Palo Alto Networks, Inc.
Determining risk associated with internet protocol (IP) addresses involved in internet communications

Abstract:

Introduced here are security management platforms configured to estimate the risk posed by a public communication activity that involves an internal Internet Protocol (IP) address that resides on an internal network. Initially, a security management platform can examine network data to detect a public communication activity involving an internal IP address and an external IP address. Thereafter, the security management platform can probe the external IP address by transmitting a query designed to elicit a response, and then evaluate a risk posed by the public communication activity by analyzing response(s) received from the external IP address, if any, responsive to the query. For example, the security management platform may be able to determine whether a service determined to be vulnerable to unauthorized access is running on the external IP address.