METHOD AND APPARATUS FOR PROACTIVELY IDENTIFYING AND MITIGATING MALWARE ATTACKS VIA HOSTED WEB ASSETS
First Claim
1. A system to support identification and mitigation of malware attack via hosted Web assets, comprising:
- a Web asset assessment engine running on a host and configured toinitiate an assessment of one or more Web assets hosted by a target Web application or site protected by a Web application security device;
download the Web assets to be assessed in their native forms from the target Web application or site for assessment;
a threat detection engine running on a host and configured to accept and evaluate each of the Web assets downloaded from the target Web application or site for risk of malicious contents by generating a risk score for the Web asset, wherein each Web asset is evaluated based either on its fingerprint or its original file format;
a protection policy application engine running on a host and configured to create and correlate a plurality of policies with a set of identified malicious Web assets to mitigate threats of the Web assets hosted on the target Web application or site.
9 Assignments
0 Petitions
Accused Products
Abstract
A new approach is proposed that contemplates systems and methods to provide identification and mitigation of malware attack via Web assets hosted on a Web application, site, or platform in an automated and proactive manner. From the moment the Web assets are hosted on the Web application platform and protected by a Web application security device, the hosted Web assets are constantly monitored and assessed for potential risks. Whenever there is a new instance or a modification of a Web asset, a copy of the Web asset is automatically downloaded and analyzed for potential vulnerabilities. If a suspicious indicator of malicious contents in the Web asset is detected during the analysis, a plurality of security policies are created and applied to the Web application security device to mitigate threats of the Web asset and protect users of the Web application against malware attacks via the tampered Web asset.
142 Citations
29 Claims
-
1. A system to support identification and mitigation of malware attack via hosted Web assets, comprising:
-
a Web asset assessment engine running on a host and configured to initiate an assessment of one or more Web assets hosted by a target Web application or site protected by a Web application security device; download the Web assets to be assessed in their native forms from the target Web application or site for assessment; a threat detection engine running on a host and configured to accept and evaluate each of the Web assets downloaded from the target Web application or site for risk of malicious contents by generating a risk score for the Web asset, wherein each Web asset is evaluated based either on its fingerprint or its original file format; a protection policy application engine running on a host and configured to create and correlate a plurality of policies with a set of identified malicious Web assets to mitigate threats of the Web assets hosted on the target Web application or site. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer-implemented method to support identification and mitigation of malware attack via hosted Web assets, comprising:
-
initiating an assessment of one or more Web assets hosted by a target Web application or site protected by a Web application security device; downloading the Web assets to be assessed in their native forms from the target Web application or site for assessment; accepting and evaluating each of the Web assets downloaded from the target Web application or site for risk of malicious contents by generating a risk score for the Web asset, wherein each Web asset is evaluated based either on its fingerprint or its original file format; creating and correlating a plurality of policies with a set of identified malicious Web assets to mitigate threats of the malicious Web assets hosted on the target Web application or site. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. At least one computer-readable storage medium having computer-executable instructions embodied thereon, wherein, when executed by at least one processor, the computer-executable instructions cause the at least one processor to:
-
initiate an assessment of one or more Web assets hosted by a target Web application or site protected by a Web application security device; download the Web assets to be assessed in their native forms from the target Web application or site for assessment; accept and evaluate each of the Web assets downloaded from the target Web application or site for risk of malicious contents by generating a risk score for the Web asset, wherein each Web asset is evaluated based either on its fingerprint or its original file format; create and correlate a plurality of policies with a set of identified malicious Web assets to mitigate threats of the malicious Web assets hosted on the target Web application or site.
-
Specification