Patent attributes
An in-network security provider applies security event identification, analysis and processing to a customer's data communications traffic in the form of a “security in the cloud” solution. This method of network defense is achieved when customers pass all of their outbound data communications traffic through the security provider before that data communications traffic reaches the public Internet. Additionally, all inbound data communications traffic is passed through the security provider before it is delivered to the customer. The security provider receives the inbound and outbound sequence of data packets and segregates the sequence of data packets into respective packet flows based on data packet types (HTML, SMTP, FTP, etc.). For individual respective packet flows, the system applies security processing that is appropriate to those packet flows based on that packet flow's data packet type.