LABELING NETWORK FLOWS ACCORDING TO SOURCE APPLICATIONS
First Claim
Patent Images
1. A computer program product for managing network flows comprising computer executable code embodied on a non-transitory computer readable medium that, when executing on a network device, performs the steps of:
- receiving a network message from an endpoint at the network device, the network message including a source address for the endpoint, a destination address for an intended recipient of the network message, a label that identifies an application that generated the network message on the endpoint, and a payload of data;
processing the network message on the network device to extract the label;
determining a reputation of the application; and
routing the network message to the destination address conditionally based on the reputation of the application that generated the network message.
4 Assignments
0 Petitions
Accused Products
Abstract
An enterprise security system is improved by instrumenting endpoints to explicitly label network flows according to sources of network traffic. When a network message from an endpoint is received at a gateway, firewall, or other network device/service, the network message may be examined to determine the application on the endpoint that originated the request, and this source information may be used to control routing or other handling of the network message.
47 Citations
20 Claims
-
1. A computer program product for managing network flows comprising computer executable code embodied on a non-transitory computer readable medium that, when executing on a network device, performs the steps of:
-
receiving a network message from an endpoint at the network device, the network message including a source address for the endpoint, a destination address for an intended recipient of the network message, a label that identifies an application that generated the network message on the endpoint, and a payload of data; processing the network message on the network device to extract the label; determining a reputation of the application; and routing the network message to the destination address conditionally based on the reputation of the application that generated the network message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for managing network flows based on sources of data, the method comprising:
-
receiving a network message from an endpoint at a network device, the network message including a source address for the endpoint, a destination address for an intended recipient of the network message, a label that identifies an application that generated the network message on the endpoint, and a payload of data; processing the network message on the network device to extract the label; and routing the network message based on the application that generated the network message. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A system comprising:
-
a network device including a network interface configured to couple the network device in a communicating relationship with a data network that includes an endpoint; a memory on the network device; and a processor on the network device, the processor configured to execute instructions stored in the memory to perform the steps of receiving a network message from an endpoint through the network interface, the network message including a source address for the endpoint, a destination address for an intended recipient of the network message, a label that identifies an application that generated the network message on the endpoint, and a payload of data;
processing the network message to extract the label; and
routing the network message based on the application that generated the network message. - View Dependent Claims (17, 18, 19)
-
-
20. A system comprising:
-
an endpoint including a network interface configured to couple the endpoint in a communicating relationship with a data network; a memory on the endpoint; and a processor on the endpoint, the processor configured to execute instructions stored in the memory to perform the steps of generating a label for a network message created by a process executing on the endpoint and associated with an application, wherein the network message includes a payload and a header and wherein the label includes an identifier for the application; adding the label to the header of the network message; and
transmitting the network message through the network interface to a remote location on the data network.
-
Specification