Virtual patching in a label-based segmented network environment
US11516242B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Aug 27, 2019 |
| Grant date | Nov 29, 2022 |
| Priority date | — |
| Expiry date | Sep 12, 2040 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L45/74
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A segmentation server configures and distributes rules for enforcing a segmentation policy that includes one or more virtual patches. The rules including the virtual patches are enforced by distributed enforcement modules that may execute on host devices or on network devices upstream from the host devices. An enforcement module enforces the rules using traffic filters that filter traffic based on network layer data. To implement a virtual patch, the traffic filters are configured to redirect traffic to or from an application being patched to a transparent application proxy. The transparent application proxy implements an application layer filter that filters traffic based on application layer data to block specific types of traffic associated with a vulnerability addressed by the virtual patch.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.