Abstract: A method and system for unified communications threat management (UCTM) for converged voice and video over IP is disclosed. A computer-implemented method for threat management receives an incoming packet. The incoming packet is broken into sub-packets and fed to a plurality of packet processing engines. Each packet processing engine inspects the sub-packets and annotate the sub-packets with meta-data. The annotated sub-packets are combined and processed by a plurality of application engine to generate a processed packet. The processed packet is classified and stored in a database.

Abstract: A system and method to precisely learn and enforce security rules for Unified Communication (UC) applications and endpoints is disclosed. According to one embodiment, a behavioral learning system learns and abstracts positive flow behaviors of UC applications and endpoints. The properties of previously received messages from the endpoints and learned behaviors of the plurality of endpoints are stored in a database. A message from a endpoint is received by a message scanner and correlated with the AOR records in the database. The message is classified into one of a whitelist, a blacklist, and a graylist based on the results of analysis by the analysis engine. The whitelist contains the AOR records that are legitimate, the blacklist contains the AOR records that are a potential attack, and the graylist contains the AOR records that belong to neither the whitelist nor the blacklist.

Abstract: A method and system for detecting a spam over internet telephony (SPIT) is disclosed. Incoming call requests are received and analyzed using heuristic algorithms. A runtime action is provided based on the analysis using the heuristic algorithms. The heuristic algorithms include zero-touch heuristic algorithms that require no human intervention, one-touch heuristic algorithms that require human intervention one time, and multi-touch heuristic algorithms that require human intervention more than one time. Cumulative probability is calculated for each incoming call request, and the incoming call request is classified as a spam if the cumulative probability exceeds a threshold.

Abstract: A method and system for unified communications threat management (UCTM) for converged voice and video over IP is disclosed. A computer-implemented method for threat management receives an incoming packet. The incoming packet is broken into sub-packets and fed to a plurality of packet processing engines. Each packet processing engine inspects the sub-packets and annotate the sub-packets with meta-data. The annotated sub-packets are combined and processed by a plurality of application engine to generate a processed packet. The processed packet is classified and stored in a database.