FACILITATING SECURITY ORCHESTRATION, AUTOMATION AND RESPONSE (SOAR) THREAT INVESTIGATION USING A MACHINE-LEARNING DRIVEN MIND MAP APPROACH
Granted: September 23, 2021
Application Number:
20210297427
Systems and methods for facilitating a mind map approach to a SOAR threat investigation are provided. A SOAR platform operatively coupled with a Security Operation Center (SOC) of a monitored network receives alert data pertaining to an incident. A mind map view is generated within a graphical user interface. The mind map view includes a primary node corresponding to the incident, one or more field nodes associated with the primary node, one or more action nodes based at least on one of…
DETECTING ACCESS POINTS LOCATED WITHIN PROXIMITY OF A COMPUTING DEVICE FOR TROUBLESHOOTING OF A NETWORK
Granted: September 23, 2021
Application Number:
20210297317
Systems and methods for detecting access points proximate to a mobile computing device to facilitate wireless network troubleshooting and management of the access points are provided. According to an embodiment, a mobile application, running on a mobile device that is operating within a physical environment, discovers a subset of wireless access points (APs) of various managed APs of a private network that are proximate to the mobile device by receiving short-range beacons originated by…
DYNAMIC ESTABLISHMENT OF APPLICATION-SPECIFIC NETWORK TUNNELS BETWEEN NETWORK DEVICES BY AN SDWAN CONTROLLER
Granted: September 16, 2021
Application Number:
20210288881
Systems and methods for dynamically establishing network overlay tunnels between edges within different groups of a network architecture are provided. According to an embodiment, a Software-Defined Wide Area Network (SDWAN) controller associated with a private network, receives a request to initiate a dynamic Virtual Private Network (VPN) link for a network session between a source edge and a destination edge. The SDWAN controller determines configuration information for each of the…
ADAPTIVE RESOURCE PROVISIONING FOR A MULTI-TENANT DISTRIBUTED EVENT DATA STORE
Granted: September 16, 2021
Application Number:
20210286652
Systems and methods for adaptively provisioning a distributed event data store of a multi-tenant architecture are provided. According to one embodiment, a managed security service provider (MSSP) maintains a distributed event data store on behalf of each tenant of the MSSP. For each tenant, the MSSP periodically determines a provisioning status for a current active partition of the distributed event data store of the tenant. Further, when the determining indicates an under-provisioning…
PROVIDING A SECURE COMMUNICATION CHANNEL BETWEEN KERNEL AND USER MODE COMPONENTS
Granted: September 9, 2021
Application Number:
20210279184
Systems and methods for implementing a secure communication channel between kernel and user mode components are provided. According to an embodiment, a shared memory is provided through which a kernel mode process and a user mode process communicate. The kernel mode process is assigned read-write access to the shared memory. The user mode process is assigned read-only access to the shared memory. An offset-based linked list is implemented within the shared memory. Kernel-to-user messages…
AUTOMATIC VIRTUAL PRIVATE NETWORK (VPN) ESTABLISHMENT
Granted: July 1, 2021
Application Number:
20210203640
Systems and methods for automatic VPN establishment are provided.
SELECTIVELY DISABLING ANTI-REPLAY PROTECTION BY A NETWORK SECURITY DEVICE
Granted: July 1, 2021
Application Number:
20210203698
Systems and methods for selectively disabling anti-replay security checks based on a defined network policy that can override the globally-defined defaults for specific network sessions are provided. A network security device protecting a private network receives a packet associated with a network traffic flow between a source computing device and an internal destination computing device. The network security device identifies an anti-replay policy associated with the network traffic…
PERFORMING THREAT DETECTION BY SYNERGISTICALLY COMBINING RESULTS OF STATIC FILE ANALYSIS AND BEHAVIOR ANALYSIS
Granted: July 1, 2021
Application Number:
20210200870
Systems and methods are described for synergistically combining static file based detection and behavioral analysis to improve both threat detection time and accuracy. An endpoint security solution running on an endpoint device generates a static analysis score by performing a static file analysis on files associated with a process initiated on the endpoint device. When the static analysis score meets or exceeds a static analysis threshold, then a network security platform treats the…
MALWARE DETECTION BY A SANDBOX SERVICE BY UTILIZING CONTEXTUAL INFORMATION
Granted: July 1, 2021
Application Number:
20210200859
Systems and methods for improving malware detection by a sandbox service by utilizing Endpoint Detection and Response (EDR) origin contextual information are provided. According to an embodiment, a sandbox service associated with a network security platform protecting an enterprise network receives a file associated with sandbox-evading malware, to be classified by the sandbox service, and contextual information related to the file. The file is received from an endpoint security solution…
AUTOMATIC ESTABLISHMENT OF NETWORK TUNNELS BY AN SDWAN CONTROLLER BASED ON GROUP AND ROLE ASSIGNMENTS OF NETWORK DEVICES
Granted: June 17, 2021
Application Number:
20210185013
Systems and methods are described for automatically building up a VPN to facilitate full-mesh communication within a private network of an organization based on group and role settings of participating network devices. According to one embodiment, configuration information, including a group setting, indicating a group with which the particular network device is associated, and a role setting, specifying a role of the particular network device within the group as either a hub or an edge,…
AUTOMATIC ESTABLISHMENT OF NETWORK TUNNELS BY AN SDWAN CONTROLLER BASED ON GROUP AND ROLE ASSIGNMENTS OF NETWORK DEVICES
