Patent attributes
Methods, apparatus and articles of manufacture for detecting suspicious web traffic are provided herein. A method includes generating a database comprising information corresponding to each of multiple connections between one or more destinations external to an enterprise network and one or more hosts within the enterprise network, wherein said multiple connections occur over a given period of time; processing multiple additional connections between one or more destinations external to the enterprise network and one or more hosts within the enterprise network with one or more filtering operations to produce one or more filtered connections, wherein said multiple additional connections occur subsequent to said given period of time; and analyzing said filtered connections against the database to identify a connection to a destination external to the enterprise network that is not included in the information in the database.
