Abstract: Identifying malware on a user device allows corrective actions, such as removing the malware, to be taken. Malware can be detected using a hybrid approach that uses both network based devices and an agent running on the user device. The network based devices can detect network traffic associated with malware that is sent to or from the user device. A notification can be generated and sent to the user device, which uses information in the notification to identify possible malware on the user device.

Abstract: A method and system for providing network based malware detection in a service provider network is disclosed. Transmission control protocol (TCP) packets defining originating from an access device coupled to the service provider network defining a TCP session between a computing device coupled to the access device, and a destination coupled to the service provider network are received. An operating system identifier (OS ID) associated with the TCP session and the computing device is determined. If malware is present in the TCP session and an associated malware ID is determined by comparing a malware signature to the one or more TCP packets. An alert identifying a network address associated with the access device, the malware ID and the OS ID associated with TCP session that generated the alert can then be generated.

Abstract: An apparatus, system and method are described for use in detecting the presence of malware on subscribers computers. The apparatus, system and method are network based and may be deployed within an Internet Service Provider (ISP) network. The system may include a plurality of network sensors for receiving and analyzing network traffic to determine the presence of malware. An aggregating apparatus receives alerts of the presence of malware and translates a network identifier of the alert to a subscriber identifier. The aggregating apparatus aggregates alert information and forwards it to a reporting infrastructure that can generate notifications in order to notify a subscriber that malware has been detected on a computer associated with the subscriber.

Abstract: A method and system for providing network based malware detection in a service provider network is disclosed. Transmission control protocol (TCP) packets defining originating from an access device coupled to the service provider network defining a TCP session between a computing device coupled to the access device, and a destination coupled to the service provider network are received. An operating system identifier (OS ID) associated with the TCP session and the computing device is determined. If malware is present in the TCP session and an associated malware ID is determined by comparing a malware signature to the one or more TCP packets. An alert identifying a network address associated with the access device, the malware ID and the OS ID associated with TCP session that generated the alert can then be generated.

Abstract: Systems and methods of associating security vulnerabilities and assets, and related Graphical User Interfaces (GUIs) and data structures, are disclosed. A definition of a security vulnerability, which includes multiple asset characteristics such as an asset platform that may be exploited via the security vulnerability and an asset platform that is affected when the exploited asset platform is exploited via the security vulnerability, is compared with definitions of one or more assets of an information system. An association between the security vulnerability and an asset is made if the definition of the asset includes a first asset characteristic of the security vulnerability definition and either the definition of the asset or the definition of another asset that has a relationship with the asset includes a second asset characteristic of the security vulnerability definition. The security vulnerability definition may also identify an asset platform that protects against the vulnerability.

Abstract: A malware detection and response system based on traffic pattern anomalies detection is provided, whereby packets associated with a variety of protocols on each port of a network element are counted distinctly for each direction. Such packets include: ARP requests, TCP/SYN requests and acknowledgements, TCP/RST packets, DNS/NETBEUI name lookups, out-going ICMP packets, UDP packets, etc. When a packet causes an individual count or combination of counts to exceed a threshold, appropriate action is taken. The system can be incorporated into the fast path, that is, the data plane, enabling communications systems such as switches, routers, and DSLAMs to have built-in security at a very low cost.

Abstract: A malware detection and response system based on traffic pattern anomalies detection is provided, whereby packets associated with a variety of protocols on each port of a network element are counted distinctly for each direction. Such packets include: ARP requests, TCP/SYN requests and acknowledgements, TCP/RST packets, DNS/NETBEUI name lookups, out-going ICMP packets, UDP packets, etc. When a packet causes an individual count or combination of counts to exceed a threshold, appropriate action is taken. The system can be incorporated into the fast path, that is, the data plane, enabling communications systems such as switches, routers, and DSLAMs to have built-in security at a very low cost.

Abstract: Various embodiments of a method and associated equipment for enhancing security in a network-based data communication are provided. In one embodiment, the method includes: a) maintaining at least access to data which a transmitting user may selectively transmit, b) providing a submit control associated with a recipient user to which the data may be selectively transmitted, c) in response to the transmitting user activating the submit control, presenting information to the transmitting user that identifies the recipient user to which the data is about to be sent, and d) in response to the transmitting user activating a verification control, transmitting the data to the recipient user. In one embodiment, the associated equipment includes a first computing device associated with a transmitting user, a second computing device associated with a recipient user; and a communication network through which the first computing device can operatively communicate with the second computing device.

Abstract: An apparatus, system and method are described for use in detecting the presence of malware on subscribers computers. The apparatus, system and method are network based and may be deployed within an Internet Service Provider (ISP) network. The system may include a plurality of network sensors for receiving and analyzing network traffic to determine the presence of malware. An aggregating apparatus receives alerts of the presence of malware and translates a network identifier of the alert to a subscriber identifier. The aggregating apparatus aggregates alert information and forwards it to a reporting infrastructure that can generate notifications in order to notify a subscriber that malware has been detected on a computer associated with the subscriber.

Abstract: A method, device and system for matching data content, including identifying items of data that would be potentially harmful if transferred through a network, creating a list containing the identified items of potentially harmful data, deriving a hash value for each item of data on the list, receiving a data stream containing data packets, calculating a hash value for each data packet in the data stream, evaluating whether any of the hash values calculated for the data packets in the data stream match any of the hash values derived for each item of data on the list, discovering a hash value match between one of the data packets in the data stream and one of the items of data on the list, comparing the actual contents of the one data packet in the data stream to the actual contents of the one item of data on the list, confirming a match between the actual contents of the one data packet in the data stream and the one item of data on the list, and applying a filter policy that restricts a further transfer of th

Abstract: Collaborative communication traffic control systems and methods are disclosed. In a communication traffic control apparatus, a communication traffic control module controls transfer of communication traffic in accordance with one or more communication traffic control rules. A communication traffic control rule exchange module is operatively coupled to the communication traffic control module, and may exchange communication traffic control rules with an exchange module of another communication traffic control apparatus. This enables control of communication traffic transfer at both the communication traffic control apparatus and the other communication traffic control apparatus in accordance with the exchanged communication traffic control rules. A traffic control rule exchange module may receive traffic control rules from, transmit traffic control rules to, or both receive traffic control rules from and transmit traffic control rules to other exchange modules.

Abstract: Systems and methods of associating security vulnerabilities and assets, and related Graphical User Interfaces (GUIs) and data structures, are disclosed. A definition of a security vulnerability, which includes multiple asset characteristics such as an asset platform that may be exploited via the security vulnerability and an asset platform that is affected when the exploited asset platform is exploited via the security vulnerability, is compared with definitions of one or more assets of an information system. An association between the security vulnerability and an asset is made if the definition of the asset includes a first asset characteristic of the security vulnerability definition and either the definition of the asset or the definition of another asset that has a relationship with the asset includes a second asset characteristic of the security vulnerability definition. The security vulnerability definition may also identify an asset platform that protects against the vulnerability.

Abstract: Communication traffic control techniques are disclosed. Targeted communication traffic control may be established in accordance with traffic control rules generated at a mobile communication device which is operating within a service area of a traffic control system. Communication traffic destined for or originating at the mobile communication device is then permitted or blocked by the traffic control system based on the traffic control rules. When a mobile communication device moves from a communication system service area served by one traffic control system to a service area served by a new traffic control system, any traffic control rules currently in effect at the traffic control system are preferably transferred to the new traffic control system. In some embodiments, multiple traffic control rules are aggregated before being transferred to a traffic control system.

Abstract: A communications traffic acceptance control methods and a Protocol Data Unit (PDU) filtering gateway are presented. The PDU filtering gateway operates in accordance with a group of sentry filtering rules and on accepting PDU traffic. The enhanced PDU filtering gateway selectively generates at run-time additional dynamic filtering rules. Dynamic PDU acceptance control may be enforced on communications traffic in the same and/or the opposite conveyance direction as the first sentry filtering rule triggering PDU. Dynamic PDU acceptance control may also provide time constraint enforcement on traffic acceptance. Advantages are derived from a dynamic PDU acceptance control over connection establishment utilizing reduced resources. New data services may be accommodated via sentry filtering rule specifications providing resilience to equipment obsolescence and minimizing code maintenance overheads.