TECHNIQUES FOR SECURELY DETECTING COMPROMISES OF ENTERPRISE END STATIONS UTILIZING TUNNEL TOKENS
First Claim
1. A method in a cloud network to detect compromises of enterprise end stations within an enterprise network based on tokens tunneled outside of the enterprise network to the cloud network, comprising:
- receiving, at a tunnel gateway server within the cloud network that is implemented by one or more electronic devices, a first set of one or more packets via a tunnel across a public network from a first server within the enterprise network, wherein the first set of one or more packets were generated by the first server responsive to the first server receiving a second set of one or more packets that originated from within the enterprise network and that included data and a source enterprise network address, wherein the first set of one or more packets includes the data and an identifier but does not include the source enterprise network address so that the source enterprise network address is not disclosed outside of the enterprise network, wherein the data includes a token; and
transmitting, by the tunnel gateway server, the data within a third set of one or more packets to a second server that acts as if it were an enterprise server within the enterprise network but is actually outside of the enterprise network and does not store enterprise data, wherein the presence of the token in the third set of one or more packets allows for determining whether one of the enterprise end station has been compromised, wherein outside of the enterprise the identifier distinguishes between traffic transmitted from different source enterprise network addresses without disclosing the different source enterprise network addresses.
1 Assignment
0 Petitions
Accused Products
Abstract
A method in a cloud network to detect compromises within an enterprise network based on tokens tunneled outside of the enterprise network to the cloud network. The method includes receiving, at a tunnel gateway server within the cloud network, a first set of packets via a tunnel across a public network from a first server within the enterprise network, where the first set of packets were generated responsive to the first server receiving a second set of packets that originated from within the enterprise network and that included data and a source enterprise network address, where the first set of packets does not include the source enterprise network address and the data includes a token. The method further includes transmitting, by the tunnel gateway server, the data within a third set of packets to a second server that acts as if it were an enterprise server within the enterprise network.
14 Citations
20 Claims
-
1. A method in a cloud network to detect compromises of enterprise end stations within an enterprise network based on tokens tunneled outside of the enterprise network to the cloud network, comprising:
-
receiving, at a tunnel gateway server within the cloud network that is implemented by one or more electronic devices, a first set of one or more packets via a tunnel across a public network from a first server within the enterprise network, wherein the first set of one or more packets were generated by the first server responsive to the first server receiving a second set of one or more packets that originated from within the enterprise network and that included data and a source enterprise network address, wherein the first set of one or more packets includes the data and an identifier but does not include the source enterprise network address so that the source enterprise network address is not disclosed outside of the enterprise network, wherein the data includes a token; and transmitting, by the tunnel gateway server, the data within a third set of one or more packets to a second server that acts as if it were an enterprise server within the enterprise network but is actually outside of the enterprise network and does not store enterprise data, wherein the presence of the token in the third set of one or more packets allows for determining whether one of the enterprise end station has been compromised, wherein outside of the enterprise the identifier distinguishes between traffic transmitted from different source enterprise network addresses without disclosing the different source enterprise network addresses. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable storage medium having stored therein instructions which, when executed by one or more processors of a device, causes the device to implement a tunnel gateway server in a cloud network to detect compromises of enterprise end stations within an enterprise network based on tokens tunneled outside of the enterprise network to the cloud network by performing operations comprising:
-
receiving a first set of one or more packets via a tunnel across a public network from a first server within the enterprise network, wherein the first set of one or more packets were generated by the first server responsive to the first server receiving a second set of one or more packets that originated from within the enterprise network and that included data and a source enterprise network address, wherein the first set of one or more packets includes the data and an identifier but does not include the source enterprise network address so that the source enterprise network address is not disclosed outside of the enterprise network, wherein the data includes a token; and transmitting the data within a third set of one or more packets to a second server that acts as if it were an enterprise server within the enterprise network but is actually outside of the enterprise network and does not store enterprise data, wherein the presence of the token in the third set of one or more packets allows for determining whether one of the enterprise end station has been compromised, wherein outside of the enterprise the identifier distinguishes between traffic transmitted from different source enterprise network addresses without disclosing the different source enterprise network addresses. - View Dependent Claims (14, 15, 16)
-
-
17. A network device, comprising:
-
one or more processors; and a non-transitory computer-readable storage medium having instructions stored therein which, when executed by the one or more processors, causes the device to implement a tunnel gateway server in a cloud network to detect compromises of enterprise end stations within an enterprise network based on tokens tunneled outside of the enterprise network to the cloud network by being adapted to; receive a first set of one or more packets via a tunnel across a public network from a first server within the enterprise network, wherein the first set of one or more packets were generated by the first server responsive to the first server receiving a second set of one or more packets that originated from within the enterprise network and that included data and a source enterprise network address, wherein the first set of one or more packets includes the data and an identifier but does not include the source enterprise network address so that the source enterprise network address is not disclosed outside of the enterprise network, wherein the data includes a token and transmit the data within a third set of one or more packets to a second server that acts as if it were an enterprise server within the enterprise network but is actually outside of the enterprise network and does not store enterprise data, wherein the presence of the token in the third set of one or more packets allows for determining whether one of the enterprise end station has been compromised, wherein outside of the enterprise the identifier distinguishes between traffic transmitted from different source enterprise network addresses without disclosing the different source enterprise network addresses. - View Dependent Claims (18, 19, 20)
-
Specification