DYNAMIC SUBCARRIERS ALLOCATION FOR SECURED WIRELESS NETWORKS
Granted: January 2, 2025
Application Number:
20250008499
A current activity score is periodically calculated for each Wi-Fi 6E station from the data traffic based on malicious activity identified for each Wi-Fi 6E station. Responsive to having OFDMA data to send downlink and more than two Wi-Fi 6E stations are addressed, a precedence between the stations involved in determined. A bandwidth quantity of subcarriers is dynamically allocated in a channel between the more than two stations with more bandwidth quantity allocated to a higher…
LOCAL BROWSER ISOLATION WITH VIDEO STREAMING TO PREVENT MALICIOUS ATTACKS
Granted: January 2, 2025
Application Number:
20250007953
A web page is fetched from the data communication network and load to the virtual machine of a web browser app running in a web browser. The web page continuously renders the web page in the virtual machine of the web browser app according to the configured security policies. A virtual screenshot module to continuously take virtual screenshots of the web page rendering, from the web browser app. Interactive objects are identified on the rendered web page, and replica interactive objects…
DETECTING DATA TRAFFIC ANOMALIES IN INTERNET OF THINGS (IOT) DEVICES WITH UNSUPERVISED ISOLATION FOREST (IFOREST) MODEL
Granted: January 2, 2025
Application Number:
20250007924
Data traffic statistics are generated for each IoT device over a training sliding window. Feature vectors and frequency can be extracted from the data traffic statistics over the training sliding window. A plurality of iTrees of an iForest. New data traffic is received for the specific IoT device. New features are continuously extracting new feature vectors from the new data traffic of the IoT device over a detection sliding window. An instance anomaly score can then be calculated for…
SINGLE SIGN-ON (SSO) IDENTIFICATION ACROSS NETWORKS
Granted: January 2, 2025
Application Number:
20250007899
The DHCP requests can be sent by endpoints to get first IP addresses. SSO data concerning the endpoints is collected using an identity service. A DHCP fingerprint is generated for of the each endpoints, including the first IP addresses. DHCP fingerprints are stored to an SSO unification database along with corresponding SSO data for the endpoints at the first IP addresses, including a specific endpoint at a first IP address on the wired network. While tracking, the specific endpoint is…
ADAPTIVE MULTICAST DATA RATE CONFIGURATION IN MANAGED WI-FI NETWORKS TO IMPROVE THROUGHPUT USING UNSUPERVISED MACHINE LEARNING
Granted: December 26, 2024
Application Number:
20240430734
A baseline multicast traffic is derived for an SSID from the network traffic statistics using unsupervised machine learning. Responsive to detecting a deterioration in the real-time network traffic statistics for the SSID in relation to the baseline throughput and the baseline multicast traffic, the multicast data rate can be adjusted to match the lowest unicast data rate for the SSID.
INTEGRATING 5G NETWORK SECURITY SERVICES WITH OTHER TYPES OF WIRELESS LOCAL ACCESS NETWORK (WLAN) SECURITY ON PRIVATE NETWORKS
Granted: December 26, 2024
Application Number:
20240430686
Security policies over a 5G private network are integrated with security policies over other wireless channels, such as a Wi-Fi private network, on a common private network. Security policies are set up for 5G, Wi-Fi, and wireless network combinations. An authenticated private cellular device connected to the private cellular network is detected as collocated with a second device connected to the second type of network. Responsive to the indication, adjusting the second device security…
AUTOMATIC CONFIGURATION OF SD-WAN LINK RULES ON A PER APPLICATION BASIS USING REAL-TIME NETWORK CONDITIONS
Granted: December 26, 2024
Application Number:
20240430159
A new link requests are received and an application making the request is identified. SD-WAN parameters are inferred from a protocol and network use behavior. A first parameter is a JLP loss requirement for the application, and can be either low JLP, medium JLP, or high JLP SLA level. A second parameter a downstream/upstream bandwidth capability requirement. Links are determined from the pool of available links that meet the JLP requirement. One of the links is selected for the new link…
CACHE LOOK UP DURING PACKET PROCESSING BY UNIFORMLY CACHING NON-UNIFORM LENGTHS OF PAYLOAD DATA IN A DUAL-STAGE CACHE OF PACKET PROCESSORS
Granted: December 26, 2024
Application Number:
20240427706
At a first stage, cells of a row of the index table are searched, using a portion of the unified hash value bits as index to identify the row of the index table. Also, a pointer to the content table is identified by comparing an index table tag of an entry of a cell with a calculated tag of the hash to identify a cell in the row. At a second stage, a cell is looked up in the content table, responsive to a match of calculated tag of the hash and index table tag of entry, comparing the…
SYSTEMS AND METHODS FOR IDENTIFYING SECURITY REQUIREMENTS IN A ZTNA SYSTEM
Granted: December 19, 2024
Application Number:
20240422171
Various embodiments provide systems and methods for providing security in a ZTNA system.
