CLOUD EMAIL MESSAGE SCANNING WITH LOCAL POLICY APPLICATION IN A NETWORK ENVIRONMENT

US 20150304339A1
Filed: 05/20/2015
Published: 10/22/2015
Est. Priority Date: 07/16/2012
Status: Active Grant

First Claim

Patent Images

1. At least one non-transitory machine readable storage medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations comprising:

receiving, in a protected network, message metadata of an email message without receiving the email message;

determining, based on the received message metadata, whether receiving the email message in the protected network is prohibited by one or more metadata policies;

sending a request for scan results data of the email message if receiving the email message is determined not to be prohibited by the one or more metadata policies;

receiving the scan results data without receiving the email message;

determining, based on the received scan results data, whether receiving the email message in the protected network is prohibited by one or more scan policies; and

sending a response to block the email message from being forwarded to the protected network if receiving the email message in the protected network is determined to be prohibited by the one or more scan policies.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for applying policies to an email message includes receiving, by an inbound policy module in a protected network, message metadata of an email message. The method also includes determining, based on the message metadata, whether receiving the email message in the protected network is prohibited by at least one metadata policy. The method further includes blocking the email message from being forwarded to the protected network if receiving the email message in the protected network is prohibited by the metadata policy. In specific embodiments, the method includes requesting scan results data for the email message if receiving the email message in the protected network is not prohibited by one or more metadata policies. In further embodiments, the method includes receiving the scan results data and requesting the email message if receiving the email message in the protected network is not prohibited by one or more scan policies.

9 Citations

View as Search Results

20 Claims

1. At least one non-transitory machine readable storage medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations comprising:
- receiving, in a protected network, message metadata of an email message without receiving the email message;
  
  determining, based on the received message metadata, whether receiving the email message in the protected network is prohibited by one or more metadata policies;
  
  sending a request for scan results data of the email message if receiving the email message is determined not to be prohibited by the one or more metadata policies;
  
  receiving the scan results data without receiving the email message;
  
  determining, based on the received scan results data, whether receiving the email message in the protected network is prohibited by one or more scan policies; and
  
  sending a response to block the email message from being forwarded to the protected network if receiving the email message in the protected network is determined to be prohibited by the one or more scan policies.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The at least one non-transitory machine readable storage medium of claim 1, wherein the message metadata includes connection information and protocol information associated with the email message.
  - 3. The at least one non-transitory machine readable storage medium of claim 1, wherein the one or more metadata policies and the one or more scan policies are to be applied in real-time to the message metadata and the scan results data, respectively.
  - 4. The at least one non-transitory machine readable storage medium of claim 1, wherein user configuration information including the one or more metadata policies and the one or more scan policies is stored in at least one memory element in the protected network.
  - 5. The at least one non-transitory machine readable storage medium of claim 1, wherein a cloud scanning module outside the protected network is to scan the email message for threats to generate the scan results data.
  - 6. The at least one non-transitory machine readable storage medium of claim 1, wherein the instructions, when executed by the at least one processor, cause the at least one processor to perform operations comprising:
    - sending a response to block the email message from being forwarded to the protected network if receiving the email message in the protected network is determined to be prohibited by the one or more metadata policies.
  - 7. The at least one non-transitory machine readable storage medium of claim 1, wherein the instructions, when executed by the at least one processor, cause the at least one processor to perform operations comprising:
    - sending a request for the email message if receiving the email message in the protected network is determined not to be prohibited by the one or more metadata policies and if receiving the email message in the protected network is determined not to be prohibited by the one or more scan policies.
  - 8. The at least one non-transitory machine readable storage medium of claim 7, wherein the instructions, when executed by the at least one processor, cause the at least one processor to perform operations comprising:
    - receiving the email message in the protected network after the request for the email message is sent;
      
      scanning the received email message for content prohibited by one or more local scan policies; and
      
      responsive to finding at least some prohibited content during the scanning, performing at least one of quarantining or blocking the email message.
  - 9. The at least one non-transitory machine readable storage medium of claim 7, wherein the instructions, when executed by the at least one processor, cause the at least one processor to perform operations comprising:
    - receiving the email message in the protected network after the request for the email message is sent; and
      
      forwarding the email message to a mail server in the protected network, wherein the mail server is to deliver the email message to a destination network address within the protected network.
  - 10. The at least one non-transitory machine readable storage medium of claim 9, wherein the instructions, when executed by the at least one processor, cause the at least one processor to perform operations comprising:
    - scanning the received email message for content prohibited by a local scan policy, wherein the email message is to be forwarded to the mail server responsive to not finding any prohibited content during the scanning.

