CLOUD EMAIL MESSAGE SCANNING WITH LOCAL POLICY APPLICATION IN A NETWORK ENVIRONMENT
First Claim
1. At least one non-transitory machine readable storage medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations comprising:
- receiving, in a protected network, message metadata of an email message without receiving the email message;
determining, based on the received message metadata, whether receiving the email message in the protected network is prohibited by one or more metadata policies;
sending a request for scan results data of the email message if receiving the email message is determined not to be prohibited by the one or more metadata policies;
receiving the scan results data without receiving the email message;
determining, based on the received scan results data, whether receiving the email message in the protected network is prohibited by one or more scan policies; and
sending a response to block the email message from being forwarded to the protected network if receiving the email message in the protected network is determined to be prohibited by the one or more scan policies.
12 Assignments
0 Petitions
Accused Products
Abstract
A method for applying policies to an email message includes receiving, by an inbound policy module in a protected network, message metadata of an email message. The method also includes determining, based on the message metadata, whether receiving the email message in the protected network is prohibited by at least one metadata policy. The method further includes blocking the email message from being forwarded to the protected network if receiving the email message in the protected network is prohibited by the metadata policy. In specific embodiments, the method includes requesting scan results data for the email message if receiving the email message in the protected network is not prohibited by one or more metadata policies. In further embodiments, the method includes receiving the scan results data and requesting the email message if receiving the email message in the protected network is not prohibited by one or more scan policies.
9 Citations
20 Claims
-
1. At least one non-transitory machine readable storage medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations comprising:
-
receiving, in a protected network, message metadata of an email message without receiving the email message; determining, based on the received message metadata, whether receiving the email message in the protected network is prohibited by one or more metadata policies; sending a request for scan results data of the email message if receiving the email message is determined not to be prohibited by the one or more metadata policies; receiving the scan results data without receiving the email message; determining, based on the received scan results data, whether receiving the email message in the protected network is prohibited by one or more scan policies; and sending a response to block the email message from being forwarded to the protected network if receiving the email message in the protected network is determined to be prohibited by the one or more scan policies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus in a protected network, comprising:
-
at least one processor; and an inbound policy module that, when executed by the at least one processor, is to; receive message metadata of an email message without receiving the email message; determine, based on the received message metadata, whether receiving the email message in the protected network is prohibited by one or more metadata policies; send a request for scan results data of the email message if receiving the email message is determined not to be prohibited by the one or more metadata policies; receive the scan results data without receiving the email message; determine, based on the received scan results data, whether receiving the email message in the protected network is prohibited by one or more scan policies; and send a response to block the email message from being forwarded to the protected network if receiving the email message in the protected network is determined to be prohibited by the one or more scan policies. - View Dependent Claims (12, 13, 14)
-
-
15. A method for applying policies to an email message, comprising:
-
receiving, in a protected network, message metadata of an email message without receiving the email message; determining, based on the received message metadata, whether receiving the email message in the protected network is prohibited by one or more metadata policies; sending a request for scan results data of the email message if receiving the email message is determined not to be prohibited by the one or more metadata policies; receiving the scan results data without receiving the email message; determining, based on the received scan results data, whether receiving the email message in the protected network is prohibited by one or more scan policies; and sending a response to block the email message from being forwarded to the protected network if receiving the email message in the protected network is determined to be prohibited by the one or more scan policies. - View Dependent Claims (16)
-
-
17. The method of 15, further comprising:
sending a request for the email message if receiving the email message in the protected network is determined not to be prohibited by the one or more metadata policies and if receiving the email message in the protected network is determined not to be prohibited by the one or more scan policies.
-
18. A system for applying policies to an email message, the system comprising:
-
first logic, when executed by at least one processor in a cloud network is to; receive an email message en route to a protected network; send message metadata of the email message to the protected network without sending the email message; and responsive to receiving a request for scan results data, scan the email message for threats to generate scan results data and send the scan results data to the protected network without sending the email message; and second logic, when executed by at least one processor in the protected network is to; receive, from the email threat sensor, the message metadata and the scan results data; and send a request to the email threat sensor for the email message if receiving the email message in the protected network is determined to be allowed based on the received message metadata and the received scan results data. - View Dependent Claims (19, 20)
-
Specification