Fortinet Patent Applications

SECURITY INFORMATION AND EVENT MANAGEMENT

Granted: February 16, 2017
Application Number: 20170048195
Systems and methods are described for conducting work flows by an SIEM device to carry out a complex task automatically. According to one embodiment, an SIEM device may create a work flow that includes multiple security tasks that are performed by one or more security devices. When a security event is captured or the work flow is scheduled to be executed, the SIEM device starts the work flow by scheduling the security tasks defined in the work flow. The SIEM device then collects results…

CONTEXT-AWARE PATTERN MATCHING ACCELERATOR

Granted: February 9, 2017
Application Number: 20170041348
Methods and systems for improving accuracy, speed, and efficiency of context-aware pattern matching are provided. According to one embodiment, a packet stream is received by a first stage of a CPMP hardware accelerator of a network device. A pre-matching process is performed by the first stage to identify a candidate packet that matches a string or over-flow pattern associated with IPS or ADC rules. A candidate rule is identified based on a correlation of results of the pre-matching…

CACHE MANAGEMENT BASED ON FACTORS RELATING TO REPLACEMENT COST OF DATA

Granted: February 9, 2017
Application Number: 20170041428
Systems and methods for a cache replacement policy that takes into consideration factors relating to the replacement cost of currently cached data and/or the replacement cost of requested data. According to one embodiment, a request for data is received by a network device. A cache management system running on the network device estimates, for each of multiple cache entries of a cache managed by the cache management system, a computational cost of reproducing data cached within each of…

PROVIDING SECURITY IN A COMMUNICATION NETWORK

Granted: February 2, 2017
Application Number: 20170034190
Systems and methods for optimizing system resources by selectively enabling various scanning functions relating to user traffic streams based on the level of trust associated with the destination are provided. According to one embodiment, a network security device within an enterprise network receives an application protocol request directed to an external network that is originated by a client device associated with the enterprise network. It is determined by the network security device…

DETECTION OF FRAUDULENT DIGITAL CERTIFICATES

Granted: January 26, 2017
Application Number: 20170026184
Systems and methods for verifying a digital certificate are provided. According to one embodiment, a trusted digital certificate of a server is collect by a network security device from a channel. The trusted digital certificate is stored by the network security device within a storage. A digital certificate of the server captured by a certificate inspector is receive by the network security device. The network security device verifies whether the captured digital certificate is an…

DETECTION OF FRAUDULENT DIGITAL CERTIFICATES

Granted: January 26, 2017
Application Number: 20170026186
Systems and methods for verifying a digital certificate are provided. According to one embodiment, a network security device intercepts a session between a client and a server, wherein a secure channel is requested to be established between the client and the server in the session. The network security device captures a digital certificate that is being sent from the server to the client, wherein the digital certificate is used for authenticating the server in connection with…

UTM INTEGRATED HYPERVISOR FOR VIRTUAL MACHINES

Granted: December 29, 2016
Application Number: 20160378529
Systems and methods for integrating firewall and Unified Threat Management (UTM) features directly within a hypervisor are provided. According to one embodiment, a system is provided that includes multiple virtual machines (VMs) and an integrated hypervisor that manages the VMs. The integrated hypervisor has integrated therein a unified threat management (UTM) layer. In operation, the integrated hypervisor intercepts network traffic directed to or originated by the VMs and provides…

EMULATOR-BASED MALWARE LEARNING AND DETECTION

Granted: December 29, 2016
Application Number: 20160381042
Methods and systems are described for malware learning and detection. According to one embodiment, an antivirus (AV) engine includes a training mode for internal lab use, for example, and a detection mode for use in commercial deployments. In training mode, an original set of suspicious patterns is generated by scanning malware samples. A set of clean patterns is generated by scanning clean samples. A revised set of suspicious patterns is created by removing the clean patterns from the…

PROTOCOL BASED DETECTION OF SUSPICIOUS NETWORK TRAFFIC

Granted: December 29, 2016
Application Number: 20160381070
Embodiments of the present invention relate to identification of suspicious network traffic indicative of a Botnet and/or an Advanced Persistent Threat (APT) based on network protocol of such traffic. According to one embodiment, a traffic file is received at a network security device that is protecting a private network. The traffic file contains therein network traffic associated with the private network that has been captured and stored. The received traffic file is processed by the…

FLOW MANAGEMENT IN A LINK AGGREGATION GROUP SYSTEM

Granted: December 22, 2016
Application Number: 20160373294
Systems and methods for an end-to-end bidirectional symmetric data flow mapping in a LAG system are provided. According to one embodiment, a forward flow from a first end of the LAG system is received by a second end. The forward flow is from a first device connected to the first end and directed to a second device connected to the second end. The forward flow is transmitted by the second end to the second device. A corresponding backward flow is received by the second end that is from…

MANAGEMENT OF CERTIFICATE AUTHORITY (CA) CERTIFICATES

Granted: December 22, 2016
Application Number: 20160373434
Systems and methods for automatically installing CA certificates received from a network security appliance by a client security manager to make the CA certificate become a trusted CA certificate to a client machine are provided. In one embodiment, a client security manager establishes a connection with a network security appliance through a network, wherein the client security manager is configured for managing security of a client at the client side and the network security appliance…

HUMAN USER VERIFICATION OF HIGH-RISK NETWORK ACCESS

Granted: December 22, 2016
Application Number: 20160373471
Systems and methods for performing a human user test when a high-risk network access is captured by an intermediary security device are provided. According to one embodiment, a high-risk network access initiated by a device is identified by an intermediary security device. A human user test message is sent by the intermediary security device to a human user of the device to verify that the high-risk network access was initiated by or is otherwise authorized by the human user. A response…

AUTOMATICALLY DEPLOYED WIRELESS NETWORK

Granted: December 22, 2016
Application Number: 20160373942
Systems and methods are described for an automatically deployed wireless network. According to one embodiment, an access point controller (AC) determines the existence of a network anomaly at a position of a wireless network that is managed by the AC. Responsive thereto, the AC causes an unmanned vehicle that carries a movable access point (AP) to carry the movable AP to the position or proximate thereto and causes the movable AP to provide wireless network service to an area…

AUTOMATICALLY DEPLOYED WIRELESS NETWORK

Granted: December 22, 2016
Application Number: 20160373963
Systems and methods for an automatically deployed wireless network are provided. According to one embodiment, an access point controller (AC) determines the existence of a network anomaly at a position of a wireless network that is managed by the AC. Responsive thereto, the AC causes an unmanned vehicle that carries a movable access point (AP) to carry the movable AP to the position or proximate thereto and causes the movable AP to provide wireless network service to an area encompassing…

CLOUD BASED LOGGING SERVICE

Granted: December 15, 2016
Application Number: 20160366101
Methods and systems are provided for facilitating access to a cloud-based logging service. According to one embodiment, access to a cloud-based logging service is integrated within a network security appliance by automatically configuring access settings for the logging service and creating an account for the security appliance with the logging service. A log is created within the logging service by making use of the automatically configured access settings and the account. A request is…

NETWORK ADVERTISING SYSTEM

Granted: December 15, 2016
Application Number: 20160366238
Systems and methods for transmitting content to a client via a communication network are provided. An insertion server, running within a firewall device associated with a private IP network, detects establishment of a transport communication protocol connection between a client associated with the network and a destination located external to the network by examining packets as they pass through the network and pass by the insertion server. A content request of an application protocol…

LOAD BALANCING AMONG A CLUSTER OF FIREWALL SECURITY DEVICES

Granted: December 8, 2016
Application Number: 20160359806
A method for balancing load among firewall security devices (FSDs) is provided. According to one embodiment, imminent shutdown of a first cluster unit of an HA cluster of FSDs is gracefully handled by a switching device. A load balancing (LB) table, forming associations between hash values output by the LB function and corresponding ports of the switching device to which the cluster units are coupled, is maintained. The first cluster unit is coupled to a first port. Responsive to…

LOAD BALANCING AMONG A CLUSTER OF FIREWALL SECURITY DEVICES

Granted: December 8, 2016
Application Number: 20160359808
A method for balancing load among firewall security devices (FSDs) is provided. According to one embodiment, a switching device performs adaptive load balancing among cluster units of an HA cluster of firewall security devices. A load balancing (LB) function implemented by the switching device is configured based on information received from a network administrator. A LB table is maintained that forms associations between hash values output by the LB function and corresponding ports of…

VIRTUAL MEMORY PROTOCOL SEGMENTATION OFFLOADING

Granted: December 1, 2016
Application Number: 20160352652
Methods and systems for a more efficient transmission of network traffic are provided. According to one embodiment, presence of outbound payload data, distributed across a first and second payload buffer, within a user memory space of a network device that has been generated by a user process is determined by a bus/memory interface or a network interface unit. The payload data is fetched by performing direct virtual memory addressing of the user memory space including mapping virtual…

MANAGING TRANSMISSION AND STORAGE OF SENSITIVE DATA

Granted: December 1, 2016
Application Number: 20160352719
Systems and methods for injecting sensitive data into outgoing traffic on behalf of a user of a private network are provided. According to one embodiment, a network security appliance maintains a database of sensitive data. Secure submission of sensitive data of a user is facilitated by the security appliance in connection with interactions between a client and a server by: (i) intercepting outgoing traffic from the client to the server; (ii) determining whether the outgoing traffic…