NETWORK SECURITY ARCHITECTURE

US 20120005756A1
Filed: 08/02/2011
Published: 01/05/2012
Est. Priority Date: 07/24/2001
Status: Active Grant

First Claim

Patent Images

1. (canceled)

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network security system is deployed between an internet backbone and intranets that belong to subscribing organizations. The system includes a scanning system that scans incoming electronic mail for malicious code and an anti-virus server for downloading anti-virus code to clients on the intranets. A switch is provided for directing incoming electronic mail from the internet backbone to the scanning system so that the electronic mail can be scanned. In one embodiment, a decoy server is also provided for masquerading as a legitimate server and logging suspicious activity from communications received from the internet backbone.

Citations

21 Claims

1. (canceled)

2. A method comprising:
- directing incoming electronic mail from an internet backbone network to a scanning system that interfaces between the internet backbone network and one or more intranets associated with different organizations;
  
  scanning incoming electronic mail to detect malicious code;
  
  generating an event indicating an outcome of the scanning; and
  
  initiating transmission of antivirus code to the intranets in response to the generated event.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9)
- - 3. A method according to claim 2, further comprising:
    - redirecting suspicious traffic from the internet backbone network to a decoy server that is configured to act as a legitimate server; and
      
      logging activity on communications received via the internet backbone network.
  - 4. A method according to claim 2, further comprising:
    - correlating a plurality of events of the malicious code detection; and
      
      deploying additional safeguards either to block the malicious code, to trace the malicious code back to an origin, or to launch a counterattack.
  - 5. A method according to claim 2, further comprising:
    - transmitting the event to a security manager.
  - 6. A method according to claim 2, wherein the scanning system is among a plurality of scanning systems, the method further comprising:
    - load-balancing among the scanning systems.
  - 7. A method according to claim 2, further comprising:
    - determining one of a plurality of viral signatures to be used in the scanning.
  - 8. A method according to claim 2, further comprising:
    - selecting one of a plurality of antivirus scanning software to be used in the scanning.
  - 9. A method according to claim 2, further comprising:
    - analyzing the electronic mail to examine the malicious code for either generating a new viral signature, determining a new way to sanitize the malicious code, repairing the electronic mail, or a combination thereof.

10. An apparatus comprising:
- at least one processor; and
  
  at least one memory including computer program code, the memory and the computer program code configured to, with the processor, cause the apparatus to perform at least the following;
  
  direct incoming electronic mail from an internet backbone network to a scanning system that interfaces between the internet backbone network and one or more intranets associated with different organizations,scan incoming electronic mail to detect malicious code,generate an event indicating an outcome of the scanning, andinitiate transmission of antivirus code to the intranets in response to the generated event.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. An apparatus according to claim 10, wherein the apparatus is further caused to:
    - redirect suspicious traffic from the internet backbone network to a decoy server that is configured to act as a legitimate server; and
      
      log activity on communications received via the internet backbone network.
  - 12. An apparatus according to claim 10, wherein the apparatus is further caused to:
    - correlate a plurality of events of the malicious code detection; and
      
      deploy additional safeguards either to block the malicious code, to trace the malicious code back to an origin, or to launch a counterattack.
  - 13. An apparatus according to claim 10, wherein the apparatus is further caused to:
    - transmit the event to a security manager.
  - 14. An apparatus according to claim 10, wherein the scanning system is among a plurality of scanning systems, and the apparatus is further caused to:
    - load-balance among the scanning systems.
  - 15. An apparatus according to claim 10, wherein the apparatus is further caused to:
    - determine one of a plurality of viral signatures to be used in the scanning.
  - 16. An apparatus according to claim 10, wherein the apparatus is further caused to:
    - select one of a plurality of antivirus scanning software to be used in the scanning.
  - 17. An apparatus according to claim 10, wherein the apparatus is further caused to:
    - analyze the electronic mail to examine the malicious code for either generating a new viral signature, determining a new way to sanitize the malicious code, repairing the electronic mail, or a combination thereof.

18. A system comprising:
- a scanning system configured to receive incoming electronic mail from an internet backbone network, wherein the scanning system is further configured to interface between the internet backbone network and one or more intranets associated with different organizations,wherein the scanning system is further configured to scan incoming electronic mail to detect malicious code, to generate an event indicating an outcome of the scanning, and to initiate transmission of antivirus code to the intranets in response to the generated event.
- View Dependent Claims (19, 20, 21)
- - 19. A system according to claim 18, further comprising:
    - a decoy server configured to receive redirected suspicious traffic from the internet backbone network,wherein the scanning system is further configured to log activity on communications received via the internet backbone network.
  - 20. A system according to claim 18, wherein the scanning system is further configured tocorrelate a plurality of events of the malicious code detection, and to deploying additional safeguards either to block the malicious code, to trace the malicious code back to an origin, or to launch a counterattack.
  - 21. A system according to claim 18, further comprising:
    - a security manager configured to receive the event.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
HOEFELMEYER, Ralph Samuel, PHILLIPS, Theresa Eileen

Granted Patent

US 8,769,687 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

H04L 63/1425 Traffic logging, e.g. anoma...

H04L 63/1458 Denial of Service

NETWORK SECURITY ARCHITECTURE

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

NETWORK SECURITY ARCHITECTURE

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links