Abstract: An apparatus collects data from a data network for the purpose of detection and interception of security incidents therein. The apparatus identifies at least one event in the data network. The apparatus then inspects the event to identify its properties and metadata associated therewith. Based on the inspection, the apparatus identifies at least a type of the event, an operation and a resource associated with the event, and a device associated with the event. The metadata is the matched to a unified index stored in a database communicatively coupled to the apparatus via a network. Based on the match the apparatus determines whether the event is potentially a security incident. In case a determination of a potential security incident is made, the apparatus queries a set of set of policy rules to determine a type of action required respective of the metadata. The apparatus then performs the required action.

Abstract: An apparatus collects data from a data network for the purpose of detection and interception of security incidents therein. The apparatus identifies at least one event in the data network. The apparatus then inspects the event to identify its properties and metadata associated therewith. Based on the inspection, the apparatus identifies at least a type of the event, an operation and a resource associated with the event, and a device associated with the event. The metadata is the matched to a unified index stored in a database communicatively coupled to the apparatus via a network. Based on the match the apparatus determines whether the event is potentially a security incident. In case a determination of a potential security incident is made, the apparatus queries a set of set of policy rules to determine a type of action required respective of the metadata. The apparatus then performs the required action.

Abstract: An apparatus collects data from a data network for the purpose of detection and interception of security incidents therein. The apparatus identifies at least one event in the data network. The apparatus then inspects the event to identify its properties and metadata associated therewith. Based on the inspection, the apparatus identifies at least a type of the event, an operation and a resource associated with the event, and a device associated with the event. The metadata is the matched to a unified index stored in a database communicatively coupled to the apparatus via a network. Based on the match the apparatus determines whether the event is potentially a security incident. In case a determination of a potential security incident is made, the apparatus queries a set of set of policy rules to determine a type of action required respective of the metadata. The apparatus then performs the required action.

Abstract: An apparatus collects data from a data network for the purpose of detection and interception of security incidents therein. The apparatus identifies at least one event in the data network. The apparatus then inspects the event to identify its properties and metadata associated therewith. Based on the inspection, the apparatus identifies at least a type of the event, an operation and a resource associated with the event, and a device associated with the event. The metadata is the matched to a unified index stored in a database communicatively coupled to the apparatus via a network. Based on the match the apparatus determines whether the event is potentially a security incident. In case a determination of a potential security incident is made, the apparatus queries a set of set of policy rules to determine a type of action required respective of the metadata. The apparatus then performs the required action.

Abstract: An apparatus collects data from a data network for the purpose of detection and interception of security incidents therein. The apparatus identifies at least one event in the data network. The apparatus then inspects the event to identify its properties and metadata associated therewith. Based on the inspection, the apparatus identifies at least a type of the event, an operation and a resource associated with the event, and a device associated with the event. The metadata is the matched to a unified index stored in a database communicatively coupled to the apparatus via a network. Based on the match the apparatus determines whether the event is potentially a security incident. In case a determination of a potential security incident is made, the apparatus queries a set of set of policy rules to determine a type of action required respective of the metadata. The apparatus then performs the required action.

Abstract: Method and agent for preventing a hostile use of computer resources by an application running on a workstation. A list of services that are not allowed for access by unspecified applications is provided, and when such unspecified application runs on the workstation, the application is prevented from accessing any resource directly. Any direct or indirect request for access to specific services is analyzed, to determine whether such request is allowable according to the list. The workstation processes the request if it is allowable. The unspecified application is prevented from accessing the requested resource if the request is not allowable. The resource may be any local or remote resource, such as, memory allocation, files, directories, operations with files and directories, such as copy, delete or compress, or any other operation leading to a permanent change in the workstation or its periphery.

Abstract: Method and agent for preventing a hostile use of computer resources by an application running on a workstation. A list of services that are not allowed for access by unspecified applications is determined, and when such unspecified application runs on the workstation, direct access to the application is prevented from any resource. Any direct or indirect request for access to specific services is analyzed, to determine whether such request is allowable according to the list. The workstation processes the request if it is allowable. The unspecified application is prevented from accessing the requested resource if the request is not allowable. The resource may be any local or remote resource, such as, memory allocation, files, directories, operations with files and directories, such as copy, delete or compress, or any other operation leading to a permanent change in the workstation or its periphery.

Abstract: A method for enforcing a security policy for selectively preventing the downloading and execution of undesired Executable Objects in an individual workstation, comprising the steps of, (1) providing a security agent suitable to be installed in an individual workstation, said security agent being provided with means for introducing at least one marker in one or more data packet transmitted by a workstation to a server through a gateway, said at least one marker indicating that a security agent is installed in the transmitting workstation; (2) providing means in or coupled to the gateway for analyzing the first one or more data packet(s) received from a transmitting workstation initiating communication to a remote server, to determine whether said first one or more data packet(s) comprise at least one marker indicating that a suitable security agent is installed in the transmitting workstation; (3) If at least one marker indicating that a suitable security agent is installed in the transmitting workstation is d

Abstract: A method of preventing undesirable activities of Executable Objects via an application, comprising denying to the same application, or one or more of its threads, access to a secured resource if the application, or one or more of its threads, has previously exhibited Internet behavior and has not met a specific condition for accessing the secured resource, and denying the application, or one or more of its threads, Internet behavior if, at a time access is sought to the Internet, the application, or one or more of its threads is accessing a secured resource.

Abstract: A method for selectively preventing the downloading and execution of undesired Executable Objects in a computer. The method comprises when an Executable Object is detected at a gateway, analyzing the header of the Executable Object, determining the resources of the computer that the Executable Object needs to utilize, comparing the resources of the computer that the Executable Object needs to utilize with a Security Policy and if the resources of the computer that the Executable Object needs to utilize are included in the list of the resources prohibited for use by the Security Policy, preventing the Executable Object from passing through the gateway, thereby preventing it from reaching the computer which has initiated its downloading.

Abstract: A method for enforcing a security policy for selectively preventing the downloading and execution of undesired Executable Objects in an individual workstation, comprising the steps of, (1) providing a security agent suitable to be installed in an individual workstation, said security agent being provided with means for introducing at least one marker in one or more data packet transmitted by a workstation to a server through a gateway, said at least one marker indicating that a security agent is installed in the transmitting workstation; (2) providing means in or coupled to the gateway for analyzing the first one or more data packet(s) received from a transmitting workstation initiating communication to a remote server, to determine whether said first one or more data packet(s) comprise at least one marker indicating that a suitable security agent is installed in the transmitting workstation; (3) If at least one marker indicating that a suitable security agent is installed in the transmitting workstation is d

Abstract: A method for enforcing a security policy for selectively preventing the downloading and execution of undesired Executable Objects in an individual workstation, comprising the steps of, (1) providing a security agent suitable to be installed in an individual workstation, said security agent being provided with means for introducing at least one marker in one or more data packet transmitted by a workstation to a server through a gateway, said at least one marker indicating that a security agent is installed in the transmitting workstation; (2) providing means in or coupled to the gateway for analyzing the first one or more data packet(s) received from a transmitting workstation initiating communication to a remote server, to determine whether said first one or more data packet(s) comprise at least one marker indicating that a suitable security agent is installed in the transmitting workstation; (3) If at least one marker indicating that a suitable security agent is installed in the transmitting workstation is d

Abstract: A method for selectively preventing the downloading and execution of undesired Executable Objects in a computer. The method comprises when an Executable Object is detected at a gateway, analyzing the header of the Executable Object, determining the resources of the computer that the Executable Object needs to utilize, comparing the resources of the computer that the Executable Object needs to utilize with a Security Policy and if the resources of the computer that the Executable Object needs to utilize are included in the list of the resources prohibited for use by the Security Policy, preventing the Executable Object from passing through the gateway, thereby preventing it from reaching the computer which has initiated its downloading.

