SYSTEM AND METHOD OF ASSIGNING REPUTATION SCORES TO HOSTS
First Claim
1. A method comprising:
- receiving network traffic from a host having a host IP address and operating in a data center, wherein data associated with the network traffic is received from at least a first capture agent at a device hardware layer of the data center, a second capture agent at a hypervisor layer of the data center, and a third capture agent at a virtual machine layer of the data center;
analyzing a malware tracker for IP addresses of hosts having been infected by a malware to yield an analysis; and
when the analysis indicates that the host IP address has been used to communicate with an external host infected by the malware to yield an indication, assigning a reputation score, based on the indication, to the host.
1 Assignment
0 Petitions
Accused Products
Abstract
A method provides for receiving network traffic from a host having a host IP address and operating in a data center, and analyzing a malware tracker for IP addresses of hosts having been infected by a malware to yield an analysis. When the analysis indicates that the host IP address has been used to communicate with an external host infected by the malware to yield an indication, the method includes assigning a reputation score, based on the indication, to the host. The method can further include applying a conditional policy associated with using the host based on the reputation score. The reputation score can include a reduced reputation score from a previous reputation score for the host.
-
Citations
20 Claims
-
1. A method comprising:
-
receiving network traffic from a host having a host IP address and operating in a data center, wherein data associated with the network traffic is received from at least a first capture agent at a device hardware layer of the data center, a second capture agent at a hypervisor layer of the data center, and a third capture agent at a virtual machine layer of the data center; analyzing a malware tracker for IP addresses of hosts having been infected by a malware to yield an analysis; and when the analysis indicates that the host IP address has been used to communicate with an external host infected by the malware to yield an indication, assigning a reputation score, based on the indication, to the host. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
a processor; and a computer-readable storage medium storing instructions which, when executed by the processor, cause the processor to perform operations comprising; receiving network traffic from a host having a host IP address and operating in a data center, wherein data associated with the network traffic is received from at least a first capture agent at a device hardware layer of the data center, a second capture agent at a hypervisor layer of the data center, and a third capture agent at a virtual machine layer of the data center; analyzing a malware tracker for IP addresses of hosts having been infected by a malware to yield an analysis; and when the analysis indicates that the host IP address has been used to communicate with an external host infected by the malware to yield an indication, assigning a reputation score, based on the indication, to the host. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer-readable storage device storing instructions which, when executed by a processor, cause the processor to perform operations comprising:
-
receiving network traffic from a host having a host IP address and operating in a data center, wherein data associated with the network traffic is received from at least a first capture agent at a device hardware layer of the data center, a second capture agent at a hypervisor layer of the data center, and a third capture agent at a virtual machine layer of the data center; analyzing a malware tracker for IP addresses of hosts having been infected by a malware to yield an analysis; and when the analysis indicates that the host IP address has been used to communicate with an external host infected by the malware to yield an indication, assigning a reputation score, based on the indication, to the host. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification