SYSTEM AND METHOD FOR SELECTIVE INSPECTION OF ENCRYPTED TRAFFIC
First Claim
1. A method, comprising:
- analyzing data relating to users of a communication network, which carries multiple data connections conveying encrypted data, so as to establish one or more selection rules;
selecting a subset of the multiple data connections based on the selection rules; and
configuring an inspection device to decrypt the encrypted data conveyed by the data connections in the selected subset.
3 Assignments
0 Petitions
Accused Products
Abstract
Inspection of encrypted network traffic where multiple network connections are monitored that carry encrypted data, but only a subset of the network connections are decrypted and inspected. Typically, only network connections that are associated with designated target users whose encrypted data is to be inspected are decrypted. A Network Monitor Center (NMC) dynamically establishes a list of rules for selection of encrypted data connections. The rules are provided to a Secure data Inspection Appliance (SIA) that accepts some or all of the network user encrypted traffic and checks it against a rule table. When detecting an encrypted connection that matches the rule table, the SIA decrypts the connection and provides a copy of the connection plain data to the NMC. The NMC then inspects the plain data for security threats. Once a security threat is found in a connection, the NMC applies predefined consequent actions to this connection.
-
Citations
20 Claims
-
1. A method, comprising:
-
analyzing data relating to users of a communication network, which carries multiple data connections conveying encrypted data, so as to establish one or more selection rules; selecting a subset of the multiple data connections based on the selection rules; and configuring an inspection device to decrypt the encrypted data conveyed by the data connections in the selected subset. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. Apparatus, comprising:
-
one or more network interfaces, which are configured to communicate with a communication network that carries multiple data connections conveying encrypted data; and a processor, which is configured to analyze data relating to users of the communication network so as to establish one or more selection rules, to select a subset of the multiple data connections based on the selection rules, and to configure an inspection device to decrypt the encrypted data conveyed by the data connections in the selected subset. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. Apparatus, comprising:
-
a monitoring unit, which is configured to analyze data relating to users of a communication network, which carries multiple data connections conveying encrypted data, so as to establish one or more selection rules, to select a subset of the multiple data connections based on the selection rules, and to output an indication of the selected subset; and an inspection device, which is configured to receive the indication of the selected subset from the monitoring unit, to decrypt the encrypted data conveyed by the data connections in the selected subset, and to output the decrypted data.
-
Specification