Computerized system and method for advanced network content processing
First Claim
1. A computer-implemented method comprising:
- receiving, by a network security device protecting a private network, network traffic carrying content associated with a plurality of application layer protocols, including one or more of an instant messaging (IM) protocol, a peer-to-peer (P2P) protocol, an electronic mail (email) protocol, a web browsing protocol and a file sharing protocol;
identifying, by the network security device, a first application layer protocol of the plurality of application layer protocols associated with a first subset of packets of the network traffic;
performing, by the network security device, real-time application-level content processing of a first set of original application layer content carried by the first subset of packets by;
based on the identified first application layer protocol, redirecting the first subset of packets to a first proxy module executing on the network security device;
extracting, reconstructing and buffering, by the first proxy module, the first set of original application layer content from the first subset of packets; and
based on a first set of network traffic selectors associated with the first subset of packets, causing, by the first proxy module, a first subset of a plurality of scanning engines to process the first set of original application layer content in accordance with a first set of a plurality of content processing rules selected from a rule definition store;
identifying, by the network security device, a second application layer protocol of the plurality of application layer protocols, distinct from the first application layer protocol, associated with a second subset of packets of the network traffic; and
performing, by the network security device, real-time application-level content processing of a second set of original application layer content carried by the second subset of packets by;
based on the identified second application layer protocol, redirecting the first subset of packets to a second proxy module executing on the network security device;
extracting, reconstructing and buffering, by the second proxy module, the second set of original application layer content from the second subset of packets; and
based on a second set of network traffic selectors associated with the second subset of packets, causing, by the second proxy module, a second subset of a plurality of scanning engines to process the second set of original application layer content in accordance with a second set of a plurality of content processing rules selected from the rule definition store.
0 Assignments
0 Petitions
Accused Products
Abstract
A computerized system and method for processing network content in accordance with at least one content processing rule is provided. According to one embodiment, the network content is received at a first interface. A transmission protocol according to which the received network content is formatted is identified and used to intercept at least a portion of the received network content. The intercepted portion of the network content is redirected to a proxy, which buffers the redirected portion of network content. The buffered network content is scanned in accordance with a scanning criterion and processed in accordance with the at least one content processing rule based on the result of the scanning. The processed portion of network content may be forwarded using a second interface.
39 Citations
20 Claims
-
1. A computer-implemented method comprising:
-
receiving, by a network security device protecting a private network, network traffic carrying content associated with a plurality of application layer protocols, including one or more of an instant messaging (IM) protocol, a peer-to-peer (P2P) protocol, an electronic mail (email) protocol, a web browsing protocol and a file sharing protocol; identifying, by the network security device, a first application layer protocol of the plurality of application layer protocols associated with a first subset of packets of the network traffic; performing, by the network security device, real-time application-level content processing of a first set of original application layer content carried by the first subset of packets by; based on the identified first application layer protocol, redirecting the first subset of packets to a first proxy module executing on the network security device; extracting, reconstructing and buffering, by the first proxy module, the first set of original application layer content from the first subset of packets; and based on a first set of network traffic selectors associated with the first subset of packets, causing, by the first proxy module, a first subset of a plurality of scanning engines to process the first set of original application layer content in accordance with a first set of a plurality of content processing rules selected from a rule definition store; identifying, by the network security device, a second application layer protocol of the plurality of application layer protocols, distinct from the first application layer protocol, associated with a second subset of packets of the network traffic; and performing, by the network security device, real-time application-level content processing of a second set of original application layer content carried by the second subset of packets by; based on the identified second application layer protocol, redirecting the first subset of packets to a second proxy module executing on the network security device; extracting, reconstructing and buffering, by the second proxy module, the second set of original application layer content from the second subset of packets; and based on a second set of network traffic selectors associated with the second subset of packets, causing, by the second proxy module, a second subset of a plurality of scanning engines to process the second set of original application layer content in accordance with a second set of a plurality of content processing rules selected from the rule definition store. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory computer-readable storage medium embodying one or more sequences of instructions, which when executed by one or more processors of a network security device, cause the one or more processors to perform a method comprising:
-
receiving network traffic carrying content associated with a plurality of application layer protocols, including one or more of an instant messaging (IM) protocol, a peer-to-peer (P2P) protocol, an electronic mail (email) protocol, a web browsing protocol and a file sharing protocol; identifying a first application layer protocol of the plurality of application layer protocols associated with a first subset of packets of the network traffic; performing real-time application-level content processing of a first set of original application layer content carried by the first subset of packets by; based on the identified first application layer protocol, redirecting the first subset of packets to a first proxy module executing on the network security device; extracting, reconstructing and buffering, by the first proxy module, the first set of original application layer content from the first subset of packets; and based on a first set of network traffic selectors associated with the first subset of packets, causing, by the first proxy module, a first subset of a plurality of scanning engines to process the first set of original application layer content in accordance with a first set of a plurality of content processing rules selected from a rule definition store; identifying a second application layer protocol of the plurality of application layer protocols, distinct from the first application layer protocol, associated with a second subset of packets of the network traffic; and performing real-time application-level content processing of a second set of original application layer content carried by the second subset of packets by; based on the identified second application layer protocol, redirecting the first subset of packets to a second proxy module executing on the network security device; extracting, reconstructing and buffering, by the second proxy module, the second set of original application layer content from the second subset of packets; and based on a second set of network traffic selectors associated with the second subset of packets, causing, by the second proxy module, a second subset of a plurality of scanning engines to process the second set of original application layer content in accordance with a second set of a plurality of content processing rules selected from the rule definition store. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification