CLOUD EMAIL MESSAGE SCANNING WITH LOCAL POLICY APPLICATION IN A NETWORK ENVIRONMENT

US 20140020047A1
Filed: 11/21/2012
Published: 01/16/2014
Est. Priority Date: 07/16/2012
Status: Active Grant

First Claim

Patent Images

1. A method for applying policies to an email message, comprising:

receiving, by an inbound policy module in a protected network, message metadata of an email message;

determining, based on the message metadata, whether receiving the email message in the protected network is prohibited by at least one metadata policy of one or more metadata policies; and

blocking the email message from being forwarded to the protected network if receiving the email message in the protected network is prohibited by the at least one metadata policy.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for applying policies to an email message includes receiving, by an inbound policy module in a protected network, message metadata of an email message. The method also includes determining, based on the message metadata, whether receiving the email message in the protected network is prohibited by at least one metadata policy. The method further includes blocking the email message from being forwarded to the protected network if receiving the email message in the protected network is prohibited by the metadata policy. In specific embodiments, the method includes requesting scan results data for the email message if receiving the email message in the protected network is not prohibited by one or more metadata policies. In further embodiments, the method includes receiving the scan results data and requesting the email message if receiving the email message in the protected network is not prohibited by one or more scan policies.

Citations

30 Claims

1. A method for applying policies to an email message, comprising:
- receiving, by an inbound policy module in a protected network, message metadata of an email message;
  
  determining, based on the message metadata, whether receiving the email message in the protected network is prohibited by at least one metadata policy of one or more metadata policies; and
  
  blocking the email message from being forwarded to the protected network if receiving the email message in the protected network is prohibited by the at least one metadata policy.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the blocking includes sending a response code to an email threat sensor in a cloud network, wherein the email threat sensor received the email message from a sending client in another network.
  - 3. The method of claim 1, further comprising:
    - requesting scan results data for the email message if receiving the email message in the protected network is not prohibited by the one or more metadata policies.
  - 4. The method of claim 3, further comprising:
    - receiving, by the inbound policy module in the protected network, the scan results data;
      
      determining, based on the scan results data, whether receiving the email message in the protected network is prohibited by at least one scan policy of one or more scan policies; and
      
      blocking the email message from being forwarded to the protected network if receiving the email message in the protected network is prohibited by the at least one scan policy.

5. The method of 4, further comprising:
- requesting the email message if receiving the email message in the protected network is not prohibited by the one or more scan policies.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The method of claim 5, further comprising:
    - receiving, by the inbound policy module in the protected network, the email message when the email message is requested; and
      
      forwarding the email message to a destination network address of the email address, wherein the destination network address is in the protected network.
  - 7. The method of claim 5, further comprising:
    - receiving, by the inbound policy module in the protected network, the email message when the email message is requested;
      
      scanning the received email message for content prohibited by one or more local scan policies; and
      
      responsive to finding at least some prohibited content during the scanning, quarantining the email message.
  - 8. The method of claim 5, further comprising:
    - receiving, by the inbound policy module in the protected network, the email message when the email message is requested;
      
      scanning the received email message for content prohibited by one or more local scan policies; and
      
      responsive to finding at least some prohibited content during the scanning, blocking the email message from being delivered to an intended recipient of the email message.
  - 9. The method of claim 8, further comprising:
    - responsive to not finding any prohibited content during the scanning, forwarding the email message to a mail server in the protected network, wherein the mail server delivers the email message to an intended recipient of the email message.

10. At least one machine readable storage medium having instructions stored thereon for applying policies to an email message, the instructions when executed by a processor cause the processor to:
- receive, by an inbound policy module in a protected network, message metadata of an email message;
  
  determine, based on the message metadata, whether receiving the email message in the protected network is prohibited by at least one metadata policy of one or more metadata policies; and
  
  block the email message from being forwarded to the protected network if receiving the email message in the protected network is prohibited by the at least one metadata policy.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The at least one machine readable storage medium of claim 10, comprising further instructions that when executed by the processor cause the processor to:
    - send a response code to an email threat sensor in a cloud network to block the email message from being forwarded to the protected network, wherein the email threat sensor received the email message from a sending client in another network.
  - 12. The at least one machine readable storage medium of claim 10, comprising further instructions that when executed by the processor cause the processor to:
    - request scan results data for the email message if receiving the email message in the protected network is not prohibited by the one or more metadata policies.
  - 13. The at least one machine readable storage medium of claim 12, comprising further instructions that when executed by the processor cause the processor to:
    - receive, by the inbound policy module in the protected network, the scan results data;
      
      determine, based on the scan results data, whether receiving the email message in the protected network is prohibited by at least one scan policy of one or more scan policies; and
      
      block the email message from being forwarded to the protected network if receiving the email message in the protected network is prohibited by the at least one scan policy.
  - 14. The at least one machine readable storage medium of claim 13, comprising further instructions that when executed by the processor cause the processor to:
    - request the email message if receiving the email message in the protected network is not prohibited by the one or more scan policies.
  - 15. The at least one machine readable storage medium of claim 14, comprising further instructions that when executed by the processor cause the processor to:
    - receive, by the inbound policy module in the protected network, the email message when the email message is requested; and
      
