US 12,244,641 B2
Application firewall
Andrew J. Thomas, Oxfordshire (GB); Karl Ackerman, Topsfield, MA (US); James Douglas Bean, Portland, OR (US); Kenneth D. Ray, Seattle, WA (US); and Daniel Stutz, Karlsruhe (DE)
Assigned to Sophos Limited, Abingdon (GB)
Filed by Sophos Limited, Abingdon (GB)
Filed on Aug. 3, 2023, as Appl. No. 18/364,902.
Application 18/364,902 is a continuation of application No. 17/667,111, filed on Feb. 8, 2022, granted, now 11,722,521.
Application 17/667,111 is a continuation of application No. 16/224,258, filed on Dec. 18, 2018, granted, now 11,258,821, issued on Feb. 22, 2022.
Application 16/224,258 is a continuation of application No. PCT/US2016/040397, filed on Jun. 30, 2016.
Prior Publication US 2024/0214420 A1, Jun. 27, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 11/00 (2006.01); G06F 21/40 (2013.01); G06F 21/43 (2013.01); G06F 21/44 (2013.01); G06F 21/45 (2013.01); G06F 21/55 (2013.01); G06F 21/56 (2013.01); G06F 21/57 (2013.01); G06F 21/64 (2013.01); H04L 9/32 (2006.01); H04L 29/06 (2006.01); H04L 41/0631 (2022.01); H04L 41/142 (2022.01); H04L 43/10 (2022.01); H04L 51/212 (2022.01); H04L 67/104 (2022.01)
CPC H04L 63/1483 (2013.01) [G06F 11/00 (2013.01); G06F 21/40 (2013.01); G06F 21/43 (2013.01); G06F 21/44 (2013.01); G06F 21/45 (2013.01); G06F 21/554 (2013.01); G06F 21/566 (2013.01); G06F 21/57 (2013.01); G06F 21/64 (2013.01); H04L 9/3213 (2013.01); H04L 41/0631 (2013.01); H04L 41/142 (2013.01); H04L 43/10 (2013.01); H04L 51/212 (2022.05); H04L 63/02 (2013.01); H04L 63/0209 (2013.01); H04L 63/0227 (2013.01); H04L 63/0236 (2013.01); H04L 63/0254 (2013.01); H04L 63/0428 (2013.01); H04L 63/08 (2013.01); H04L 63/0807 (2013.01); H04L 63/10 (2013.01); H04L 63/14 (2013.01); H04L 63/1408 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1441 (2013.01); H04L 63/1466 (2013.01); H04L 63/1491 (2013.01); H04L 63/164 (2013.01); H04L 63/20 (2013.01); H04L 67/104 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer program product for operating a firewall to selectively forward network communications between a first network interface of the firewall operable to couple to an endpoint and a second network interface of the firewall operable to couple to a remote resource hosted at a server, the computer program product comprising computer executable code embodied in a non-transitory memory of the firewall that, when executing on the firewall, causes the firewall to perform the steps of:
receiving a request from the endpoint;
determining an identity of an application that originated the request on the endpoint based on a packet carrying the request;
querying a security data recorder on the endpoint from the firewall to identify previous events associated with the application;
receiving one or more previous events associated with the application from the security data recorder;
determining if a security state of the application that originated the request is an uncompromised state based on the one or more previous events associated with the application; and
conditionally forwarding the request from the firewall to the server in response to the identity of the application being recognized and the security state of the application being the uncompromised state.