Systems and methods for updating content detection devices and systems

US 9,231,968 B2
Filed: 11/05/2013
Issued: 01/05/2016
Est. Priority Date: 03/12/2004
Status: Active Grant

First Claim

Patent Images

1. A network gateway device comprising:

at least one processor;

at least one memory device;

at least one network interface device;

content detection and configuration data stored on the at least one memory device; and

an instruction set, stored in the at least one memory device and executable by the at least one processor to;

receive network traffic via the at least one network interface device;

process the received network traffic in view of the content detection and configuration data stored in the at least one memory device to enforce policies defined at least in part by the content detection and configuration data and including at least one policy that defines a suspicious category of network traffic, the policy enforcement performed to determine whether to allow the received network traffic to pass, the policy enforcement including user identification, content identification, and at least one of source verification and destination verification, wherein when network traffic is determined to violate the at least one policy defining suspicious network traffic, forwarding the network traffic to an analysis process that will perform analysis on network traffic to determine whether the network traffic contains a threat desired to be detected and, when the network traffic is determined to contain a threat desired to be detected, the analysis process generates additional content detection data to detect the threat in subsequently received network traffic;

receive, via the network interface device, the additional content detection data indirectly from the analysis process via an update station;

store the additional content detection data on the at least one memory device;

process subsequently received network traffic in view of the additional content detection data;

block network traffic determined to violate at least one policy; and

allow network traffic to pass that does not violate a policy.

View all claims

0 Assignments

Timeline View

Assignment View

1 Petition

Accused Products

Abstract

Systems, methods, and software for processing received network traffic content in view of content detection data and configuration data to either block, permit, or to further evaluate network traffic content when entering a network.

Citations

9 Claims

1. A network gateway device comprising:
- at least one processor;
  
  at least one memory device;
  
  at least one network interface device;
  
  content detection and configuration data stored on the at least one memory device; and
  
  an instruction set, stored in the at least one memory device and executable by the at least one processor to;
  
  receive network traffic via the at least one network interface device;
  
  process the received network traffic in view of the content detection and configuration data stored in the at least one memory device to enforce policies defined at least in part by the content detection and configuration data and including at least one policy that defines a suspicious category of network traffic, the policy enforcement performed to determine whether to allow the received network traffic to pass, the policy enforcement including user identification, content identification, and at least one of source verification and destination verification, wherein when network traffic is determined to violate the at least one policy defining suspicious network traffic, forwarding the network traffic to an analysis process that will perform analysis on network traffic to determine whether the network traffic contains a threat desired to be detected and, when the network traffic is determined to contain a threat desired to be detected, the analysis process generates additional content detection data to detect the threat in subsequently received network traffic;
  
  receive, via the network interface device, the additional content detection data indirectly from the analysis process via an update station;
  
  store the additional content detection data on the at least one memory device;
  
  process subsequently received network traffic in view of the additional content detection data;
  
  block network traffic determined to violate at least one policy; and
  
  allow network traffic to pass that does not violate a policy.
- View Dependent Claims (2, 3)
- - 2. The network gateway device of claim 1, wherein the analysis process, to which the network traffic content is forwarded, executes on a computing device distinct from the network gateway device.
  - 3. The network gateway device of claim 2, wherein the analysis process facilitates an analysis that includes receiving administrator input.

4. A method comprising:
- receiving network traffic via at least one network interface device;
  
  processing the received network traffic, by executing instructions on at least one processor of a data network device, in view of content detection and configuration data stored on at least one memory device to enforce policies defined at least in part by the content detection and configuration data and including at least one policy that defines a suspicious category of network traffic, the policy enforcement performed to determine whether to allow the received network traffic to pass on a data network, the policy enforcement including user identification, content identification, and at least one of source verification and destination verification;
  
  when network traffic is determined to violate the at least one policy defining suspicious network traffic, forwarding the network traffic to an analysis process that will perform analysis on network traffic to determine whether the network traffic contains a threat desired to be detected and, when the network traffic is determined to contain a threat desired to be detected, the analysis process generates additional content detection data to detect the threat in subsequently received network traffic;
  
  receiving, via the at least one network interface device, the additional content detection data indirectly from the analysis process via an update station;
  
  storing the additional content detection data on the at least one memory device;
  
  processing subsequently received network traffic in view of the additional content detection data;
  
  blocking network traffic determined to violate at least one policy; and
  
  allowing network traffic to pass on the data network that does not violate a policy.
- View Dependent Claims (5, 6)
- - 5. The method of claim 4, wherein the analysis process, to which the network traffic content is forwarded, executes on a computing device distinct from the data network device.
  - 6. The method of claim 5, wherein the analysis process facilitates an analysis that includes receiving administrator input.

7. A non-transitory computer-readable medium with instructions stored thereon which when executed by at least one processor of a data network device, causes the data network device to:
- receive network traffic via at least one network interface device;
  
  process the received network traffic in view of content detection and configuration data stored on at least one memory device to enforce policies defined at least in part by the content detection and configuration data and including at least one policy that defines a suspicious category of network traffic, the policy enforcement performed to determine whether to allow the received network traffic to pass on a data network, the policy enforcement including user identification, content identification, and at least one of source verification and destination verification;
  
  when network traffic is determined to violate the at least one policy defining suspicious network traffic, forward the network traffic to an analysis process that will perform analysis on network traffic to determine whether the network traffic contains a threat desired to be detected and, when the network traffic is determined to contain a threat desired to be detected, the analysis process generates additional content detection data to detect the threat in subsequently received network traffic;
  
  receive, via the at least one network interface device, the additional content detection data indirectly from the analysis process via an update station;
  
  store the additional content detection data on the at least one memory device;
  
  process subsequently received network traffic in view of the additional content detection data;
  
  block network traffic determined to violate at least one policy; and
  
  allowing network traffic to pass on the data network that does not violate a policy.
- View Dependent Claims (8, 9)
- - 8. The non-transitory computer-readable medium of claim 7, wherein the analysis process, to which the network traffic content is forwarded, executes on a computing device distinct from the data network device.
  - 9. The non-transitory computer-readable medium of claim 8, wherein the analysis process facilitates an analysis that includes receiving administrator input.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Fortinet Inc.
Original Assignee
Fortinet Inc.
Inventors
Fang, Yu, Xie, Michael
Primary Examiner(s)
Davis, Zachary A
Assistant Examiner(s)
ALMEIDA, DEVIN E

Application Number

US14/072,184
Publication Number

US 20140068749A1
Time in Patent Office

791 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 21/567   using dedicated hardware

H04L 63/02   for separating internal fro...

H04L 63/0227   Filtering policies mail mes...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

Systems and methods for updating content detection devices and systems

First Claim

0 Assignments

1 Petition

Accused Products

Abstract

Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for updating content detection devices and systems

First Claim

0 Assignments

Subscription Required

Subscription Required

1 Petition

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links