Application-based network traffic redirection for cloud security service
First Claim
1. A cloud-based computer security system comprising:
- a computer that receives a first network traffic, identifies a first originating application program as an originator of the first network traffic, determines a characteristic of the first originating application program, compares the characteristic of the first originating application program with a redirection policy, and redirects the first network traffic to a cloud computing system based on a result of the comparison of the characteristic of the originating application program with the redirection policy,wherein the computer further receives a second network traffic, identifies a second originating application program that is different from the first originating application program as an originator of the second network traffic, determines a characteristic of the second originating application program, compares the characteristic of the second originating application program with the redirection policy, and does not redirect the second network traffic to the cloud computing system based on a result of the comparison of the characteristic of the second originating application program with the redirection policy; and
the cloud computing system, the cloud computing system receives the first network traffic and scans the first network traffic to perform a computer security service.
0 Assignments
0 Petitions
Accused Products
Abstract
A cloud security service is made available to endpoint computers. Network traffic from originating application programs running on endpoint computers are redirected to the cloud security service based on characteristics of the originating application programs. Network traffic from an originating application program may be redirected to the cloud security service by way of a virtual private network (VPN) tunnel or generic routing encapsulation (GRE) tunnel between an endpoint computer and a cloud computing system hosting the cloud security service, for example. Network traffic from an originating application program may also be routed from an endpoint computer to a gateway system, and then redirected from the gateway system to the cloud computing system. The cloud security service may drop or forward network packets of the network traffic depending on a result of scanning the network packets.
7 Citations
20 Claims
-
1. A cloud-based computer security system comprising:
-
a computer that receives a first network traffic, identifies a first originating application program as an originator of the first network traffic, determines a characteristic of the first originating application program, compares the characteristic of the first originating application program with a redirection policy, and redirects the first network traffic to a cloud computing system based on a result of the comparison of the characteristic of the originating application program with the redirection policy, wherein the computer further receives a second network traffic, identifies a second originating application program that is different from the first originating application program as an originator of the second network traffic, determines a characteristic of the second originating application program, compares the characteristic of the second originating application program with the redirection policy, and does not redirect the second network traffic to the cloud computing system based on a result of the comparison of the characteristic of the second originating application program with the redirection policy; and the cloud computing system, the cloud computing system receives the first network traffic and scans the first network traffic to perform a computer security service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A cloud-based computer security system comprising:
-
an endpoint computer running a first originating application program and a second originating application program, the endpoint computer receives a first network traffic and a second network traffic, identifies the first originating application program as an originator of the first network traffic, identifies the second originating application program as an originator of the second network traffic, and provides to a gateway system the first network traffic, an identity of the first originating application program as the originator of the first network traffic, the second network traffic, and an identity of the second originating application program as the originator of the second network traffic; the gateway system in a same private computer network as the endpoint computer, the gateway system receives the first network traffic, the second network traffic, the identity of the first originating application program, and the identity of the second originating application program, compares a characteristic of the first originating application program with a redirection policy, and redirects the first network traffic to a cloud computing system based on a result of the comparison of the characteristic of the first originating application program with the redirection policy, wherein the gateway system further compares a characteristic of the second originating application program with the redirection policy and does not redirect the second network traffic to the cloud computing system based on a result of the comparison of the characteristic of the second originating application program with the redirection policy; and the cloud computing system, the cloud computing system receives the first network traffic and scans the first network traffic to perform a computer security service. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A cloud-based computer security system comprising:
-
a first computer that receives a first network traffic that is originated by a first originating application program, determines a characteristic of the first originating application program, compares the characteristic of the first originating application program with a redirection policy to generate a first result, and redirects the first network traffic to a cloud computing system through a tunnel between the first computer and the cloud computing system based on the first result, wherein the first computer further receives a second network traffic that is originated by a second originating application program that is different from the first originating application program, compares a characteristic of the second originating application program with the redirection policy to generate a second result, and forwards the second network traffic to its destination over a network connection that does not go through the tunnel to bypass the cloud computing system based on the second result; and the cloud computing system, the cloud computing system receives the first network traffic and scans the first network traffic to perform a computer security service. - View Dependent Claims (17, 18, 19, 20)
-
Specification