Granted: June 17, 2021
Application Number:
20210185011
Systems and methods for automatically building up a VPN to facilitate full-mesh communication within an enterprise based on group and role settings of the participating network devices are provided. An SDWAN controller associated with a private network receives configuration information related to group setting and role setting for various network devices of the private network. The group setting indicates a group with which a network device is associated and the role setting specifies a…
MITIGATING MALWARE IMPACT BY UTILIZING SANDBOX INSIGHTS
Granted: June 10, 2021
Application Number:
20210176257
Systems and methods for mitigating the impact of malware by reversing malware related modifications in a computing device are provided. According to an embodiment, a sandbox service running within a network security platform protecting an enterprise network receives a file containing malware and associated contextual information from an endpoint security solution running on an endpoint device, which has been infected by the malware. The sandbox service captures information regarding a…
CLOUD-BASED ORCHESTRATION OF INCIDENT RESPONSE USING MULTI-FEED SECURITY EVENT CLASSIFICATIONS WITH MACHINE LEARNING
Granted: June 10, 2021
Application Number:
20210176261
Systems and methods for performing multi-feed classification of security events to facilitate automated IR orchestration are provided. According to one embodiment a cloud-based security service protecting a private network provides a plurality of data feeds, wherein each data feed of the plurality of data feeds independently classify a given security event and produce a classification result. In response to an event associated with a process of an endpoint device that is part of the…
LEVERAGING USER-BEHAVIOR ANALYTICS FOR IMPROVED SECURITY EVENT CLASSIFICATION
Granted: June 10, 2021
Application Number:
20210176264
Systems and methods for improving security event classification by leveraging user-behavior analytics are provided. According to an embodiment, a UEBA-based security event classification service of a cloud-based security platform maintains information regarding historical user behavior of various users of an enterprise network. An endpoint protection platform running on an endpoint device that is part of the enterprise network performs an initial classification of the event, based on…
DYNAMIC SERVICE-BASED LOAD BALANCING IN A SOFTWARE-DEFINED WIDE AREA NETWORK (SD-WAN)
Granted: April 8, 2021
Application Number:
20210105212
Systems and methods for dynamic service-based load balancing in an SD-WAN are provided. According to one embodiment, a subnet assigned to a client device by a hub network of the SD-WAN and one or more attributes of a path or a route to a group of clients within the subnet are received by a first process of an SD-WAN controller via a dynamic routing protocol. A tagged subnet is generated by the first process by tagging the subnet with a route tag corresponding to the one or more…
AUTHENTICATING CLIENT DEVICES IN A WIRELESS COMMUNICATION NETWORK WITH CLIENT-SPECIFIC PRE-SHARED KEYS
Granted: April 1, 2021
Application Number:
20210099873
Systems and methods for authenticating client devices accessing a wireless communication network through an access point communicatively coupled with an authentication server are provided. The authentication server receives an authentication request, including a first message integrity code (MIC) of a client-specific pre-shared key, from the access point or a wireless local area network (LAN) controller that manages the access point, to establish an encrypted communication channel…
PHISHING WEBSITE DETECTION
Granted: April 1, 2021
Application Number:
20210099484
Systems and methods for detection of suspicious phishing webpages are provided. According to one embodiment, a client device captures an image pertaining to a webpage attempted to be accessed via the client device and generates a fingerprint of the webpage based on application of a hash function to the captured image. For each phishing fingerprint within a phishing fingerprint database containing fingerprints associated with known phishing webpages, the client device determines a…
INCEPTION OF SUSPICIOUS NETWORK TRAFFIC FOR ENHANCED NETWORK SECURITY
Granted: April 1, 2021
Application Number:
20210099468
Systems and methods are described for inception of suspicious network traffic to allow detection of the beginning of common attacks by network security devices, such as NGFWs, UTM appliances and IPS appliances. According to one embodiment, inception engine running on network security appliance protecting a private network monitors a session between an external computing device and a server device associated with the private network. In response to receipt of suspicious traffic from…
DETECTING MALICIOUS WEB PAGES BY ANALYZING ELEMENTS OF HYPERTEXT MARKUP LANGUAGE (HTML) FILES
Granted: March 25, 2021
Application Number:
20210092130
Systems and methods are described for detecting compromised web pages and domains by analyzing of elements of hypertext markup language (HTML) files of a domain. In one embodiment, a security service receives a request including a potentially malicious uniform resource locator (URL) and retrieves a first HTML file to which the potentially malicious URL points and a second HTML file to which a host URL corresponding to the potentially malicious URL points. The security service determines…
HARDWARE ACCELERATION DEVICE FOR STRING MATCHING AND RANGE COMPARISON
Granted: March 18, 2021
Application Number:
20210084011
Systems and methods are described for providing effective hardware acceleration by performing a combination of string matching and range comparison. According to one embodiment, acceleration device of a host device associated with datacenter receives an input stream of information. The received information is matched with contents of a hash-based lookup table to identify one or more units, which satisfy at least one condition for any or a combination of a string match and a range…