11. An apparatus in a protected network, comprising:
- at least one processor; and
  
  an inbound policy module that, when executed by the at least one processor, is to;
  
  receive message metadata of an email message without receiving the email message;
  
  determine, based on the received message metadata, whether receiving the email message in the protected network is prohibited by one or more metadata policies;
  
  send a request for scan results data of the email message if receiving the email message is determined not to be prohibited by the one or more metadata policies;
  
  receive the scan results data without receiving the email message;
  
  determine, based on the received scan results data, whether receiving the email message in the protected network is prohibited by one or more scan policies; and
  
  send a response to block the email message from being forwarded to the protected network if receiving the email message in the protected network is determined to be prohibited by the one or more scan policies.
- View Dependent Claims (12, 13, 14)
- - 12. The apparatus of claim 11, wherein the message metadata includes connection information and protocol information associated with the email message.
  - 13. The apparatus of claim 11, wherein user configuration information including the one or more metadata policies and the one or more scan policies is stored in at least one memory element in the protected network.
  - 14. The apparatus of claim 11, wherein the inbound policy module is to:
    - send a request for the email message if receiving the email message in the protected network is determined not to be prohibited by the one or more metadata policies and if receiving the email message in the protected network is determined not to be prohibited by the one or more scan policies.

15. A method for applying policies to an email message, comprising:
- receiving, in a protected network, message metadata of an email message without receiving the email message;
  
  determining, based on the received message metadata, whether receiving the email message in the protected network is prohibited by one or more metadata policies;
  
  sending a request for scan results data of the email message if receiving the email message is determined not to be prohibited by the one or more metadata policies;
  
  receiving the scan results data without receiving the email message;
  
  determining, based on the received scan results data, whether receiving the email message in the protected network is prohibited by one or more scan policies; and
  
  sending a response to block the email message from being forwarded to the protected network if receiving the email message in the protected network is determined to be prohibited by the one or more scan policies.
- View Dependent Claims (16)
- - 16. The method of claim 15, wherein the response is sent to an email threat sensor in a cloud email network, wherein the email threat sensor received the email message from a sending client in another network.

17. The method of 15, further comprising:
- sending a request for the email message if receiving the email message in the protected network is determined not to be prohibited by the one or more metadata policies and if receiving the email message in the protected network is determined not to be prohibited by the one or more scan policies.

18. A system for applying policies to an email message, the system comprising:
- first logic, when executed by at least one processor in a cloud network is to;
  
  receive an email message en route to a protected network;
  
  send message metadata of the email message to the protected network without sending the email message; and
  
  responsive to receiving a request for scan results data, scan the email message for threats to generate scan results data and send the scan results data to the protected network without sending the email message; and
  
  second logic, when executed by at least one processor in the protected network is to;
  
  receive, from the email threat sensor, the message metadata and the scan results data; and
  
  send a request to the email threat sensor for the email message if receiving the email message in the protected network is determined to be allowed based on the received message metadata and the received scan results data.
- View Dependent Claims (19, 20)
- - 19. The system according to claim 18, wherein the second logic is to:
    - send a response to the cloud network to block the email message from being forwarded to the protected network if receiving the email message in the protected network is determined to be prohibited by at least one scan policy or at least one metadata policy.
  - 20. The system according to claim 18, wherein the message metadata includes connection information and protocol information associated with the email message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Skyhigh Security LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Liebmann, Nicholas, Neal, Peter, Bishop, Michael G., Cragin, Justin, Driscoll, Michael

Granted Patent

US 9,705,889 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 63/0227   Filtering policies mail mes...

H04L 63/105   Multiple levels of security

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

CLOUD EMAIL MESSAGE SCANNING WITH LOCAL POLICY APPLICATION IN A NETWORK ENVIRONMENT

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

9 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CLOUD EMAIL MESSAGE SCANNING WITH LOCAL POLICY APPLICATION IN A NETWORK ENVIRONMENT

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links