      forward the email message to a mail server in the protected network, wherein the mail server delivers the email message to an intended recipient of the email message.
  - 16. The at least one machine readable storage medium of claim 14, comprising further instructions that when executed by the processor cause the processor to:
    - receive, by the inbound policy module in the protected network, the email message when the email message is requested;
      
      scan the received email message for content prohibited by one or more local scan policies; and
      
      responsive to finding at least some prohibited content during the scanning, quarantine the email message.
  - 17. The at least one machine readable storage medium of claim 14, comprising further instructions that when executed by the processor cause the processor to:
    - receive, by the inbound policy module in the protected network, the email message when the email message is requested;
      
      scan the received email message for content prohibited by one or more local scan policies; and
      
      responsive to finding at least some prohibited content during the scanning, block the email message from being delivered to an intended recipient of the email message.
  - 18. The at least one machine readable storage medium of claim 17, comprising further instructions that when executed by the processor cause the processor to:
    - responsive to not finding any prohibited content during the scanning, forward the email message to a mail server in the protected network, wherein the mail server is configured to deliver the email message to an intended recipient of the email message.

19. An apparatus for applying policies to an email message, comprising:
- a processor in a protected network; and
  
  an inbound policy module executing on the processor, the inbound policy module configured to;
  
  receive message metadata of an email message;
  
  determine, based on the message metadata, whether receiving the email message in the protected network is prohibited by at least one metadata policy of one or more metadata policies; and
  
  block the email message from being forwarded to the protected network if receiving the email message in the protected network is prohibited by the at least one metadata policy.
- View Dependent Claims (20, 21, 22)
- - 20. The apparatus of claim 19, wherein the inbound policy module is further configured to:
    - send a response code to an email threat sensor in a cloud network to block the email message from being forwarded to the protected network, wherein the email threat sensor received the email message from a sending client in another network.
  - 21. The apparatus of claim 19, wherein the inbound policy module is further configured to:
    - request scan results data for the email message if receiving the email message in the protected network is not prohibited by the one or more metadata policies.
  - 22. The apparatus of claim 19, wherein the inbound policy module is further configured to:
    - receive the scan results data;
      
      determine, based on the scan results data, whether receiving the email message in the protected network is prohibited by at least one scan policy of one or more scan policies; and
      
      block the email message from being forwarded to the protected network if receiving the email message in the protected network is prohibited by the at least one scan policy.

23. The apparatus of claim wherein the inbound policy module is further configured to:
- request the email message if receiving the email message in the protected network is not prohibited by the one or more scan policies.
- View Dependent Claims (24, 25, 26, 27)
- - 24. The apparatus of claim 23, wherein the inbound policy module is further configured to:
    - receive the email message when the email message is requested; and
      
      forward the email message to a mail server in the protected network, wherein the mail server delivers the email message to an intended recipient of the email message.
  - 25. The apparatus of claim 23, wherein the inbound policy module is further configured to:
    - receive the email message when the email message is requested;
      
      scan the received email message for content prohibited by a local scan policy; and
      
      responsive to finding at least some prohibited content when the email message is scanned, quarantine the email message.
  - 26. The apparatus of claim 23, wherein the inbound policy module is further configured to:
    - receive the email message when the email message is requested;
      
      scan the received email message for content prohibited by a local scan policy; and
      
      responsive to finding at least some prohibited content during the scanning, block the email message from being delivered to an intended recipient of the email message.
  - 27. The apparatus of claim 26, wherein the inbound policy module is further configured to:
    - responsive to not finding any prohibited content during the scan, forward the email message to a mail server in the protected network, wherein the mail server is configured to deliver the email message to an intended recipient of the email message.

28. At least one machine readable storage medium having instructions stored thereon for applying policies to an email message, the instructions when executed by a processor cause the processor to:
- receive an email message with a recipient email address, the recipient email address identifying an intended recipient in a protected network;
  
  send message metadata of the email message to an inbound email policy module in the protected network; and
  
  prevent the email message from being forwarded to the protected network if receiving the email message in the protected network is prohibited by at least one metadata policy of one or more metadata policies.
- View Dependent Claims (29, 30)
- - 29. The at least one machine readable storage medium of claim 28, comprising further instructions that when executed by the processor cause the processor to:
    - scan the email message for one or more threats; and
      
      send scan results data to the inbound email policy module in the protected network if receiving the email message in the protected network is not prohibited by the one or more metadata policies.
  - 30. The at least one machine readable storage medium of claim 28, comprising further instructions that when executed by the processor cause the processor to:
    - send the email message to the inbound email policy module in the protected network if receiving the email message in the protected network is not prohibited by the one or more scan policies.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Skyhigh Security LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Liebmann, Nicholas, Neal, Peter, Bishop, Michael G., Cragin, Justin, Driscoll, Michael

Granted Patent

US 9,049,235 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 63/0227   Filtering policies mail mes...

H04L 63/105   Multiple levels of security

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

CLOUD EMAIL MESSAGE SCANNING WITH LOCAL POLICY APPLICATION IN A NETWORK ENVIRONMENT

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

CLOUD EMAIL MESSAGE SCANNING WITH LOCAL POLICY APPLICATION IN A NETWORK ENVIRONMENT

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links