公开(公告)号：US20180115571A1

公开(公告)日：2018-04-26

申请号：US15844052

申请日：2017-12-15

Applicant: Juniper Networks, Inc.

Inventor： Clifford E. Kahn ,  Stephen R. Hanna

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  H04L63/0227 ,  H04L63/1433

Abstract: A device may receive information that identifies an attack signature for detecting an intrusion. The device may determine a device configuration that is vulnerable to the intrusion, may determine an endpoint device associated with the device configuration, and may determine a time period during which the endpoint device was associated with the device configuration. The device may determine an endpoint identifier associated with the endpoint device during the time period, and may identify network traffic information associated with the endpoint identifier during the time period. The device may apply the attack signature to the network traffic information, and may determine whether the endpoint device was subjected to the intrusion during the time period based on applying the attack signature to the network traffic information. The device may selectively perform an action based on determining whether the endpoint device was subjected to the intrusion.

公开(公告)号：US09479538B2

公开(公告)日：2016-10-25

申请号：US14169795

申请日：2014-01-31

Applicant: JUNIPER NETWORKS, INC.

Inventor： Roger Chickering ,  Stephen R. Hanna ,  Paul Funk ,  Panagiotis Kougiouris ,  Paul James Kirner

IPC: H04L12/24 ,  H04L29/06

CPC classification number: H04L63/20 ,  H04L41/0893 ,  H04L63/10 ,  H04L63/1433

Abstract: An endpoint integrity system controls access to resources of a protected network for endpoint devices attempting to access the protected network. The system may include a number of evaluation modules that communicate with an endpoint device. The evaluation modules generate policy results for the endpoint device, in which each of the policy results assume one of three or more states, called a multi-state policy result. The multi-state policy results are combined to produce a combined Boolean policy result.

公开(公告)号：US20130145421A1

公开(公告)日：2013-06-06

申请号：US13728173

申请日：2012-12-27

Applicant: JUNIPER NETWORKS, INC.

Inventor： Panagiotis KOUGIOURIS ,  Roger Chickering ,  Paul James Kirner ,  Stephen R. Hanna

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/10

Abstract: A module may include interface logic to receive information identifying a state related to a client device via logic related to a controlled environment, and to send a valid policy result to a host device, where the valid policy result is related to the state. The module may include processing logic to process policy content according to a resource policy, where the processing is based on the information, and to produce the valid policy result based on the processing using the resource policy, where the valid policy result is adapted for use by the host device when implementing the network policy with respect to a destination device when the client device attempts to communicate with the destination device.

Abstract translation: 模块可以包括接口逻辑，用于通过与受控环境相关的逻辑来接收标识与客户端设备有关的状态的信息，并且向主机设备发送有效的策略结果，其中有效的策略结果与状态相关。 该模块可以包括根据资源策略来处理策略内容的处理逻辑，其中处理基于该信息，并且基于使用资源策略的处理产生有效的策略结果，其中有效的策略结果适于使用 当客户机设备尝试与目的地设备通信时，通过主机设备实现关于目的地设备的网络策略。

公开(公告)号：US20170041334A1

公开(公告)日：2017-02-09

申请号：US15299991

申请日：2016-10-21

Applicant: Juniper Networks, Inc.

Inventor： Clifford E. KAHN ,  Stephen R. Hanna

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  H04L63/0227 ,  H04L63/1433

Abstract: A device may receive information that identifies an attack signature for detecting an intrusion. The device may determine a device configuration that is vulnerable to the intrusion, may determine an endpoint device associated with the device configuration, and may determine a time period during which the endpoint device was associated with the device configuration. The device may determine an endpoint identifier associated with the endpoint device during the time period, and may identify network traffic information associated with the endpoint identifier during the time period. The device may apply the attack signature to the network traffic information, and may determine whether the endpoint device was subjected to the intrusion during the time period based on applying the attack signature to the network traffic information. The device may selectively perform an action based on determining whether the endpoint device was subjected to the intrusion.

