Cloud email message scanning with local policy application in a network environment

US 9,049,235 B2
Filed: 11/21/2012
Issued: 06/02/2015
Est. Priority Date: 07/16/2012
Status: Active Grant

First Claim

Patent Images

1. A method for applying policies to an email message, comprising:

receiving, by an inbound policy module in a protected network, message metadata of an email message en route to an intended recipient associated with the protected network, wherein the message metadata is to be received without the email message;

determining, based on the message metadata, whether receiving the email message in the protected network is prohibited by at least one metadata policy of one or more metadata policies;

sending a response from the protected network to block the email message from being forwarded to the protected network if receiving the email message in the protected network is determined to be prohibited by the at least one metadata policy;

sending a request from the protected network for scan results data for the email message if receiving the email message in the protected network is determined not to be prohibited by the one or more metadata policies;

receiving, by the inbound policy module in the protected network, the scan results data;

determining, based on the scan results data, whether receiving the email message in the protected network is prohibited by at least one scan policy of one or more scan policies;

sending a particular response from the protected network to block the email message from being forwarded to the protected network if receiving the email message in the protected network is prohibited by the at least one scan policy;

sending a request from the protected network for the email message if receiving the email message in the protected network is not prohibited by the one or more scan policies;

receiving, by the inbound policy module in the protected network, the email message in response to the request for the email message; and

forwarding the email message to a destination network address associated with a recipient email address, wherein the destination network address is in the protected network.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for applying policies to an email message includes receiving, by an inbound policy module in a protected network, message metadata of an email message. The method also includes determining, based on the message metadata, whether receiving the email message in the protected network is prohibited by at least one metadata policy. The method further includes blocking the email message from being forwarded to the protected network if receiving the email message in the protected network is prohibited by the metadata policy. In specific embodiments, the method includes requesting scan results data for the email message if receiving the email message in the protected network is not prohibited by one or more metadata policies. In further embodiments, the method includes receiving the scan results data and requesting the email message if receiving the email message in the protected network is not prohibited by one or more scan policies.

23 Citations

View as Search Results

15 Claims

1. A method for applying policies to an email message, comprising:
- receiving, by an inbound policy module in a protected network, message metadata of an email message en route to an intended recipient associated with the protected network, wherein the message metadata is to be received without the email message;
  
  determining, based on the message metadata, whether receiving the email message in the protected network is prohibited by at least one metadata policy of one or more metadata policies;
  
  sending a response from the protected network to block the email message from being forwarded to the protected network if receiving the email message in the protected network is determined to be prohibited by the at least one metadata policy;
  
  sending a request from the protected network for scan results data for the email message if receiving the email message in the protected network is determined not to be prohibited by the one or more metadata policies;
  
  receiving, by the inbound policy module in the protected network, the scan results data;
  
  determining, based on the scan results data, whether receiving the email message in the protected network is prohibited by at least one scan policy of one or more scan policies;
  
  sending a particular response from the protected network to block the email message from being forwarded to the protected network if receiving the email message in the protected network is prohibited by the at least one scan policy;
  
  sending a request from the protected network for the email message if receiving the email message in the protected network is not prohibited by the one or more scan policies;
  
  receiving, by the inbound policy module in the protected network, the email message in response to the request for the email message; and
  
  forwarding the email message to a destination network address associated with a recipient email address, wherein the destination network address is in the protected network.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the response is sent to an email threat sensor in a cloud network, wherein the email threat sensor received the email message from a sending client in another network.
  - 3. The method of claim 1, further comprising:
    - scanning the received email message for content prohibited by one or more local scan policies; and
      
      responsive to finding at least some prohibited content during the scanning, quarantining the email message.
  - 4. The method of claim 1, further comprising:
    - scanning the received email message for content prohibited by one or more local scan policies; and
      
      responsive to finding at least some prohibited content during the scanning, blocking the email message from being delivered to the intended recipient of the email message.
  - 5. The method of claim 1, further comprising:
    - scanning the received email message for content prohibited by one or more local scan policies; and
      
      responsive to not finding any prohibited content during the scanning, forwarding the email message to a mail server in the protected network, wherein the mail server delivers the email message to the intended recipient of the email message.

