Outbound/inbound lateral traffic punting based on process risk

Assignee

• Palo Alto Networks, Inc. · US

Inventors

• Ho Yu Lam · Santa Clara, US
• Robert Earle Ashley · Santa Clara, US
• Paul Theodore Mathison · San Jose, US
• Qiuming Li · San Jose, US
• Taylor Ettema · San Jose, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L67/14
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Techniques for outbound/inbound lateral traffic punting based upon process risk are disclosed. In some embodiments, a system/process/computer program product for outbound/inbound lateral traffic punting based upon process risk includes receiving, at a network device on an enterprise network, process identification (ID) information from an endpoint (EP) agent executed on an EP device, in which the process ID information identifies a process that is associated with an outbound or inbound network session on the EP device on the enterprise network, and the EP agent selected the network session for punting to the network device for inspection; monitoring network communications associated with the network session at the network device to identify an application identification (APP ID) for the network session; and performing an action based on a security policy using the process ID information and the APP ID.