CONTEXT SHARING BETWEEN ENDPOINT DEVICE AND NETWORK SECURITY DEVICE USING IN-BAND COMMUNICATIONS
First Claim
1. A method comprising:
- at a network security device connected between a network and an endpoint device that is configured to host a client application, the client application configured to communicate with the network through the network security device using a request-response protocol;
receiving from the client application a request that is destined for the network and that seeks a response from the network, the request having a context header including context information about the client application;
determining whether the client application or a file accessed by the client application has a suspicious nature based on the context information; and
if it is determined that the client application or the file accessed by the client application has the suspicious nature;
blocking the request from the network; and
sending to the client application a response indicating the blocking.
1 Assignment
0 Petitions
Accused Products
Abstract
A network security device (NSD) is connected between a network and an endpoint device configured to host a client application. The client application communicates with the network through the network security device using a request-response protocol. The NSD receives from the client application a request destined for the network and that seeks a response from the network. The request has a context header including context information about the client application. The NSD determines whether the client application or a file accessed thereby has a suspicious nature based on the context information. If it is determined that the client application or the file accessed thereby has a suspicious nature, the NSD blocks the request from the network, and sends to the client application a response indicating the block.
-
Citations
23 Claims
-
1. A method comprising:
at a network security device connected between a network and an endpoint device that is configured to host a client application, the client application configured to communicate with the network through the network security device using a request-response protocol; receiving from the client application a request that is destined for the network and that seeks a response from the network, the request having a context header including context information about the client application; determining whether the client application or a file accessed by the client application has a suspicious nature based on the context information; and if it is determined that the client application or the file accessed by the client application has the suspicious nature; blocking the request from the network; and sending to the client application a response indicating the blocking. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. An apparatus comprising:
-
a network interface unit including network ports to connect with a network and an endpoint device that is configured to host a client application, the client application configured to communicate with the network through the apparatus using a request-response protocol; and a processor coupled to the network interface and configured to; receive from the client application a request that is destined for the network and that seeks a response from the network, the request having a context header including context information about the client application; determine whether the client application or a file accessed by the client application has a suspicious nature based on the context information; and if it is determined that the client application or the file accessed by the client application has the suspicious nature; block the request from the network; and send to the client application a response indicating the blocking. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A method comprising:
at a context agent hosted on an endpoint device that is connected with a network security device, the network security device connected with a network, the endpoint point device configured to host a client application configured to communicate with the network through the endpoint context agent and the network security device, using a request-response protocol; receiving from the client application a request destined for the network that seeks a response from the network; collecting context information about the client application; adding to the request a context header that includes the collected context information; sending to the network security device the request with the context header; and receiving from the network security device a response indicating whether the request has been blocked from the network. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
Specification