6. At least one non-transitory machine readable storage medium having instructions stored thereon for applying policies to an email message, the instructions when executed by a processor cause the processor to:
- receive, by an inbound policy module in a protected network, message metadata of an email message en route to an intended recipient associated with the protected network, wherein the message metadata is to be received without the email message;
  
  determine, based on the message metadata, whether receiving the email message in the protected network is prohibited by at least one metadata policy of one or more metadata policies;
  
  send a response from the protected network to block the email message from being forwarded to the protected network if receiving the email message in the protected network is determined to be prohibited by the at least one metadata policy;
  
  send a request from the protected network for scan results data for the email message if receiving the email message in the protected network is determined not to be prohibited by the one or more metadata policies;
  
  receive, by the inbound policy module in the protected network, the scan results data;
  
  determine, based on the scan results data, whether receiving the email message in the protected network is prohibited by at least one scan policy of one or more scan policies;
  
  send a particular response from the protected network to block the email message from being forwarded to the protected network if receiving the email message in the protected network is prohibited by the at least one scan policy;
  
  send a request from the protected network for the email message if receiving the email message in the protected network is not prohibited by the one or more scan policies;
  
  receive, by the inbound policy module in the protected network, the email message in response to the request for the email message; and
  
  forward the email message to a mail server in the protected network, wherein the mail server delivers the email message to the intended recipient of the email message.
- View Dependent Claims (7)
- - 7. The at least one non-transitory machine readable storage medium of claim 6, wherein the response is to be sent to an email threat sensor in a cloud network, wherein the email threat sensor is to receive the email message from a sending client in another network.

8. At least one non-transitory machine readable storage medium having instructions stored thereon for applying policies to an email message, the instructions when executed by a processor cause the processor to:
- receive, by an inbound policy module in a protected network, message metadata of an email message en route to an intended recipient associated with the protected network, wherein the message metadata is to be received without the email message;
  
  determine, based on the message metadata, whether receiving the email message in the protected network is prohibited by at least one metadata policy of one or more metadata policies;
  
  send a response from the protected network to block the email message from being forwarded to the protected network if receiving the email message in the protected network is determined to be prohibited by the at least one metadata policy;
  
  send a request from the protected network for scan results data for the email message if receiving the email message in the protected network is determined not to be prohibited by the one or more metadata policies;
  
  receive, by the inbound policy module in the protected network, the scan results data;
  
  determine, based on the scan results data, whether receiving the email message in the protected network is prohibited by at least one scan policy of one or more scan policies;
  
  send a particular response from the protected network to block the email message from being forwarded to the protected network if receiving the email message in the protected network is prohibited by the at least one scan policy;
  
  send a request from the protected network for the email message if receiving the email message in the protected network is not prohibited by the one or more scan policies;
  
  receive, by the inbound policy module in the protected network, the email message in response to the request for the email message;
  
  scan the received email message for content prohibited by one or more local scan policies; and
  
  responsive to finding at least some prohibited content during the scanning, quarantine the email message.

9. At least one non-transitory machine readable storage medium having instructions stored thereon for applying policies to an email message, the instructions when executed by a processor cause the processor to:
- receive, by an inbound policy module in a protected network, message metadata of an email message en route to an intended recipient associated with the protected network, wherein the message metadata is to be received without the email message;
  
  determine, based on the message metadata, whether receiving the email message in the protected network is prohibited by at least one metadata policy of one or more metadata policies;
  
  send a response from the protected network to block the email message from being forwarded to the protected network if receiving the email message in the protected network is determined to be prohibited by the at least one metadata policy;
  
  send a request from the protected network for scan results data for the email message if receiving the email message in the protected network is determined not to be prohibited by the one or more metadata policies;
  
  receive, by the inbound policy module in the protected network, the scan results data;
  
  determine, based on the scan results data, whether receiving the email message in the protected network is prohibited by at least one scan policy of one or more scan policies;
  
  send a particular response from the protected network to block the email message from being forwarded to the protected network if receiving the email message in the protected network is prohibited by the at least one scan policy;
  
  send a request from the protected network for the email message if receiving the email message in the protected network is not prohibited by the one or more scan policies;
  
  receive, by the inbound policy module in the protected network, the email message in response to the request for the email message;
  
  scan the received email message for content prohibited by one or more local scan policies; and
  
  responsive to finding at least some prohibited content during the scanning, block the email message from being delivered to the intended recipient of the email message.

