Method and apparatus for proactively identifying and mitigating malware attacks via hosted web assets
First Claim
1. A system to support identification and mitigation of malware attack via hosted Web assets, comprising:
- a Web asset assessment engine configured toinitiate an assessment of a Web asset from one or more Web assets hosted by a target Web application or site protected by a Web application security device, wherein each of the Web assets is a URL or a document object, and wherein the assessment is initiated responsive to detecting that the Web asset is being added or modified on the target Web application or site protected by the Web application security device;
download only the Web asset to be assessed in its native form from the target Web application or site for assessment over a communication channel;
a threat detection engine configured toaccept and evaluate the Web asset downloaded from the target Web application or site for risk of malicious contents by generating a risk score for the Web asset to the target Web application or site, wherein the Web asset is evaluated by generating an authenticating signature of the Web asset and comparing it to a referencing signature that was previously generated and embedded within the Web asset;
identify a set of one or more malicious Web assets hosted on the target Web application or site based on their risk scores to the target Web application or site;
a protection policy application engine configured to create and correlate a plurality of policies with the set of one or more identified malicious Web assets to mitigate threats of the malicious Web assets hosted on the target Web application or site.
9 Assignments
0 Petitions
Accused Products
Abstract
A new approach is proposed that contemplates systems and methods to provide identification and mitigation of malware attack via Web assets hosted on a Web application, site, or platform in an automated and proactive manner. From the moment the Web assets are hosted on the Web application platform and protected by a Web application security device, the hosted Web assets are constantly monitored and assessed for potential risks. Whenever there is a new instance or a modification of a Web asset, a copy of the Web asset is automatically downloaded and analyzed for potential vulnerabilities. If a suspicious indicator of malicious contents in the Web asset is detected during the analysis, a plurality of security policies are created and applied to the Web application security device to mitigate threats of the Web asset and protect users of the Web application against malware attacks via the tampered Web asset.
134 Citations
29 Claims
-
1. A system to support identification and mitigation of malware attack via hosted Web assets, comprising:
-
a Web asset assessment engine configured to initiate an assessment of a Web asset from one or more Web assets hosted by a target Web application or site protected by a Web application security device, wherein each of the Web assets is a URL or a document object, and wherein the assessment is initiated responsive to detecting that the Web asset is being added or modified on the target Web application or site protected by the Web application security device; download only the Web asset to be assessed in its native form from the target Web application or site for assessment over a communication channel; a threat detection engine configured to accept and evaluate the Web asset downloaded from the target Web application or site for risk of malicious contents by generating a risk score for the Web asset to the target Web application or site, wherein the Web asset is evaluated by generating an authenticating signature of the Web asset and comparing it to a referencing signature that was previously generated and embedded within the Web asset; identify a set of one or more malicious Web assets hosted on the target Web application or site based on their risk scores to the target Web application or site; a protection policy application engine configured to create and correlate a plurality of policies with the set of one or more identified malicious Web assets to mitigate threats of the malicious Web assets hosted on the target Web application or site. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer-implemented method to support identification and mitigation of malware attack via hosted Web assets, comprising:
-
initiating an assessment of a Web asset from one or more Web assets hosted by a target Web application or site protected by a Web application security device, wherein each of the Web assets is a URL or a document object, and wherein the assessment is initiated responsive to detecting that the Web asset is being added or modified on the target Web application or site protected by the Web application security device; downloading only the Web asset to be assessed in its native form from the target Web application or site for assessment over a communication channel; accepting and evaluating the Web asset downloaded from the target Web application or site for risk of malicious contents by generating a risk score for the Web asset to the target Web application or site, wherein the Web asset is evaluated by generating an authenticating signature of the Web asset and comparing it to a referencing signature that was previously generated and embedded within the Web asset; identifying a set of one or more malicious Web assets hosted on the target Web application or site based on their risk scores to the target Web application or site; creating and correlating a plurality of policies with the set of one or more identified malicious Web assets to mitigate threats of the malicious Web assets hosted on the target Web application or site. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. At least one computer-readable storage medium having computer-executable instructions embodied thereon, wherein, when executed by at least one processor, the computer-executable instructions cause the at least one processor to:
-
initiate an assessment of a Web asset from one or more Web assets hosted by a target Web application or site protected by a Web application security device, wherein each of the Web assets is a URL or a document object, and wherein the assessment is initiated responsive to detecting that the Web asset is being added or modified on the target Web application or site protected by the Web application security device; download only the Web asset to be assessed in its native form from the target Web application or site for assessment over a communication channel; accept and evaluate the Web asset downloaded from the target Web application or site for risk of malicious contents by generating a risk score for the Web asset to the target Web application or site, wherein the Web asset is evaluated by generating an authenticating signature of the Web asset and comparing it to a referencing signature that was previously generated and embedded within the Web asset; identify a set of one or more malicious Web assets hosted on the target Web application or site based on their risk scores to the target Web application or site; create and correlate a plurality of policies with the set of one or more identified malicious Web assets to mitigate threats of the malicious Web assets hosted on the target Web application or site.
-
Specification