Identifying network entities based on beaconing activity

Assignee

• ExtraHop Networks, Inc. · US

Inventors

• Jeff James Costlow · Bellevue, US
• Michael Ryan Corder · Seattle, US
• Edmund Hope Driggs · Seattle, US
• Benjamin Thomas Higgins · Shoreline, US
• Michael Kerber Krause Montague · Lake Forest Park, US
• Kenneth Perrault · Moxee, US
• Jesse Abraham Rothstein · Seattle, US
• Jonathan Jacob Scott · Seattle, US
• Marc Adam Winners · Seattle, US
• Xue Jun Wu · Seattle, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1416
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Metrics may be determined based on monitoring network traffic associated with a plurality of entities each associated with a profile that includes the metrics for each entity. Beaconing metrics associated with beaconing activity may be determined based on the metrics. The profile of each entity may be compared with the beaconing metrics to determine the entities that may be engaged in beaconing activity. The entities may be characterized based on beaconing activity such that the beaconing activity includes communication with endpoints associated with the third parties, employing communication protocols associated with the third-parties, or exchanging payloads consistent with the beaconing activity. Reports that include information associated with the entities and its beaconing activity may be generated.