NETWORK DEVICE FOR SECURING ENDPOINTS IN A HETEROGENEOUS ENTERPRISE NETWORK

US 20190312843A1
Filed: 04/04/2018
Published: 10/10/2019
Est. Priority Date: 04/04/2018
Status: Active Grant

First Claim

Patent Images

1. A computer program product comprising computer executable code embodied on a non-transitory computer readable medium that, when executing on one or more processors of a network translation device that couples a subnet including a plurality of endpoints to an enterprise network, causes the network translation device to perform the steps of:

translating address information between a first routing prefix for the subnet and a second routing prefix for a network external to the subnet;

detecting a compromised one of the plurality of endpoints on the subnet based on an error in a heartbeat from the one of the plurality of endpoints;

blocking traffic between the compromised one of the plurality of endpoints and the enterprise network outside the subnet; and

directing one or more of the plurality of endpoints other than the compromised one of the plurality of endpoints to stop network communications on the subnet with the compromised one of the plurality of endpoints.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network address translation device or similarly situated network device can cooperate with endpoints on a subnet of an enterprise network to secure endpoints within the subnet. For example, the network address translation device may be configured, either alone or in cooperation with other network devices, to block traffic from a compromised endpoint to destinations outside the subnet, and to direct other endpoints within the subnet to stop network communications with the compromised endpoint.

19 Citations

20 Claims

1. A computer program product comprising computer executable code embodied on a non-transitory computer readable medium that, when executing on one or more processors of a network translation device that couples a subnet including a plurality of endpoints to an enterprise network, causes the network translation device to perform the steps of:
- translating address information between a first routing prefix for the subnet and a second routing prefix for a network external to the subnet;
  
  detecting a compromised one of the plurality of endpoints on the subnet based on an error in a heartbeat from the one of the plurality of endpoints;
  
  blocking traffic between the compromised one of the plurality of endpoints and the enterprise network outside the subnet; and
  
  directing one or more of the plurality of endpoints other than the compromised one of the plurality of endpoints to stop network communications on the subnet with the compromised one of the plurality of endpoints.
- View Dependent Claims (2, 3)
- - 2. The computer program product of claim 1 wherein the error in the heartbeat includes an omission of an expected heartbeat.
  - 3. The computer program product of claim 1 wherein the error in the heartbeat includes an error in content of the heartbeat.

4. A method for operating a network device that couples a subnet including a plurality of endpoints to an enterprise network, the method including:
- detecting a compromised one of the plurality of endpoints on the subnet;
  
  blocking traffic between the compromised one of the plurality of endpoints and the enterprise network outside the subnet; and
  
  directing one or more of the plurality of endpoints other than the compromised one of the plurality of endpoints to stop network communications on the subnet with the compromised one of the plurality of endpoints.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 5. The method of claim 4 wherein detecting the compromised one of the plurality of endpoints includes receiving a notification from the compromised one of the plurality of endpoints.
  - 6. The method of claim 4 wherein detecting the compromised one of the plurality of endpoints includes receiving a notification from one of the plurality of endpoints other than the compromised one of the plurality of endpoints.
  - 7. The method of claim 4 wherein detecting the compromised one of the plurality of endpoints includes detecting potentially malicious traffic to or from the compromised one of the plurality of endpoints at the network device.
  - 8. The method of claim 7 further comprising querying each of the endpoints coupled to the subnet to identify a source of the potentially malicious traffic.
  - 9. The method of claim 8 further comprising:
    - when the source is identified, preventing communications through the network device by the source; and
      
      when the source is not identified, preventing communications by any of the endpoints through the network device.
  - 10. The method of claim 4 wherein detecting the compromised one of the plurality of endpoints includes receiving a notification from a firewall in the enterprise network outside the subnet.
  - 11. The method of claim 4 further comprising, in response to detecting the compromised one of the plurality of endpoints, directing communications from the one or more of the plurality of endpoints other than the compromised one of the plurality of endpoints through a virtual private network.
  - 12. The method of claim 11 wherein the virtual private network physically passes through the network device.
  - 13. The method of claim 11 wherein the virtual private network physically circumvents the network device.
  - 14. The method of claim 4 further comprising determining a security status of each of the one or more of the plurality of endpoints other than the compromised one of the plurality of endpoints and permitting network communications through the network device only from devices meeting one or more security conditions.
  - 15. The method of claim 14 wherein the one or more security conditions include a presence of a secure heartbeat.
  - 16. The method of claim 14 wherein the one or more security conditions include an indication of security compliance from a local security agent.
  - 17. The method of claim 4 further comprising translating network traffic at the network device between a first routing prefix for the subnet and a second routing prefix for a network external to the subnet.
  - 18. The method of claim 4 wherein the network device includes a network address translation device.
  - 19. The method of claim 4 wherein the network device includes at least one of a router and a gateway.

20. A network device comprising:
- a first network interface to an external network;
  
  a second network interface to a subnet;
  
  one or more processors; and
  
  a memory bearing instructions executable by the one or more processors to translate network traffic between a first routing prefix for the external network and a second routing prefix for the subnet, the memory further bearing instructions executable by the one or more processors to secure a plurality of endpoints connected to the subnet by detecting a compromised one of the plurality of endpoints on the subnet, blocking traffic between the compromised one of the plurality of endpoints and the external network outside the subnet, and directing one or more of the plurality of endpoints other than the compromised one of the plurality of endpoints to stop network communications on the subnet with the compromised one of the plurality of endpoints.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sophos Limited (Sophos Group Ltd.)
Original Assignee
Sophos Limited (Sophos Group Ltd.)
Inventors
Grimm, Moritz Daniel, Stutz, Daniel, Thomas, Andrew J., Ray, Kenneth D.

Granted Patent

US 11,616,758 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 41/0213   Standardised network manage...

H04L 41/06   Management of faults, event...

H04L 41/0894   Policy-based network config...

H04L 41/0895   Configuration of virtualise...

H04L 41/40   using virtualisation of net...

H04L 43/10   Active monitoring, e.g. hea...

H04L 43/20   the monitoring system or th...

H04L 61/2514   between local and global IP...

H04L 61/256   NAT traversal

H04L 63/0209   Architectural arrangements,...

H04L 63/0236   Filtering by address, proto...

H04L 63/20   for managing network securi...

NETWORK DEVICE FOR SECURING ENDPOINTS IN A HETEROGENEOUS ENTERPRISE NETWORK

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

NETWORK DEVICE FOR SECURING ENDPOINTS IN A HETEROGENEOUS ENTERPRISE NETWORK

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links