Differential threat detection processing
First Claim
1. A method of detecting a network security threat, comprising:
- classifying network traffic with a security risk related classification, the classification being determined at least in part by applying a threat detection heuristic to at least a portion of the network traffic;
tagging the network traffic with classification data that indicates the security risk related classification into which the network traffic has been classified;
sending the tagged network traffic, including the classification data, down each of a plurality of parallel paths, each path having associated with it one or more inline security measures configured to apply to the tagged network traffic one or more types of network security threat detection processing to an extent determined based at least in part on the classification data, wherein the same tagged network traffic is sent down each of the plurality of parallel paths;
processing the tagged network traffic sent down each of the plurality of parallel paths according to the respective one or more inline security measures based at least in part on the classification data, wherein processing the tagged network traffic sent down each of the plurality of parallel paths comprises dropping the tagged network traffic if the tagged network traffic fails a security check and forwarding the tagged network traffic if the tagged network traffic passes the security check;
determining whether the forwarded network traffic was received from a minimum number of the plurality of parallel paths; and
transmitting the forwarded network traffic based on the determination that the forwarded network traffic was received from at least the minimum number of the plurality of parallel paths.
3 Assignments
0 Petitions
Accused Products
Abstract
Detecting a network security threat is disclosed. Network traffic is classified with a security risk related classification, the classification being determined at least in part by applying a threat detection heuristic to at least a portion of the network traffic. Classification data that indicates the security risk related classification into which the network traffic has been classified is added to the network traffic. The network traffic is subjected to a level of network security threat detection processing that corresponds to the security risk related classification into which the network traffic has been classified as determined based at least in part on the classification data.
-
Citations
9 Claims
-
1. A method of detecting a network security threat, comprising:
-
classifying network traffic with a security risk related classification, the classification being determined at least in part by applying a threat detection heuristic to at least a portion of the network traffic; tagging the network traffic with classification data that indicates the security risk related classification into which the network traffic has been classified; sending the tagged network traffic, including the classification data, down each of a plurality of parallel paths, each path having associated with it one or more inline security measures configured to apply to the tagged network traffic one or more types of network security threat detection processing to an extent determined based at least in part on the classification data, wherein the same tagged network traffic is sent down each of the plurality of parallel paths; processing the tagged network traffic sent down each of the plurality of parallel paths according to the respective one or more inline security measures based at least in part on the classification data, wherein processing the tagged network traffic sent down each of the plurality of parallel paths comprises dropping the tagged network traffic if the tagged network traffic fails a security check and forwarding the tagged network traffic if the tagged network traffic passes the security check; determining whether the forwarded network traffic was received from a minimum number of the plurality of parallel paths; and transmitting the forwarded network traffic based on the determination that the forwarded network traffic was received from at least the minimum number of the plurality of parallel paths. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for detecting a network security threat, comprising:
-
a communication interface configured to receive network traffic; and a processor configured to; classify the received network traffic with a security risk related classification, the classification being determined at least in part by applying a threat detection heuristic to at least a portion of the network traffic; tag the network traffic with classification data that indicates the security risk related classification into which the network traffic has been classified; send the tagged network traffic, including the classification data, down each of a plurality of parallel paths, each path having associated with it one or more inline security measures configured to apply to the tagged network traffic one or more types of network security threat detection processing to an extent determined based at least in part on the classification data, wherein the same tagged network traffic is sent down each of the plurality of parallel paths; process the tagged network traffic sent down each of the plurality of parallel paths according to the respective one or more inline security measures based at least in part on the classification data, wherein processing the tagged network traffic sent down each of the plurality of parallel paths comprises dropping the tagged network traffic if the tagged network traffic fails a security check and forwarding the tagged network traffic if the tagged network traffic passes the security check; determining whether the forwarded network traffic was received from a minimum number of the plurality of parallel paths; and transmitting the forwarded network traffic based on the determination that the forwarded network traffic was received from at least the minimum number of the plurality of parallel paths.
-
-
9. A non-transitory computer readable storage medium having embodied thereon computer instructions which when executed by a computer cause the computer to perform a method comprising the steps of:
-
classifying network traffic with a security risk related classification, the classification being determined at least in part by applying a threat detection heuristic to at least a portion of the network traffic; tagging the network traffic with classification data that indicates the security risk related classification into which the network traffic has been classified; sending the tagged network traffic, including the classification data, down each of a plurality of parallel paths, each path having associated with it one or more inline security measures configured to apply to the tagged network traffic one or more types of network security threat detection processing to an extent determined based at least in part on the classification data, wherein the same tagged network traffic is sent down each of the plurality of parallel paths; processing the tagged network traffic sent down each of the plurality of parallel paths according to the respective one or more inline security measures based at least in part on the classification data, wherein processing the tagged network traffic sent down each of the plurality of parallel paths comprises dropping the tagged network traffic if the tagged network traffic fails a security check and forwarding the tagged network traffic if the tagged network traffic passes the security check; determining whether the forwarded network traffic was received from a minimum number of the plurality of parallel paths; and transmitting the forwarded network traffic based on the determination that the forwarded network traffic was received from at least the minimum number of the plurality of parallel paths.
-
Specification