Abstract: A computerized method is described for authenticating access to a subscription-based service to detect an attempted cyber-attack. More specifically, service policy level information is received by a cloud broker. The service policy level information includes an identifier of a sensor operating as a source of one or more objects for analysis and an identifier assigned to a customer associated with the sensor. Thereafter, a cluster of a plurality of clusters is selected by the cloud broker. The cloud broker is configured to (i) analyze whether one or more objects are associated with an attempted cyber-attack by at least analyzing the sensor identifier to select the cluster based on at least a geographical location of the sensor determined by the sensor identifier and (ii) establish a communication session between the sensor and the cluster via the cloud broker until termination of the communication session.

Abstract: A computerized method is described for authenticating access to a subscription-based service to detect an attempted cyber-attack. First, a request is received by a subscription review service to subscribe to the subscription-based service. The service is configured to analyze one or more objects for a potential presence of malware representing the attempted cyber-attack. Using service policy level information, the cloud broker selects a cluster from a plurality of clusters to analyze whether the one or more objects are associated with the attempted cyber-attack and establishes a communication session between the sensor and the cluster via the cloud broker. The service policy level information is associated with the customer and is used in accessing the subscription-based service. The service policy level information includes at least an identifier assigned to the customer.

Abstract: A system featuring a cloud-based malware detection system for analyzing an object to determine whether the object is associated with a cyber-attack. Herein, subscription review service comprises a data store storing subscription information. The subscription information includes identifier for the customer and one or more identifiers each associated with a corresponding customer submitter operable to submit an object to the cloud-based malware detection system for analysis. The first customer submitter receives credentials provided by the subscription review service to establish communications with the cloud-based malware detection system.

Abstract: A computerized method for authenticating access to a subscription-based service to detect an attempted cyber-attack. The method features operations by the cloud broker that include receiving service policy level information and information based on operational metadata. The service policy level information includes at least subscription attributes to identify one or more performance criterion in analyses conducted on one or more objects submitted by a sensor for malware representing an attempted cyber-attack. The operational metadata includes metadata that pertains to an operating state of one or more clusters of a plurality of clusters of the subscription-based service. The cloud broker, using both the service policy level information and the information based on the operational metadata, selecting a cluster of the plurality of clusters to analyze the one or more objects submitted by the sensor and establishes a communication session between the sensor and the cluster via the cloud broker.

Abstract: A computerized method is described for authenticating access to a subscription-based service to detect an attempted cyber-attack. First, a request is received by a subscription review service to subscribe to the subscription-based service. The service is configured to analyze one or more objects for a potential presence of malware representing the attempted cyber-attack. Using service policy level information, the cloud broker selects a cluster from a plurality of clusters to analyze whether the one or more objects are associated with the attempted cyber-attack and establishes a communication session between the sensor and the cluster via the cloud broker. The service policy level information is associated with the customer and is used in accessing the subscription-based service. The service policy level information includes at least an identifier assigned to the customer.

Abstract: A system featuring a cloud-based malware detection system for analyzing an object to determine whether the object is associated with a cyber-attack. Herein, subscription review service comprises a data store storing subscription information. The subscription information includes identifier for the customer and one or more identifiers each associated with a corresponding customer submitter operable to submit an object to the cloud-based malware detection system for analysis. The first customer submitter receives credentials provided by the subscription review service to establish communications with the cloud-based malware detection system.

Abstract: A computerized method for enforcing compliance to a subscription for object evaluation service by a malware detection system is described. Enforcement logic receives operational metadata from the malware detection system. The operational metadata includes metadata associated with operations performed on objects submitted to the malware detection system by the one or more customers. For each customer, the operational metadata associated with operations performed on data submitted by the customer is analyzed for comparison with a plurality of service attributes associated with the subscription for the customer.

Abstract: A computerized method for authenticating access to a subscription-based service to detect an attempted cyber-attack. The method features operations by the cloud broker that include receiving service policy level information and information based on operational metadata. The service policy level information includes at least subscription attributes to identify one or more performance criterion in analyses conducted on one or more objects submitted by a sensor for malware representing an attempted cyber-attack. The operational metadata includes metadata that pertains to an operating state of one or more clusters of a plurality of clusters of the subscription-based service. The cloud broker, using both the service policy level information and the information based on the operational metadata, selecting a cluster of the plurality of clusters to analyze the one or more objects submitted by the sensor and establishes a communication session between the sensor and the cluster via the cloud broker.

Abstract: The packets of a communication session between a first device and a second device are monitored at proxy device. A determination is made that full proxy services should be applied to the communication session at the proxy device. After the determination, a packet of a first exchange, the first exchange being initiated prior to the determination, is passed through the proxy device. After the determination, full proxy services are applied to a packet of a second exchange, the second exchange being initiated after the determination.

Abstract: Techniques are presented for seamless engagement and disengagement of Transport Layer Security proxy services. A first initial message of a handshaking procedure for a first secure communication session between a first device and a second device is intercepted at a proxy device. The first initial message of the handshaking procedure is saved at the proxy device. A second initial message of a second handshaking procedure for a second secure communication session between the proxy device and the second device is sent from the proxy device to the second device. It is determined from the second handshaking procedure that inspection of the first secure communication session is not to be performed by the proxy device. The first secure communication session is established without examination of the communication traffic by the proxy device.

Abstract: The packets of a communication session between a first device and a second device are monitored at proxy device. A determination is made that full proxy services should be applied to the communication session at the proxy device. After the determination, a packet of a first exchange, the first exchange being initiated prior to the determination, is passed through the proxy device. After the determination, full proxy services are applied to a packet of a second exchange, the second exchange being initiated after the determination.

Abstract: Techniques are presented for seamless engagement and disengagement of Transport Layer Security proxy services. A first initial message of a handshaking procedure for a first secure communication session between a first device and a second device is intercepted at a proxy device. The first initial message of the handshaking procedure is saved at the proxy device. A second initial message of a second handshaking procedure for a second secure communication session between the proxy device and the second device is sent from the proxy device to the second device. It is determined from the second handshaking procedure that inspection of the first secure communication session is not to be performed by the proxy device. The first secure communication session is established without examination of the communication traffic by the proxy device.