Malware containment and security analysis on connection
First Claim
1. A malware containment method comprising:
- detecting a digital device upon connection with a communication network;
quarantining network data from the digital device for a predetermined period of time by configuring a switch to direct the network data from the digital device to a controller;
transmitting a command to the digital device to activate a security program to identify security risks;
analyzing the quarantined network data to identify malware within the digital device, the analyzing of the quarantined network data comprises (i) configuring a virtual machine to receive the network data and (ii) analyzing a response of the virtual machine to the network data to identify a malware attack; and
storing a result of the quarantined network data analysis in memory.
7 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for malware containment and security analysis on connection are provided. Digital devices are quarantined for a predetermined period of time upon connection to the communication network. When a digital device is quarantined, all network data transmitted by the digital device is directed to a controller which then analyzes the network data to identify unauthorized activity and/or malware within the newly connected digital device. An exemplary method to contain malware includes detecting a digital device upon connection with a communication network, quarantining network data from the digital device for a predetermined period of time, transmitting a command to the digital device to activate a security program to identify security risks, and analyzing the network data to identify malware within the digital device.
-
Citations
42 Claims
-
1. A malware containment method comprising:
-
detecting a digital device upon connection with a communication network; quarantining network data from the digital device for a predetermined period of time by configuring a switch to direct the network data from the digital device to a controller; transmitting a command to the digital device to activate a security program to identify security risks; analyzing the quarantined network data to identify malware within the digital device, the analyzing of the quarantined network data comprises (i) configuring a virtual machine to receive the network data and (ii) analyzing a response of the virtual machine to the network data to identify a malware attack; and storing a result of the quarantined network data analysis in memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
-
10. A malware containment system comprising:
-
a controller for containing malware; a memory; a quarantine module stored in the memory, and executed by the controller to detect a digital device upon connection with a communication network and quarantine network data from the digital device for a predetermined period of time by configuring a switch to direct the network data to the controller; a security module stored in the memory, and executed by the controller to transmit a command to the digital device to activate a security program to identify security risks; and an analysis module stored in the memory, and executed by the controller to; analyze the quarantined network data to identify malware within the digital device by (i) configuring a virtual machine to receive the quarantined network data and (ii) analyzing a response of the virtual machine to the quarantined network data to identify a malware attack, and store a result of the quarantined network data analysis in memory. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 38, 39, 40, 41)
-
-
19. A non-transitory machine readable medium having embodied thereon executable code, the executable code being executed by a processor for performing a method for malware containment, the method comprising:
-
detecting a digital device upon connection with a communication network; quarantining network data from the digital device for a predetermined period of time by configuring a switch to direct the network data from the digital device to a controller; transmitting a command to the digital device to activate a security program to identify security risks; analyzing the quarantined network data to identify malware within the digital device, the analyzing of the quarantined network data comprises (i) configuring a virtual machine to receive the network data and (ii) analyzing a response of the virtual machine to the network data to identify a malware attack; and storing a result of the quarantined network data analysis in memory. - View Dependent Claims (20, 21, 22, 23, 24, 42)
-
Specification