LABELING NETWORK FLOWS ACCORDING TO SOURCE APPLICATIONS

US 20170310686A1
Filed: 04/22/2016
Published: 10/26/2017
Est. Priority Date: 04/22/2016
Status: Active Grant

First Claim

Patent Images

1. A computer program product for managing network flows comprising computer executable code embodied on a non-transitory computer readable medium that, when executing on a network device, performs the steps of:

receiving a network message from an endpoint at the network device, the network message including a source address for the endpoint, a destination address for an intended recipient of the network message, a label that identifies an application that generated the network message on the endpoint, and a payload of data;

processing the network message on the network device to extract the label;

determining a reputation of the application; and

routing the network message to the destination address conditionally based on the reputation of the application that generated the network message.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An enterprise security system is improved by instrumenting endpoints to explicitly label network flows according to sources of network traffic. When a network message from an endpoint is received at a gateway, firewall, or other network device/service, the network message may be examined to determine the application on the endpoint that originated the request, and this source information may be used to control routing or other handling of the network message.

47 Citations

View as Search Results

20 Claims

1. A computer program product for managing network flows comprising computer executable code embodied on a non-transitory computer readable medium that, when executing on a network device, performs the steps of:
- receiving a network message from an endpoint at the network device, the network message including a source address for the endpoint, a destination address for an intended recipient of the network message, a label that identifies an application that generated the network message on the endpoint, and a payload of data;
  
  processing the network message on the network device to extract the label;
  
  determining a reputation of the application; and
  
  routing the network message to the destination address conditionally based on the reputation of the application that generated the network message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer program product of claim 1 further comprising code that performs the step of caching the label for the application and the reputation of the application on the network device.
  - 3. The computer program product of claim 1 wherein the label includes a name of the endpoint.
  - 4. The computer program product of claim 1 wherein the label is cryptographically signed by the endpoint.
  - 5. The computer program product of claim 1 wherein the label includes the reputation of the application.
  - 6. The computer program product of claim 1 wherein the label includes a user identifier that identifies a user of the application on the endpoint.
  - 7. The computer program product of claim 1 wherein the network device includes a gateway.
  - 8. The computer program product of claim 1 wherein the network device includes a router.
  - 9. The computer program product of claim 1 wherein the network device includes a threat management facility for an enterprise network that includes the endpoint.

10. A method for managing network flows based on sources of data, the method comprising:
- receiving a network message from an endpoint at a network device, the network message including a source address for the endpoint, a destination address for an intended recipient of the network message, a label that identifies an application that generated the network message on the endpoint, and a payload of data;
  
  processing the network message on the network device to extract the label; and
  
  routing the network message based on the application that generated the network message.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method of claim 10 further comprising caching the label for the application and a reputation of the application on the network device.
  - 12. The method of claim 10 wherein the label includes a name of the endpoint.
  - 13. The method of claim 10 wherein the label is cryptographically signed by the endpoint.
  - 14. The method of claim 10 wherein the label includes a reputation of the application.
  - 15. The method of claim 10 wherein the label includes a user identifier that identifies a user of the application on the endpoint.

16. A system comprising:
- a network device including a network interface configured to couple the network device in a communicating relationship with a data network that includes an endpoint;
  
  a memory on the network device; and
  
  a processor on the network device, the processor configured to execute instructions stored in the memory to perform the steps of receiving a network message from an endpoint through the network interface, the network message including a source address for the endpoint, a destination address for an intended recipient of the network message, a label that identifies an application that generated the network message on the endpoint, and a payload of data;
  
  processing the network message to extract the label; and
  
  routing the network message based on the application that generated the network message.
- View Dependent Claims (17, 18, 19)
- - 17. The system of claim 16 wherein the network device includes at least one of a gateway, a router, and a threat management facility.
  - 18. The system of claim 16 wherein the processor is further configured to perform the steps of determining a reputation of the application and routing the network message to the destination address conditionally based on the reputation of the application that generated the network message.
  - 19. The system of claim 16 wherein the processor is further configured to extract a user identifier from the label that identifies a user of the application on the endpoint.

20. A system comprising:
- an endpoint including a network interface configured to couple the endpoint in a communicating relationship with a data network;
  
  a memory on the endpoint; and
  
  a processor on the endpoint, the processor configured to execute instructions stored in the memory to perform the steps of generating a label for a network message created by a process executing on the endpoint and associated with an application, wherein the network message includes a payload and a header and wherein the label includes an identifier for the application;
  
  adding the label to the header of the network message; and
  
  transmitting the network message through the network interface to a remote location on the data network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sophos Limited (Sophos Group Ltd.)
Original Assignee
Sophos Limited (Sophos Group Ltd.)
Inventors
Ray, Kenneth D., Thomas, Andrew J., Harris, Mark David

Granted Patent

US 11,277,416 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0435   wherein the sending and rec...

H04L 63/045   wherein the sending and rec...

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/107   wherein the security polici...

H04L 63/123   received data contents, e.g...

H04L 63/1408   by monitoring network traff...

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

H04L 9/3247   involving digital signatures

LABELING NETWORK FLOWS ACCORDING TO SOURCE APPLICATIONS

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

LABELING NETWORK FLOWS ACCORDING TO SOURCE APPLICATIONS

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links