10. At least one non-transitory machine readable storage medium having instructions stored thereon for applying policies to an email message, the instructions when executed by a processor cause the processor to:
- receive, by an inbound policy module in a protected network, message metadata of an email message en route to an intended recipient associated with the protected network, wherein the message metadata is to be received without the email message;
  
  determine, based on the message metadata, whether receiving the email message in the protected network is prohibited by at least one metadata policy of one or more metadata policies;
  
  send a response from the protected network to block the email message from being forwarded to the protected network if receiving the email message in the protected network is determined to be prohibited by the at least one metadata policy;
  
  send a request from the protected network for scan results data for the email message if receiving the email message in the protected network is determined not to be prohibited by the one or more metadata policies;
  
  receive, by the inbound policy module in the protected network, the scan results data;
  
  determine, based on the scan results data, whether receiving the email message in the protected network is prohibited by at least one scan policy of one or more scan policies;
  
  send a particular response from the protected network to block the email message from being forwarded to the protected network if receiving the email message in the protected network is prohibited by the at least one scan policy;
  
  send a request from the protected network for the email message if receiving the email message in the protected network is not prohibited by the one or more scan policies;
  
  receive the email message in response to the request for the email message;
  
  scan the received email message for content prohibited by a local scan policy; and
  
  responsive to not finding any prohibited content during the scanning, forward the email message to a mail server in the protected network, wherein the mail server is configured to deliver the email message to the intended recipient of the email message.

11. An apparatus for applying policies to an email message, comprising:
- a processor in a protected network; and
  
  an inbound policy module executing on the processor, the inbound policy module configured to;
  
  receive message metadata of an email message en route to an intended recipient associated with the protected network, wherein the message metadata is to be received without the email message;
  
  determine, based on the message metadata, whether receiving the email message in the protected network is prohibited by at least one metadata policy of one or more metadata policies;
  
  send a response from the protected network to block the email message from being forwarded to the protected network if receiving the email message in the protected network is determined to be prohibited by the at least one metadata policy;
  
  send a request from the protected network for scan results data for the email message if receiving the email message in the protected network is determined not to be prohibited by the one or more metadata policies;
  
  receive the scan results data;
  
  determine, based on the scan results data, whether receiving the email message in the protected network is prohibited by at least one scan policy of one or more scan policies;
  
  send a particular response from the protected network to block the email message from being forwarded to the protected network if receiving the email message in the protected network is prohibited by the at least one scan policy;
  
  send a request from the protected network for the email message if receiving the email message in the protected network is not prohibited by the one or more scan policies;
  
  receive the email message in response to the request for the email message; and
  
  forward the email message to a mail server in the protected network, wherein the mail server delivers the email message to the intended recipient of the email message.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The apparatus of claim 11, wherein the response is to be sent to an email threat sensor in a cloud network, wherein the email threat sensor is to receive the email message from a sending client in another network.
  - 13. The apparatus of claim 11, wherein the inbound policy module is further configured to:
    - scan the received email message for content prohibited by a local scan policy; and
      
      responsive to finding at least some prohibited content when the email message is scanned, quarantine the email message.
  - 14. The apparatus of claim 11, wherein the inbound policy module is further configured to:
    - scan the received email message for content prohibited by a local scan policy; and
      
      responsive to finding at least some prohibited content during the scanning, block the email message from being delivered to the intended recipient of the email message.
  - 15. The apparatus of claim 11, wherein the inbound policy module is further configured to:
    - scan the received email message for content prohibited by a local scan policy; and
      
      responsive to not finding any prohibited content during the scan, forward the email message to the mail server in the protected network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Skyhigh Security LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Liebmann, Nicholas, Neal, Peter, Bishop, Michael G., Cragin, Justin, Driscoll, Michael
Primary Examiner(s)
Kim, Jung
Assistant Examiner(s)
Kusyk, Janusz

Application Number

US13/683,976
Publication Number

US 20140020047A1
Time in Patent Office

923 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 63/0227   Filtering policies mail mes...

H04L 63/105   Multiple levels of security

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

Cloud email message scanning with local policy application in a network environment

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Cloud email message scanning with local policy application in a network environment

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others