Machine Learning Systems and Methods for API Discovery and Protection by URL Clustering With Schema Awareness
Granted: December 19, 2024
Application Number:
20240422225
Various embodiments provide systems and methods for discovering APIs for use in relation to network application security.
SYSTEMS AND METHODS FOR EDGE PROCESSING USING SELECTIVELY SUSPENDED NETWORK SECURITY
Granted: December 12, 2024
Application Number:
20240414210
Various embodiments provide embodiments provide systems and methods for performing edge processing using selectively suspended network security processing.
SYSTEMS AND METHODS FOR NON-EQUAL BOUNDARY SECURITY POLICY APPLICATION IN A NETWORK APPLIANCE
Granted: December 12, 2024
Application Number:
20240414202
Various embodiments provide systems and methods for applying network policies to network traffic based upon a non-equal boundary search tree.
SYSTEMS AND METHODS FOR MULTI-LEVEL SEGMENTED ZTNA ACCESS CONTROL USING RESYNCHRONIZATION
Granted: December 12, 2024
Application Number:
20240414201
Various embodiments provide systems and methods for applying ZTNA control in a multi-level, segmented network environment.
SYSTEMS AND METHODS FOR DETECTION OF DENIAL OF SERVICE ATTACKS FOR PROTOCOLS WITH HIGH BURST DATA RATES
Granted: December 12, 2024
Application Number:
20240414197
Various embodiments provide systems and methods for detecting denial of service attacks using a varying threshold.
SYSTEMS AND METHODS FOR MULTI-LEVEL SEGMENTED ZTNA ACCESS CONTROL
Granted: December 12, 2024
Application Number:
20240414168
Various embodiments provide systems and methods for applying ZTNA control in a multi-level, segmented network environment.
SYSTEMS AND METHODS FOR MULTI-TENANT SEGMENTATION TO VIRTUALIZE ZTNA PROCESSING
Granted: December 12, 2024
Application Number:
20240414159
Systems, devices, and methods are discussed for providing virtualized ZTNA control across multiple networks.
SYSTEMS AND METHODS FOR NETWORK EDGE SELECTION OF NETWORK SECURITY PROCESSING
Granted: December 12, 2024
Application Number:
20240414133
Various embodiments provide embodiments provide systems and methods for performing edge processing using selectively suspended network security processing.
SYSTEMS AND METHODS FOR AUTOMATED INCIDENT MANAGEMENT
Granted: December 12, 2024
Application Number:
20240414066
Systems, devices, and methods are discussed for automating incident management.
IDENTIFYING ATTACKS TO ACTIVE RESOURCES BY TRUSTED DEVICES WITH FAKE VULNERABILITIES ON DECEPTIVE PROXY RESOURCES
Granted: November 28, 2024
Application Number:
20240394368
A plurality of fake vulnerabilities are exposed to network traffic alongside an active resource. Each fake vulnerability cannot harm the active resource and wherein the deceptive proxy device and the legitimate device are reachable by a common IP address. Network traffic is monitored in real-time, to detect an attack by a malicious device concerning at least one of the fake vulnerabilities of the plurality of fake vulnerabilities exposed by the deceptive proxy resource. The malicious…
DETECTING ZERO-DAY MALWARE WITH TETRA CODE
Granted: November 21, 2024
Application Number:
20240386104
A string sample is received from a file in real-time and the string sample is converted to a Tetra code and used to search a database of Tetra code samples, organized by family and then by variant. Responsive to the real-time Tetra code not matching any stored Tetra codes, (a) an internal structure of the Tetra Code is generated to expose correlations of encrypted features of the file, without any access to the file, (b) machine learning is utilized to classify the internal structure of…
