Systems and methods for updating content detection devices and systems
First Claim
Patent Images
1. A content detection system comprising:
- at least one processor;
at least one memory device;
at least one network interface device;
content detection and configuration data stored on the at least one memory device;
an instruction set, stored in the at least one memory device and executable by the at least one processor to;
receive network traffic via the at least one network interface device;
process the received network traffic in view of the content detection and configuration data stored in the at least one memory device to determine whether the network traffic content complies with policies defined at least in part by the content detection and configuration data, wherein the determining of policy compliance includes user identification, content identification, and at least one of source verification and destination verification;
when the network traffic content is determined to not be compliant with the policies;
generate content detection data as a function of at least a portion of data included in the network traffic content;
store the generated content detection data on the at least one memory device;
determine an update station for receiving the content detection data; and
transmit, via a network interface device, the content detection data and data identifying at least one content detection module to receive the content detection data to the update station not in response to a request from the update station or a content detection module.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and software for processing received network traffic in view of content detection data and configuration data that defines policies to either block, permit, or to further evaluate network traffic content on the policies when network traffic is entering a network.
45 Citations
16 Claims
-
1. A content detection system comprising:
-
at least one processor; at least one memory device; at least one network interface device; content detection and configuration data stored on the at least one memory device; an instruction set, stored in the at least one memory device and executable by the at least one processor to; receive network traffic via the at least one network interface device; process the received network traffic in view of the content detection and configuration data stored in the at least one memory device to determine whether the network traffic content complies with policies defined at least in part by the content detection and configuration data, wherein the determining of policy compliance includes user identification, content identification, and at least one of source verification and destination verification; when the network traffic content is determined to not be compliant with the policies; generate content detection data as a function of at least a portion of data included in the network traffic content; store the generated content detection data on the at least one memory device; determine an update station for receiving the content detection data; and transmit, via a network interface device, the content detection data and data identifying at least one content detection module to receive the content detection data to the update station not in response to a request from the update station or a content detection module. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable medium with instructions stored thereon which when executed by at least one processor of a computing device, causes the computing device to:
-
receive network traffic content that includes suspicious content; perform analysis on the network traffic content to determine when the network traffic content contains a threat desired to be detected; when the network traffic content is determined to contain a threat desired to be detected, generate content detection for content detection modules to detect the threat in subsequently received network traffic content; store the content detection data on a data storage device; determine an update station for receiving the content detection data; and transmit, via a network interface device, the content detection data and data identifying at least one content detection module to receive the content detection data to the update station not in response to a request from the update station or a content detection module. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A method comprising:
-
receiving network traffic content that includes suspicious content; performing analysis on the network traffic content to determine when the network traffic content contains a threat desired to be detected; when the network traffic content is determined to contain a threat desired to be detected, generating content detection for content detection modules to detect the threat in subsequently received network traffic content; storing the content detection data on a data storage device; determining an update station for receiving the content detection data; and transmitting, via a network interface device, the content detection data and data identifying at least one content detection module to receive the content detection data to the update station not in response to a request from the update station or a content detection module. - View Dependent Claims (14, 15, 16)
-
Specification