Correlating network traffic that crosses opaque endpoints

Assignee

• ExtraHop Networks, Inc. · US

Inventors

• Xue Jun Wu · Seattle, US
• Arindum Mukerji · Seattle, US
• Jeff James Costlow · Bellevue, US
• Michael Kerber Krause Montague · Lake Forest Park, US
• Jesse Abraham Rothstein · Seattle, US
• Matthew Alexander Schurr · Mercer Island, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L41/40
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Two or more network segments coupled by a traffic forwarding device (TFD) may be monitored. External network addresses and internal network addresses may be determined based on encrypted network traffic exchanged between external endpoints and the TFD and internal network traffic exchanged between internal endpoints and the TFD. Metrics associated with the external network addresses or the internal network addresses may be determined based on the monitoring. Correlation scores may be provided for the external network addresses and the internal network addresses based on of a correlation model, the metrics, or the other metrics. If a correlation score associated with an external network address and an internal network address exceeds a threshold value, the external network address and the internal network address may be associated with each other based on the correlation score.