Patent application number | Description | Published |
20110055381 | HOST INFORMATION COLLECTION - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for collecting information of host devices. In one aspect, a method includes transmitting a plurality of information probes to the host device, including an agent probe that queries an agent installed on the host device for a unique agent identifier, monitoring for replies to the information probes from the host device during the host detection phase, ending the host detection phase in response to receiving a reply to the agent probe and that includes the unique agent identifier, resending the plurality of information probes and incrementing a repeat counter in response to not receiving a reply to the agent probe after the expiration of a time period and ending the host detection phase in response to a value of the repeat counter exceeding a maximum repeat value. | 03-03-2011 |
20110055382 | HOST ENTRY SYNCHRONIZATION - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, synchronizing records in peer devices. In one aspect, a method includes comparing, in a first peer device, a peer record received from a second peer device based on an IP address of the peer record from the second peer device and an IP address of a record stored in a host table of the first peer device. Unique agent identifiers, MAC addresses and time stamps are also compared to determine whether the peer record indicates a new host device, a new IP assignment to a known host device, or a new user logged into a known host device. | 03-03-2011 |
20110055383 | PROBE ELECTION IN FAILOVER CONFIGURATION - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for allocating probing responsibilities between a primary sensor and a secondary sensor. In one aspect, a method includes determining a first probe type, the first probe type being the probe type of the highest priority information probe for which a reply from the host device was received at the primary sensor, determining a second probe type, the second probe type being the probe type of the highest priority information probe for which a reply from the host device was received at the secondary sensor, determining whether the second probe type is prioritized higher than the first probe type, and allocating probing responsibilities between the primary sensor and the second sensor based on the prioritization of the first probe type and the second probe type. | 03-03-2011 |
20110055580 | NONCE GENERATION - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for generating a nonce. In one aspect, a method includes generating, by a data processing apparatus, a source value, and hashing, by the data processing apparatus, the source value to generate the nonce. | 03-03-2011 |
20110055907 | HOST STATE MONITORING - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for a host state machine. In one aspect, the method includes defining a state machine in a memory of a data processing apparatus, the state machine comprising a plurality of states, and wherein network access for a host device is controlled in each state according to one or more network access zones associated with the state, each network access zone defining network access capabilities for the host device; monitoring, by the data processing apparatus, host devices attempting to access the network and host devices that have access to the network; and transitioning, for each host device, a state of the host based on the monitoring and a current state of the host. | 03-03-2011 |
20120144030 | Probe Election In Failover Configuration - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for allocating probing responsibilities between a primary sensor and a secondary sensor. In one aspect, a method includes determining a first probe type, the first probe type being the probe type of the highest priority information probe for which a reply from the host device was received at the primary sensor, determining a second probe type, the second probe type being the probe type of the highest priority information probe for which a reply from the host device was received at the secondary sensor, determining whether the second probe type is prioritized higher than the first probe type, and allocating probing responsibilities between the primary sensor and the second sensor based on the prioritization of the first probe type and the second probe type. | 06-07-2012 |
20140075022 | Probe Election In Failover Configuration - A first sensor transmits one or more probes to a host device identified on a network, each probe used to obtain information regarding the host and the plurality of probes are prioritized according to probe type. A set of replies to the plurality of probes are received and it is determined that a first of the plurality of probes is the highest priority probe for which a reply from the host device was received. A second probe transmitted by a second sensor is identified as the highest priority probe for which a reply from the host device was received by the second sensor, where the first sensor is designated as a primary sensor and the second sensor is designated as a secondary sensor. Respective priorities of the probe types of the first and second probes are compared to determine whether to perform a probe handover to the second sensor. | 03-13-2014 |
20150121449 | AGENT ASSISTED MALICIOUS APPLICATION BLOCKING IN A NETWORK ENVIRONMENT - Embodiments are configured to receive metadata of a process intercepted on an end host when attempting to access a network. The metadata includes a hash of an application associated with the process and an endpoint reputation score of the application. Embodiments are configured to request a threat intelligence reputation score based on the hash of the application, to determine an action to be taken by the end host based, at least in part, on one or more policies and at least one of the threat intelligence reputation score and the endpoint reputation score, and to send a response indicating the action to be taken by the end host. Further embodiments request another threat intelligence reputation score based on another hash of a dynamic link library module loaded by the process on the end host, and the action is determined based, at least in part, on the other threat intelligence score. | 04-30-2015 |