Rule-based network-threat detection for encrypted communications

  • US 20170187733A1
  • Filed: 12/23/2015
  • Published: 06/29/2017
  • Est. Priority Date: 12/23/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • receiving, by a packet-filtering system configured to filter packets in accordance with a plurality of packet-filtering rules, data indicating a plurality of network-threat indicators; and

    configuring, by the packet-filtering system, the plurality of packet-filtering rules to cause the packet-filtering system to;

    identify packets comprising unencrypted data;

    identify packets comprising encrypted data; and

    determine, based on a portion of the unencrypted data corresponding to one or more network-threat indicators of the plurality of network-threat indicators, that the packets comprising encrypted data correspond to the one or more network-threat indicators.

View all claims
    ×
    ×

    Thank you for your feedback

    ×
    ×