Network protection service
First Claim
1. A network protection method, the method comprising:
- receiving, within an internet service provider network, a Domain Name System (DNS) request in a system including a DNS resolver;
logging the DNS request;
classifying the DNS request based on an analysis of a DNS name associated with the DNS request;
taking a security action based on the classification;
analyzing network traffic and content after taking the security action; and
providing a feedback loop based on the analysis of the network traffic to improve future DNS request classifications, in which the feedback loop refers to live, real-time collection of DNS usage patterns from various network protection system (NPS) deployments.
3 Assignments
0 Petitions
Accused Products
Abstract
A network protection method is provided. The network protection method may include receiving a Domain Name System (DNS) request, logging the DNS request, classifying the DNS request based on an analysis of a DNS name associated with the DNS request, taking a security action based on the classification, analyzing network traffic after taking the security action, and providing substantially real-time feedback associated with the network traffic to improve future DNS request classifications. The method may further include receiving a DNS response and logging the DNS response. The analysis of the DNS name may include receiving DNS data related to the DNS name from a plurality of sources, receiving reputation data related to the plurality of sources, scoring each of the plurality of sources based on the reputation data, and aggregating the DNS data related to the DNS name based on the scoring.
119 Citations
20 Claims
-
1. A network protection method, the method comprising:
-
receiving, within an internet service provider network, a Domain Name System (DNS) request in a system including a DNS resolver; logging the DNS request; classifying the DNS request based on an analysis of a DNS name associated with the DNS request; taking a security action based on the classification; analyzing network traffic and content after taking the security action; and providing a feedback loop based on the analysis of the network traffic to improve future DNS request classifications, in which the feedback loop refers to live, real-time collection of DNS usage patterns from various network protection system (NPS) deployments. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification