Fortinet Patent Grants

Kernel space based capture using intelligent packet selection paradigm and event output storage determination methodology

Granted: January 9, 2024
Patent Number: 11870693
Systems and methods for efficient kernel space packet processing and IoT device classification are provided. According to an embodiment, a computer system receives a packet in kernel space, ascertains whether the packet is destined for the computer system, when the ascertaining is affirmative the packet is forwarded to user space; otherwise, it is determined whether the packet is associated with a protocol used by IoT devices. When the determination is affirmative, header information is…

Scalable physical loop detection in non-native virtual local area networks (VLANs)

Granted: January 9, 2024
Patent Number: 11870607
Systems and methods for detecting physical loops in both native and non-native VLANs are provided. According to one embodiment, a processing resource of a network switch detects a physical loop in a non-native Virtual Local Area Network (VLAN) by configuring a set of one or more network chips (e.g., an ASIC) associated with an interface associated with the non-native VLAN of multiple interfaces of the network switch to provide an indication (e.g., a Media Access Control (MAC) address or…

Enabling global quality of service for real-time selection of best data communications channels in autonomous driving vehicles

Granted: January 2, 2024
Patent Number: 11863344
An orchestrator ensures the best available vehicle communication technology is selected. In the computer architecture, the orchestrator is injected on the data bus line is also coupled to a plurality of independent silos of vehicle communication technologies for autonomous driving vehicle technologies. Real-time accurate strength signals associated with the plurality of independent silos are received. One of the independent silos of communication is selected for rerouting the data…

Detecting potential domain name system (DNS) hijacking by identifying anomalous changes to DNS records

Granted: December 26, 2023
Patent Number: 11856020
Systems and methods are described for scanning or monitoring of Domain Name System (DNS) records of an entity for identifying anomalous changes to the DNS records that may be indicative of possible DNS hijacking. According to one embodiment, DNS monitoring engine running on a network security appliance protecting a private network, or implemented as a cloud-based service can be used for monitoring DNS records of the entity. Any modification in the monitored DNS record(s) can be detected…

Facilitating identification of compromised devices by network access control (NAC) or unified threat management (UTM) security services by leveraging context from an endpoint detection and response (EDR) agent

Granted: December 26, 2023
Patent Number: 11856008
Systems and methods are provided for synergistically combining network security technologies to detect compromised devices. According to one embodiment, an endpoint detection and response (EDR) agent of multiple endpoint security agents running on an endpoint device detects an incident. A security incident alert is generated by the EDR agent by proactively collecting data regarding the incident. Identification of a device coupled to a private network as potentially being compromised by a…

Framework for determining metrics of an automation platform

Granted: December 26, 2023
Patent Number: 11855854
Systems and methods for determining an efficiency score for an automation platform are provided. According to one embodiment, a first weight for each playbook of multiple playbooks of an automation framework and a second weight for each type of error of multiple types of errors that may cause execution of one of the multiple playbooks to fail are maintained. The first weight represents a relative importance of the playbook and the second weight represents an effort required to address…

Automated feature extraction and artificial intelligence (AI) based detection and classification of malware

Granted: December 12, 2023
Patent Number: 11842157
Systems and methods for detection and classification of malware using an AI-based approach are provided. In one embodiment, a T-node maintains a sample library including benign and malware samples. A classification model is generated by training a classifier based on features extracted from the samples. The classification model is distributed to D-nodes for use as a local malware detection model. Responsive to detection of malware in a sample processed by a D-node, the T-node receives…

Systems and methods for unpacking protected data from obfuscated code

Granted: December 12, 2023
Patent Number: 11841948
Systems, devices, and methods are discussed that provide for discovering protected data from a code. Such detection provides an ability to discover potentially malicious code and/or datasets obfuscated within a code prior to full execution of the code.

Detecting malicious behavior in a network using security analytics by analyzing process interaction ratios

Granted: December 5, 2023
Patent Number: 11836247
Systems and methods for detecting malicious behavior in a network by analyzing process interaction ratios (PIRs) are provided. According to one embodiment, information regarding historical process activity is maintained. The historical process activity includes information regarding various processes hosted by computing devices of a private network. Information regarding process activity within the private network is received for a current observation period. For each process, for each…

Hardware acceleration device for denial-of-service attack identification and mitigation

Granted: December 5, 2023
Patent Number: 11838319
Systems and methods for providing an integrated or Smart NIC-based hardware accelerator for a network security device to facilitate identification and mitigation of DoS attacks is provided. According to one embodiment, a processor of a network security device receives an application layer protocol request from a client, directed to a domain hosted by various servers and protected by the network security device. The application layer protocol request is parsed to extract a domain name and…

Systems and methods for enhanced key security in an SD-WAN network environment

Granted: November 21, 2023
Patent Number: 11824973
Systems, devices, and methods are discussed for leveraging SD-WAN's property of redundant independent paths to enable out of band key exchange using the collection of available paths, dynamically managing link failures to keep the separation whenever possible, and/or signaling availability of quantum-safe data transfer to SD-WAN to enable quantum-safety to be used in SD-WAN policy decisions.

Systems and methods for incorporating passive wireless monitoring with video surveillance

Granted: November 21, 2023
Patent Number: 11823538
Various systems and methods for surveillance using a combination of video image capture and passive wireless detection are described. In some cases, the methods include receiving a device identification information from a first wireless access point at a first location and corresponding to a first time, and receiving the device identification from a second wireless access point at a second location and corresponding to a second time. A video from a camera is received, and a travel path…

Systems and methods for application integrated malicious behavior mitigation

Granted: November 14, 2023
Patent Number: 11816207
Various embodiments discussed generally relate to securing applications that work across networks, and more particularly to systems and methods for mitigating malicious behavior integrated within an application that directly calls a separate cloud based malicious behavior mitigation system.

Selectively applying dynamic malware analysis to software files based on compression type in a software security system

Granted: October 17, 2023
Patent Number: 11790086
A file is received from external to the gateway device and, prior to runtime, the received file is detected as being compressed. Also before runtime, a compression type of the received file is differentiated as packed, protected, and/or archived. Identification of a specific packer, a specific protector or a specific archiver corresponding to the compression type is attempted. Responsive to successful identification, the received file is decompressed and a static type of malware analysis…

Systems and methods for governing VPN access using a remote device in proximity to a VPN endpoint

Granted: October 17, 2023
Patent Number: 11792043
Various embodiments provide for governing VPN access using a device remote from a VPN endpoint.

Restricting control of an output resource advertising services openly over a wireless network for playing media

Granted: October 17, 2023
Patent Number: 11792033
Restrictions to control of wireless resources shared openly on a wireless network for playing media are described. At a high-level, advertisement are broadcast for an openly shared resource service are restricted with respect to who, when and where control is permitted. A resource controller app can be implemented on a Wi-Fi controller, on an SDN controller, or as a separate server to intercept advertisements (e.g., service advertisements) being sent for broadcast by an openly shared…

SD-WAN communication network forward error correction systems and methods

Granted: October 17, 2023
Patent Number: 11791932
Systems and methods are provided for error correction in network data transfers. In some cases, such systems and methods include selection of a ratio of error correction to user data based upon determined communication channel health.

Access point with modular internal/external antenna support

Granted: October 17, 2023
Patent Number: 11791550
An access point has a housing with at least one connector for at least one external antenna and at least one connector for at least one internal antenna. An RF controller detects whether the at least one external antenna is connected to the at least one connector for the at least one external antenna when an open circuit is closed. Responsive to detecting that the at least one external antenna is connected, a first mode in which the at least one internal antenna supports RF capabilities…

Determination of a security rating of a network element

Granted: September 26, 2023
Patent Number: 11770403
Systems and methods for a security rating framework that translates compliance requirements to corresponding desired technical configurations to facilitate generation of security ratings for network elements is provided. According to one embodiment, a host network element executes a collection of security checks on at least a first network element. The execution is performed by receiving configuration data of the first network element pertaining to each security check of the collection…

Systems and methods for network device discovery and vulnerability assessment

Granted: September 26, 2023
Patent Number: 11770402
Various embodiments are discussed that provide systems and methods for identifying possible unsecured devices on a network. In some cases, embodiments discussed relate to systems and methods for identifying possible unsecured devices; clustering the identified devices with other similar devices, and/or determining default or simplified access processes for a given cluster of the identified devices.