. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A collaborative detection module comprising:
-
a behavioral analysis engine adapted to evaluate users interaction with an application, to compare the interaction with a profile of acceptable behavior, and to identify anomalous user behavior; and at least one threat-detection engine adapted to be notified of anomalous user behavior by the behavioral analysis engine, wherein when notified the at least one threat-detection engine analyzes the user behavior to determine if it is a pattern of behavior indicative of a threat associated with the at least one threat-detection engine and to output a result of the analysis. - View Dependent Claims (25, 26)
-
-
27. A correlation engine comprising:
-
a first input adapted to receive threat-detection results and to correlate the results to determine if there is a threat pattern; a second input adapted to receive security policies and to determine an appropriate response if there is a threat pattern; and an output adapted to provide correlation results to an event database. - View Dependent Claims (28, 29)
-
-
30. An adaption module comprising:
-
an input adapted to monitoring traffic of users as the user interacts with a Web application; a profiler adapted to identify interaction between the user and the application thereby determining a profile of acceptable behavior of a user while interacting with the application, wherein the profile is modified if additional acceptable behavior is identified; and an output adapted to communicate the profile to a security profile module.
-
Specification