TECHNOLOGIES FOR PROTECTING SYSTEMS AND DATA TO PREVENT CYBER-ATTACKS

US 20150205964A1
Filed: 01/20/2015
Published: 07/23/2015
Est. Priority Date: 01/21/2014
Status: Active Grant

First Claim

Patent Images

1. A data integrity server for protecting systems and data, the data integrity server comprising:

a malware detection module to (i) receive a data file for import from an external source, (ii) analyze the received data file with a plurality of anti-malware engines, (iii) determine whether the received data file comprises malware based on the analysis, and (iv) discard the received data file in response to a determination that the received file comprises malware;

a file type verification module to verify, in response to a determination that the received file does not comprise malware, a file type of the received data file based at least in part on a file extension associated with the received data file; and

a file sterilization module to (i) clean the received data file in response to a verification of the file type of the received data file and (ii) transmit the cleaned data file to a computing device for import of the cleaned data file.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Technologies for protecting systems and data of an organization from malware include a data integrity server configured to receive a data file for import from an external source. The data integrity server analyzes the received data file with multiple anti-malware engines to determine whether the data file includes hidden malware. The data integrity server discards the data file in response to a determination that the data file includes hidden malware. Additionally, the data integrity server verifies the type of the received data file based on the file extension associated with the received data file. The data integrity server cleans the received data file in response to verification of the file type. The cleaned data file is transmitted to a computing device to be imported. Other embodiments are described and claimed.

Citations

20 Claims

1. A data integrity server for protecting systems and data, the data integrity server comprising:
- a malware detection module to (i) receive a data file for import from an external source, (ii) analyze the received data file with a plurality of anti-malware engines, (iii) determine whether the received data file comprises malware based on the analysis, and (iv) discard the received data file in response to a determination that the received file comprises malware;
  
  a file type verification module to verify, in response to a determination that the received file does not comprise malware, a file type of the received data file based at least in part on a file extension associated with the received data file; and
  
  a file sterilization module to (i) clean the received data file in response to a verification of the file type of the received data file and (ii) transmit the cleaned data file to a computing device for import of the cleaned data file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The data integrity server of claim 1, wherein to clean the received data file comprises to transform the received file as a function of a file type-specific rule, wherein the file type-specific rule maintains a file format of the received data file and renders malware hidden within the received data file benign.
  - 3. The data integrity server of claim 2, wherein the file type-specific rule further modifies a characteristic of the received data file.
  - 4. The data integrity server of claim 3, wherein the characteristic of the received data file comprises a structure, a format, or header information corresponding to the received data file.
  - 5. The data integrity server of claim 1, wherein the malware detection module is further to determine whether the received data file can be cleaned in response to a determination that the received file comprises malware;
    - andwherein to discard the received data file in response to a determination that the received file comprises malware comprises to discard the received data file in response to a determination that the received data file cannot be cleaned.
  - 6. The data integrity server of claim 5, wherein the file type verification module is further to verify, in response to a determination that the received data file can be cleaned, the file type of the received data file based at least in part on the file extension associated with the received data file.
  - 7. The data integrity server of claim 1, wherein to verify the file type of the received data file based at least in part on the file extension associated with the received data file comprises to (i) process the received file in a sandbox and (ii) monitor the behavior of the received data file during processing.
  - 8. The data integrity server of claim 1, wherein to receive the data file for import from the external source comprises to receive a batch of data files for import from the external source;
    - wherein to analyze the received data file with the plurality of anti-malware engines comprises to analyze each data file of the batch of data files with a plurality of anti-malware engines; and
      
      wherein to determine whether the received data file comprises malware comprises to determine whether each data file of the batch comprises malware based on the analysis.
  - 9. The data integrity server of claim 8, wherein to discard the received data file comprises to discard each data file of the batch in response to a determination that one or more of the data files of the batch comprises malware.
  - 10. The data integrity server of claim 8, wherein to discard the received data file comprises to discard each data file in the batch determined to comprise malware.
  - 11. The data integrity server of claim 8, wherein to discard the received data file comprises to (i) determine whether each data file in the batch determined to comprise malware can be cleaned and (ii) discard each data file of the batch in response to a determination that one or more of the data files determined to comprise malware cannot be cleaned.

12. One or more machine-readable storage media comprising a plurality of instructions stored thereon that in response to being executed by a data integrity server, cause the data integrity server to:
- receive a data file for import from an external source;
  
  analyze the received data file with a plurality of anti-malware engines;
  
  determine whether the received data file comprises malware based on the analysis;
  
  discard the received data file in response to a determination that the received file comprises malware;
  
  verify, in response to a determination that the received file does not comprise malware, a file type of the received data file based at least in part on a file extension associated with the received data file;
  
  clean the received data file in response to a verification of the file type of the received data file; and
  
  transmit the cleaned data file to a computing device for import of the cleaned data file.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The one or more machine-readable storage media of claim 12, wherein to clean the received data file comprises to transform the received file as a function of a file type-specific rule, wherein the file type-specific rule maintains a file format of the received data file and renders malware hidden within the received data file benign.
  - 14. The one or more machine-readable storage media of claim 13, wherein the file type-specific rule further modifies a characteristic of the received data file.
  - 15. The one or more machine-readable storage media of claim 12, wherein the plurality of instructions further cause the data integrity server to determine whether the received data file can be cleaned in response to a determination that the received file comprises malware;
    - andwherein to discard the received data file in response to a determination that the received file comprises malware comprises to discard the received data file in response to a determination that the received data file cannot be cleaned.
  - 16. The one or more machine-readable storage media of claim 12, wherein to verify the file type of the received data file based at least in part on the file extension associated with the received data file comprises to (i) process the received file in a sandbox and (ii) monitor the behavior of the received data file during processing.

17. A method for protecting systems and data, the method comprising:
- receiving, by a data integrity server, a data file for import from an external source;
  
  analyzing, by the data integrity server, the received data file with a plurality of anti-malware engines;
  
  determining, by the data integrity server, whether the received data file comprises malware based on the analysis;
  
  discarding, by the data integrity server, the received data file in response to determining that the received file comprises malware;
  
  verifying, by the data integrity server and in response to determining that the received file does not comprise malware, a file type of the received data file based at least in part on a file extension associated with the received data file;
  
  cleaning, by the data integrity server, the received data file in response to verifying the file type of the received data file; and
  
  transmitting, by the data integrity server, the cleaned data file to a computing device for import of the cleaned data file.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, wherein cleaning the received data file comprises transforming the received file as a function of a file type-specific rule, wherein the file type-specific rule maintains a file format of the received data file and renders malware hidden within the received data file benign.
  - 19. The method of claim 18, wherein the file type-specific rule further modifies a characteristic of the received data file.
  - 20. The method of claim 17, wherein verifying the file type of the received data file based at least in part on the file extension associated with the received data file comprises (i) processing the received file in a sandbox and (ii) monitoring the behavior of the received data file during processing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Operation And Data Integrity Ltd.
Original Assignee
Operation And Data Integrity Ltd.
Inventors
Eytan, Oren, Geva, David

Granted Patent

US 9,582,665 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/568   eliminating virus, restorin...

G06F 2221/033   Test or assess software

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

TECHNOLOGIES FOR PROTECTING SYSTEMS AND DATA TO PREVENT CYBER-ATTACKS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

TECHNOLOGIES FOR PROTECTING SYSTEMS AND DATA TO PREVENT CYBER-ATTACKS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links