What technology area does this patent fall under?

Primary CPC classification H04L63/1408. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Jun 30 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Distributed traffic management system and techniques

US10701035B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10701035-B2
Application number	US-201815960419-A
Country	US
Kind code	B2
Filing date	Apr 23, 2018
Priority date	Sep 24, 2014
Publication date	Jun 30, 2020
Grant date	Jun 30, 2020

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Approaches, techniques, and mechanisms are disclosed for implementing a distributed firewall. In an embodiment, many different computer assets police incoming messages based on local policy data. This local policy data is synchronized with global policy data. The global policy data is generated by one or more separate analyzers. Each analyzer has access to message logs, or information derived therefrom, for groups of computer assets, and is thus able to generate policies based on intelligence from an entire group as opposed to an isolated asset. Among other effects, some of the approaches, techniques, and mechanisms may be effective even in computing environments with limited supervision over the attack surface, and/or computing environments in which assets may need to make independent decisions with respect to how incoming messages should be handled, on account of latency and/or unreliability in connections to other system components.

First claim

Opening claim text (preview).

What is claimed is: 1. A computer-implemented method, comprising: storing local policy data describing policies in at least one of a global resource cache, a subject rules cache, or a subject resource cache of a computer asset, the local policy data being specific to the computer asset; receiving one or more messages from one or more client devices that indicate designated actions to be performed; determining one or more policies that are stored in at least one of the global resource cache, the subject rules cache, or the subject resource cache to apply the one or more messages; identifying, based on the one or more policies, at least one of (i) one or more policy-based actions that are performed instead of designated actions indicated by the one or more messages or (ii) policy-based actions that are performed in addition to the designated actions indicated by the one or more messages; transmitting message information logged from the one or more messages to an analyzer component; and updating the local policy data of the computer asset based on policy data generated by the analyzer component, the updating being specific to the computer asset. 2. The computer-implemented method of claim 1 , wherein each policy comprises a data structure that indicates logic for determining whether the policy applies to a given message and one or more instructions indicating at least one policy-based action to perform with respect to the given message when the policy applies to the given message. 3. The computer-implemented method of claim 1 , wherein the one or more messages indicate the designated actions to be performed, and applicable policy-based actions are performed instead of or in addition to at least one designated action associated with each message to which the one or more policies apply. 4. The computer-implemented method of claim 1 , further comprising applying at least one policy from the local policy data to messages even when the analyzer component and the policy data are inaccessible, wherein the policy data comprises global policy data. 5. The computer-implemented method of claim 1 , further comprising: receiving message information logged by the computer asset and one or more other computer assets; analyzing the message information logged at the computer asset and the one or more other computer assets; generating one or more new policies based on the analyzed message information; and updating the policy data to describe the one or more new policies, wherein the policy data comprises global policy data. 6. The computer-implemented method of claim 5 , further comprising updating the local policy data of the computer asset to reflect one or more updates to global policy based on the one or more new policies. 7. The computer-implemented method of claim 1 , further comprising: receiving message information logged by the computer asset and one or more other computer assets; determining from the message information that a condition described by a system-level policy exists; generating one or more asset-level policies that comprise logic for identifying messages to block or redirect in view of the condition; and updating the policy data to include the one or more asset-level policies, wherein the policy data comprises global policy data. 8. The computer-implemented method of claim 1 , further comprising: receiving message information logged by the computer asset and one or more other computer assets; identifying a distributed attack on a computer system comprising the computer asset and the one or more other computer assets based on the analyzed message information; generating a first policy that comprises logic for identifying messages involved in the distributed attack; and updating the policy data to describe the first policy, wherein the policy data comprises global policy data. 9. The computer-implemented method of claim 1 , further comprising: receiving message information logged by the computer asset and one or more other computer assets; identifying an attack that is occurring at the computer asset and the one or more other computer assets based on the message information; generating a first policy that comprises logic for identifying messages involved in the attack at a second computer asset; and updating the policy data to describe the first policy, wherein the policy data comprises global policy data. 10. The computer-implemented method of claim 1 , wherein the policy data comprises global policy data, and updating the local policy data based on the policy data comprises updating the local policy data to reflect updates to the global policy data generated by the analyzer component. 11. A non-transitory computer-readable medium including instructions that, when executed by one or more processors, cause the one or more processors to perform the steps of: storing local policy data describing policies in at least one of a global resource cache, a subject rules cache, or a subject resource cache of a computer asset, the local policy data being specific to the computer asset; receiving one or more messages from one or more client devices that indicate designated actions to be performed; determining one or more policies that are stored in at least one of the global resource cache, the subject rules cache, or the subject resource cache to apply the one or more messages; identifying, based on the one or more policies, at least one of (i) one or more policy-based actions that are performed instead of the designated actions indicated by the one or more messages or (ii) policy-based actions that are performed in addition to the designated actions indicated by the one or more messages; transmitting message information logged from the one or more messages to an analyzer component; and updating the local policy data of the computer asset based on policy data generated by the analyzer component, the updating being specific to the computer asset. 12. The non-transitory computer-readable medium of claim 11 , wherein each policy comprises a data structure that indicates logic for determining whether the policy applies to a given message and one or more instructions indicating at least one policy-based action to perform with respect to the given message when the policy applies to the given message. 13. The non-transitory computer-readable medium of claim 11 , wherein the one or more messages indicate the designated actions to be performed, and applicable policy-based actions are performed instead of or in addition to at least one designated action associated with each message to which the one or more policies apply. 14. The non-transitory computer-readable medium of claim 11 , further comprising applying at least one policy from the local policy data to messages even when the analyzer component and the policy data are inaccessible, wherein the policy data comprises global policy data. 15. The non-transitory computer-readable medium of claim 11 , further comprising: receiving message information logged by the computer asset and one or more other computer assets; determining from the message information that a condition described by a system-level policy exists; generating one or more asset-level policies that comprise logic for identifying messages to block or redirect in view of the condition; and updating the policy data to include the one or more asset-level policies, wherein the policy data comprises global policy data. 16. The non-transitory computer-readable medium of claim 11 , further comprising: receiving message information logged by the computer asset and one or

Assignees

Netflix Inc

Inventors

Classifications

H04L63/1408Primary
by monitoring network traffic (monitoring network traffic per se H04L43/00) · CPC title
H04L63/0227
Filtering policies (mail message filtering H04L51/212) · CPC title
H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
H04L63/0245Primary
Filtering by information in the payload · CPC title
G06F16/22
Indexing; Data structures therefor; Storage structures · CPC title

Patent family

Related publications grouped by family.

View patent family 54289094

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10701035B2 cover?: Approaches, techniques, and mechanisms are disclosed for implementing a distributed firewall. In an embodiment, many different computer assets police incoming messages based on local policy data. This local policy data is synchronized with global policy data. The global policy data is generated by one or more separate analyzers. Each analyzer has access to message logs, or information derived t…
Who is the assignee on this patent?: Netflix Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/1408. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Jun 30 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).