US 12,238,065 B2
Managing traffic rules in association with fully qualified domain names (FQDNs) using posture information associated with DNS records
David James Mitchell, Danville, CA (US); and Paul Cornelius van Gool, Santa Barbara, CA (US)
Assigned to HYAS Infosec Inc., Vancouver (CA)
Filed by HYAS Infosec Inc., Vancouver (CA)
Filed on Mar. 1, 2022, as Appl. No. 17/684,143.
Prior Publication US 2023/0283591 A1, Sep. 7, 2023
Int. Cl. G06F 21/00 (2013.01); H04L 9/40 (2022.01); H04L 61/4511 (2022.01)
CPC H04L 63/0236 (2013.01) [H04L 61/4511 (2022.05); H04L 63/0263 (2013.01); H04L 63/029 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
obtaining a fully qualified domain name (FQDN) associated with a domain name system (DNS) request by a computing device;
in response to the obtaining of the FQDN, determining a first score for the FQDN based on trust factors associated with the FQDN, wherein the first score is indicative of whether a connection should be allowed to a host associated with the FQDN;
in response to determining that the first score satisfies one or more criteria, evaluating host posture information for the host having an internet protocol (IP) address provided for the FQDN in a DNS response to the DNS request, wherein the host posture information comprises information about software status on the host;
updating the first score to a second score based on the host posture information, wherein the second score is more indicative than the first score that the connection should not be allowed when the host posture information indicates the host is likely suspicious or malicious; and
determining a traffic rule from a plurality of traffic rules for the FQDN based on the second score.