Abstract translation: 设备可以接收识别用于检测入侵的攻击签名的信息。 设备可以确定易受入侵的设备配置，可以确定与设备配置相关联的端点设备，并且可以确定端点设备与设备配置相关联的时间段。 该装置可以在该时间段期间确定与该端点装置相关联的端点标识符，并且可以在该时间段期间识别与该端点标识符相关联的网络业务信息。 该设备可以将攻击签名应用于网络流量信息，并且可以基于将攻击签名应用于网络交通信息来确定端点设备在该时间段内是否遭受入侵。 设备可以基于确定端点设备是否遭受入侵来选择性地执行动作。

公开(公告)号：US09485262B1

公开(公告)日：2016-11-01

申请号：US14228939

申请日：2014-03-28

Applicant: Juniper Networks, Inc.

Inventor： Clifford E. Kahn ,  Stephen R. Hanna

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  H04L63/0227 ,  H04L63/1433

Abstract: A device may receive information that identifies an attack signature for detecting an intrusion. The device may determine a device configuration that is vulnerable to the intrusion, may determine an endpoint device associated with the device configuration, and may determine a time period during which the endpoint device was associated with the device configuration. The device may determine an endpoint identifier associated with the endpoint device during the time period, and may identify network traffic information associated with the endpoint identifier during the time period. The device may apply the attack signature to the network traffic information, and may determine whether the endpoint device was subjected to the intrusion during the time period based on applying the attack signature to the network traffic information. The device may selectively perform an action based on determining whether the endpoint device was subjected to the intrusion.

Abstract translation: 设备可以接收识别用于检测入侵的攻击签名的信息。 设备可以确定易受入侵的设备配置，可以确定与设备配置相关联的端点设备，并且可以确定端点设备与设备配置相关联的时间段。 该装置可以在该时间段期间确定与该端点装置相关联的端点标识符，并且可以在该时间段期间识别与该端点标识符相关联的网络业务信息。 该设备可以将攻击签名应用于网络流量信息，并且可以基于将攻击签名应用于网络交通信息来确定端点设备在该时间段内是否遭受入侵。 设备可以基于确定端点设备是否遭受入侵来选择性地执行动作。

公开(公告)号：US08661505B2

公开(公告)日：2014-02-25

申请号：US13728173

申请日：2012-12-27

Applicant: Juniper Networks, Inc.

Inventor： Panagiotis Kougiouris ,  Roger Chickering ,  Paul James Kirner ,  Stephen R. Hanna

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/10

Abstract: A module may include interface logic to receive information identifying a state related to a client device via logic related to a controlled environment, and to send a valid policy result to a host device, where the valid policy result is related to the state. The module may include processing logic to process policy content according to a resource policy, where the processing is based on the information, and to produce the valid policy result based on the processing using the resource policy, where the valid policy result is adapted for use by the host device when implementing the network policy with respect to a destination device when the client device attempts to communicate with the destination device.

Abstract translation: 模块可以包括接口逻辑，用于通过与受控环境相关的逻辑来接收标识与客户端设备有关的状态的信息，并且向主机设备发送有效的策略结果，其中有效的策略结果与状态相关。 该模块可以包括根据资源策略来处理策略内容的处理逻辑，其中处理基于该信息，并且基于使用资源策略的处理产生有效的策略结果，其中有效的策略结果适于使用 当客户机设备尝试与目的地设备通信时，通过主机设备实现关于目的地设备的网络策略。

公开(公告)号：US09848006B2

公开(公告)日：2017-12-19

申请号：US15299991

申请日：2016-10-21

Applicant: Juniper Networks, Inc.

Inventor： Clifford E. Kahn ,  Stephen R. Hanna

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  H04L63/0227 ,  H04L63/1433

Abstract: A device may receive information that identifies an attack signature for detecting an intrusion. The device may determine a device configuration that is vulnerable to the intrusion, may determine an endpoint device associated with the device configuration, and may determine a time period during which the endpoint device was associated with the device configuration. The device may determine an endpoint identifier associated with the endpoint device during the time period, and may identify network traffic information associated with the endpoint identifier during the time period. The device may apply the attack signature to the network traffic information, and may determine whether the endpoint device was subjected to the intrusion during the time period based on applying the attack signature to the network traffic information. The device may selectively perform an action based on determining whether the endpoint device was subjected to the intrusion.