SYSTEM AND METHOD FOR PROVIDING ENDPOINT MANAGEMENT FOR SECURITY THREATS IN A NETWORK ENVIRONMENT

US 20120066759A1
Filed: 09/10/2010
Published: 03/15/2012
Est. Priority Date: 09/10/2010
Status: Abandoned Application

First Claim

Patent Images

1. A method, comprising:

monitoring activity within an endpoint;

identifying a source associated with a particular data segment received by the endpoint;

monitoring an antivirus mechanism within the endpoint, wherein the antivirus mechanism is configured to identify the particular data segment as being associated with malware; and

communicating the source associated with the particular data segment.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An example method is provided and includes monitoring activity within an endpoint, and identifying a source associated with a particular data segment received by the endpoint. The method also includes monitoring an antivirus mechanism within the endpoint. The antivirus mechanism is configured to identify the particular data segment as being associated with malware. The source associated with the particular data segment can be communicated to any suitable next destination.

96 Citations

View as Search Results

20 Claims

1. A method, comprising:
- monitoring activity within an endpoint;
  
  identifying a source associated with a particular data segment received by the endpoint;
  
  monitoring an antivirus mechanism within the endpoint, wherein the antivirus mechanism is configured to identify the particular data segment as being associated with malware; and
  
  communicating the source associated with the particular data segment.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the source associated with the particular data segment is communicated to a network element that updates a reputational metric associated with the source.
  - 3. The method of claim 1, wherein the source associated with the particular data segment is used to change filtering activities associated with security protocols for the endpoint.
  - 4. The method of claim 1, wherein the particular data segment is associated with a container file.
  - 5. The method of claim 1, wherein the data segment is associated with a data file downloaded from a server.
  - 6. The method of claim 1, wherein the data segment is associated with an e-mail received by the endpoint.
  - 7. The method of claim 1, wherein the data segment is associated with a removable device that interfaced with the endpoint and that caused a computing anomaly.

8. Logic encoded in one or more tangible media that includes code for execution and when executed by a processor operable to perform operations comprising:
- monitoring activity within an endpoint;
  
  identifying a source associated with a particular data segment received by the endpoint;
  
  monitoring an antivirus mechanism within the endpoint, wherein the antivirus mechanism is configured to identify the particular data segment as being associated with malware; and
  
  communicating the source associated with the particular data segment.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The logic of claim 8, wherein the source associated with the particular data segment is communicated to a network element that updates a reputational metric associated with the source.
  - 10. The logic of claim 8, wherein the source associated with the particular data segment is used to change filtering activities associated with security protocols for the endpoint.
  - 11. The logic of claim 8, wherein the particular data segment is associated with a container file.
  - 12. The logic of claim 8, wherein the data segment is associated with a data file downloaded from a server.
  - 13. The logic of claim 8, wherein the data segment is associated with an e-mail received by the endpoint.
  - 14. The logic of claim 8, wherein the data segment is associated with a removable device that interfaced with the endpoint and that caused a computing anomaly.

15. An apparatus, comprising:
- a memory element configured to store code;
  
  a processor operable to execute instructions associated with the code; and
  
  a telemetry module configured to interface with the memory element and the processor such that the apparatus can;
  
  monitor activity within an endpoint;
  
  identify a source associated with a particular data segment received by the endpoint;
  
  monitor an antivirus mechanism within the endpoint, wherein the antivirus mechanism is configured to identify the particular data segment as being associated with malware; and
  
  communicate the source associated with the particular data segment.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The apparatus of claim 15, wherein the source associated with the particular data segment is communicated to a network element that updates a reputational metric associated with the source.
  - 17. The apparatus of claim 15, wherein the source associated with the particular data segment is used to change filtering activities associated with security protocols for the endpoint.
  - 18. The apparatus of claim 15, further comprising:
    - a host scan module coupled to the telemetry module and configured to evaluate threat detection records logged by the antivirus mechanism, which discovers malware incidents.
  - 19. The apparatus of claim 15, wherein a telemetry report is generated in response to a notification of a security threat detected by the antivirus mechanism.
  - 20. The apparatus of claim 15, further comprising:
    - a virtual private network (VPN) module coupled to the telemetry module and configured to provide session status information to the telemetry module, and to provide security parameters to a security network element.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Chen, Yan, Gladstone, Philip J.S.

Application Number

US12/879,925
Publication Number

US 20120066759A1
Time in Patent Office

Days
Field of Search
US Class Current

726/15
CPC Class Codes

G06F 21/554   involving event detection a...

H04L 63/0263   Rule management

H04L 63/1416   Event detection, e.g. attac...

SYSTEM AND METHOD FOR PROVIDING ENDPOINT MANAGEMENT FOR SECURITY THREATS IN A NETWORK ENVIRONMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

96 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR PROVIDING ENDPOINT MANAGEMENT FOR SECURITY THREATS IN A NETWORK ENVIRONMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

96 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links