CPC H04L 63/1416 (2013.01) [H04L 63/0245 (2013.01); H04L 63/1425 (2013.01); H04L 63/1466 (2013.01); H04L 63/166 (2013.01)] | 30 Claims |
1. A packet-filtering appliance comprising:
one or more processors; and
memory storing instructions that, when executed by the one or more processors, cause the packet-filtering appliance to:
receive a plurality of packet-filtering rules each indicating one or more packet-matching criteria and one or more actions to be performed, wherein:
the packet-filtering rules were generated based on a plurality of threat indicators that were previously determined based on a plurality of cyber threat intelligence reports from one or more cyber threat intelligence providers, wherein the plurality of cyber threat intelligence reports comprises the plurality of threat indicators, and wherein the plurality of threat indicators comprises a plurality of network addresses, and
a first packet-filtering rule, of the plurality of packet-filtering rules, indicates a first directive and is associated with a disposition that is to be determined after an in-transit packet matching first one or more packet-matching criteria of the first packet-filtering rule is received;
receive, from a first network and at a first time, a first in-transit packet destined to at least one location in a second network;
based on determining that the first in-transit packet matches the first one or more packet-matching criteria of the first packet-filtering rule:
determine first threat context information associated with receipt of the first in-transit packet by the packet-filtering appliance;
determine, based on the first threat context information, a first disposition;
selectively apply, based on the first disposition and to the first in-transit packet, the first directive of the first packet-filtering rule; and
apply the first disposition to the first in-transit packet;
receive, from the first network and at a second time, a second in-transit packet destined to at least one location in the second network; and
based on determining that the second in-transit packet matches the first one or more packet-matching criteria of the first packet-filtering rule:
determine second threat context information associated with receipt of the second in-transit packet by the packet-filtering appliance, wherein the second threat context information has at least one value different from the first threat context information;
determine, based on the second threat context information and independently from the determining the first disposition, a second disposition different from the first disposition; and
selectively apply, based on the second disposition and to the second in-transit packet, the first directive of the first packet-filtering rule; and
apply the second disposition to the second in-transit packet.
|