Abstract: A method for processing Executable Objects, comprising: (a) providing analysis means capable of non-interfering analysis of data packets transmitted on a communication line between a browser and an HTTP server on the web, said communication line being established through a gateway; (b) analyzing the handshake between said browser and said server, to detect a “GET_” command sent by the user and an HTTP code sent in response by said server; (c) when such an HTTP code is detected, analyzing the data packets transmitted by said server to said browser, by: (c.1) providing ordering means to order data packets received in non-sequential order, and to forward them in sequential order to header checking means; (c.2) checking the data packets so as to analyze the contents of the header of the Executable Object, and to identify the resources of the system that it needs to employ; (c.3) transmitting to said gateway data representing the resources of the system that the Executable Object needs to utilize; (c.

Abstract: A method of preventing undesirable activities of Executable Objects via an application, comprising denying to the same application, or one or more of its threads, access to a secured resource if the application, or one or more of its threads, has previously exhibited Internet behavior and has not met a specific condition for accessing the secured resource, and denying the application, or one or more of its threads, Internet behavior if, at a time access is sought to the Internet, the application, or one or more of its threads is accessing a secured resource.

Abstract: A method for selectively preventing the downloading and execution of undesired Executable Objects in a computer includes analyzing a header of a an Executable Object which is detected at a gateway, determining the resources of a computer that the Executable Object needs to utilize and comparing the resources of the computer that the Executable Object needs to utilize with a user's Security Policy representing the resources, or a combination of resources, that the user allows or does not allow an executable object to utilize within its network. The Executable Object is allowed to pass through the gateway and to reach the computer which has initiated its downloading, if the resources of the computer that the Executable Object needs to utilize are included in the list of the resources allowed for use by the Security Policy.

Abstract: A method for processing Executable Objects, comprising: (a) providing analysis means capable of non-interfering analysis of data packets transmitted on a communication line between a browser and an HTTP server on the web, said communication line being established through a gateway; (b) analyzing the handshake between said browser and said server, to detect a “GET_” command sent by the user and an HTTP code sent in response by said server; (c) when such an HTTP code is detected, analyzing the data packets transmitted by said server to said browser, by: (c.1) providing ordering means to order data packets received in non-sequential order, and to forward them in sequential order to header checking means; (c.2) checking the data packets so as to analyze the contents of the header of the Executable Object, and to identify the resources of the system that it needs to employ; (c.3) transmitting to said gateway data representing the resources of the system that the Executable Object needs to utilize; (c.

Abstract: A method for processing Executable Objects, comprising: (a) providing analysis means capable of non-interfering analysis of data packets transmitted on a communication line between a browser and an HTTP server on the web, said communication line being established through a gateway; (b) analyzing the handshake between said browser and said server, to detect a “GET_” command sent by the user and an HTTP code sent in response by said server; (c) when such an HTTP code is detected, analyzing the data packets transmitted by said server to said browser, by: (c.1) providing ordering means to order data packets received in non-sequential order, and to forward them in sequential order to header checking means; (c.2) checking the data packets so as to analyze the contents of the header of the Executable Object, and to identify the resources of the system that it needs to employ; (c.3) transmitting to said gateway data representing the resources of the system that the Executable Object needs to utilize; (c.

Abstract: A method for enforcing a security policy for selectively preventing the downloading and execution of undesired Executable Objects in an individual workstation, comprising the steps of, (1) providing a security agent suitable to be installed in an individual workstation, said security agent being provided with means for introducing at least one marker in one or more data packet transmitted by a workstation to a server through a gateway, said at least one marker indicating that a security agent is installed in the transmitting workstation; (2) providing means in or coupled to the gateway for analyzing the first one or more data packet(s) received from a transmitting workstation initiating communication to a remote server, to determine whether said first ore or more data packet(s) comprise at least one marker indicating that a suitable security agent is installed in the transmitting workstation; (3) If at least one marker indicating that a suitable security agent is installed in the transmitting workstation is d