US 12,506,768 B2
Real-time threat detection for encrypted communications
Nithendren Naidoo, Centurion (ZA)
Assigned to SNODE TECHNOLOGIES (PTY) LTD, Centurion (ZA)
Filed by Snode Technologies (Pty) Ltd, Centurion (ZA)
Filed on Nov. 15, 2022, as Appl. No. 18/055,554.
Claims priority of application No. 2021/09084 (ZA), filed on Nov. 16, 2021.
Prior Publication US 2023/0156034 A1, May 18, 2023
Int. Cl. H04L 9/00 (2022.01); H04L 9/40 (2022.01)
CPC H04L 63/1441 (2013.01) [H04L 63/0457 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method for threat detection for encrypted communications, the method comprising:
monitoring a data stream in a network, the data stream including encrypted message data and non-encrypted metadata associated with the encrypted message data being transmitted between endpoints on the network;
extracting data points from the non-encrypted metadata and storing the non-encrypted metadata data points in an in-memory key-value store;
enriching the non-encrypted metadata data points with contextual data relating to one or more of threat, vulnerability and reputation data points and being obtained from one or more signal sources to output enriched data and storing the enriched data in the in-memory key-value store;
analysing the enriched data to calculate a risk probability score associated therewith; and,
initiating an action in accordance with the risk probability score so as to mitigate a threat present on the network.