DETECTING POTENTIAL DOMAIN NAME SYSTEM (DNS) HIJACKING BY IDENTIFYING ANOMALOUS CHANGES TO DNS RECORDS
Granted: March 18, 2021
Application Number:
20210084071
Systems and methods are described for scanning or monitoring of Domain Name System (DNS) records of an entity for identifying anomalous changes to the DNS records that may be indicative of possible DNS hijacking. According to one embodiment, DNS monitoring engine running on a network security appliance protecting a private network, or implemented as a cloud-based service can be used for monitoring DNS records of the entity. Any modification in the monitored DNS record(s) can be detected…
HARDWARE ACCELERATION DEVICE FOR STRING MATCHING AND RANGE COMPARISON
Granted: March 18, 2021
Application Number:
20210084011
Systems and methods are described for providing effective hardware acceleration by performing a combination of string matching and range comparison. According to one embodiment, acceleration device of a host device associated with datacenter receives an input stream of information. The received information is matched with contents of a hash-based lookup table to identify one or more units, which satisfy at least one condition for any or a combination of a string match and a range…
AUTOMATED FEATURE EXTRACTION AND ARTIFICIAL INTELLIGENCE (AI) BASED DETECTION AND CLASSIFICATION OF MALWARE
Granted: January 28, 2021
Application Number:
20210029145
Systems and methods for detection and classification of malware using an AI-based approach are provided. In one embodiment, a T-node maintains a sample library including benign and malware samples. A classification model is generated by training a classifier based on features extracted from the samples. The classification model is distributed to D-nodes for use as a local malware detection model. Responsive to detection of malware in a sample processed by a D-node, the T-node receives…
MALWARE IDENTIFICATION USING MULTIPLE ARTIFICIAL NEURAL NETWORKS
Granted: January 21, 2021
Application Number:
20210019402
Systems and methods for malware detection using multiple neural networks are provided. According to one embodiment, for each training sample, a supervised learning process is performed, including: (i) generating multiple code blocks of assembly language instructions by disassembling machine language instructions contained within the training sample; (ii) extracting dynamic features corresponding to each of the code blocks by executing each of the code blocks within a virtual environment;…
SYSTEMS AND METHODS FOR CENTRALLY MANAGED HOST AND NETWORK FIREWALL SERVICES
Granted: January 7, 2021
Application Number:
20210004333
Systems and methods for a unified, cloud-managed platform for controlling enterprise network security are provided. According to one embodiment, a network of an enterprise is protected by a cloud-managed platform. An underlying architecture of the cloud-managed platform is abstracted by providing a portal through which modifications to security policies are expressed as business requirements of the enterprise. The security policies are automatically enforced regardless of location or…
GAMIFIED VIRTUAL CONFERENCE WITH NETWORK SECURITY TRAINING OF NETWORK SECURITY PRODUCTS
Granted: December 31, 2020
Application Number:
20200412781
Systems and methods for demonstrating network security products in a virtual conference and providing training to attendees of a network security training session in the virtual conference through the use of gamification are provided. A server generates a dedicated virtual environment for a particular attendee. A three-dimensional (3D) user interface for the virtual conference is presented on a display of the particular attendee, which represents a simulated conference environment with…
REMOTE MONITORING OF A SECURITY OPERATIONS CENTER (SOC)
Granted: December 31, 2020
Application Number:
20200412764
Systems and methods for remote monitoring of a Security Operations Center (SOC) via a mobile application are provided. According to one embodiment, a management service retrieves information regarding multiple network elements that are associated with an enterprise network and extracts parameters of the monitored network elements from the retrieved information. The management service prioritizes the monitored network elements by determining a severity level associated with…
GAMIFIED NETWORK SECURITY TRAINING USING DEDICATED VIRTUAL ENVIRONMENTS SIMULATING A DEPLOYED NETWORK TOPOLOGY OF NETWORK SECURITY PRODUCTS
Granted: December 31, 2020
Application Number:
20200410894
Systems and methods are described for providing training to attendees of a network security training session through use of gamification. A virtual environment is created containing a network topology simulating a deployed network of network security devices for which teams of the attendees are to receive training. A 3D game interface is presented on a display of a computer system of an attendee. Based on a leaderboard server's game state, a problem-solving objective for the training…
COOPERATIVE ADAPTIVE NETWORK SECURITY PROTECTION
Granted: December 10, 2020
Application Number:
20200389430
Systems and methods for improving the catch rate of attacks/malware by a cooperating group of network security devices are provided. According to one embodiment, a security management device configured in a protected network, maintains multiple dynamic IP address lists including an NGFW deep detection list, a DDoS deep detection list, a NGFW block list and a DDoS block list. The security management device, continuously updates the lists based on updates provided by a cooperating group of…
HYBRID CLUSTER ARCHITECTURE FOR REVERSE PROXIES
Granted: November 26, 2020
Application Number:
20200374353
Systems and methods for an improved HA cluster architecture that provides for seamless failover while also maintaining full processing capacity are provided. According to one embodiment, each member of a hybrid HA cluster of reverse proxy network security devices is configured to operate in an active mode or in a backup mode. A primary member of a set of active members of the cluster receives and processes network traffic. The cluster detects existence of a failure scenario of multiple…
SERVICE DETECTION FOR A POLICY CONTROLLER OF A SOFTWARE-DEFINED WIDE AREA NETWORK (SD-WAN)
Granted: November 12, 2020
Application Number:
20200358743
Systems and methods for detecting Internet services by a network policy controller are provided. According to one embodiment, a network controller maintains an Internet service database (ISDB) in which multiple Internet services and corresponding protocols, port numbers, Internet Protocol (IP) address ranges and singularity levels of the IP ranges are stored. The network policy controller intercepts network traffic and detects the Internet service of the network traffic. If an IP address…
AUTOMATIC VIRTUAL PRIVATE NETWORK (VPN) ESTABLISHMENT
Granted: October 22, 2020
Application Number:
20200336464
Systems and methods for automatic VPN establishment are provided. According to one embodiment, a P1 message is received by a hub network device (ND) a remote device (RD) of a spoke. P1 specifies VPN connection attributes corresponding to a lowest ENC/AUTH suite supported by RD. A VPN tunnel entry is automatically created by ND based on the VPN connection attributes. A P2 message is transmitted by ND specifying ENC/AUTH attributes based on corresponding ENC/AUTH of the VPN connection…
DETECTION AND MITIGATION OF TIME-DELAY BASED NETWORK ATTACKS
Granted: October 15, 2020
Application Number:
20200329060
Systems and methods are described for mitigation of time-delay based network attacks that seek to avoid detection by email security solutions employing sandboxing. According to one embodiment, a potentially malicious link associated with a communication is received from a computer system by a sandbox device. A link evasion technique, in which a first file to which the potentially malicious link points to at a first time is replaced with a second file on or before a second time, is…
SCALABLE CLOUD SWITCH FOR INTEGRATION OF ON PREMISES NETWORKING INFRASTRUCTURE WITH NETWORKING SERVICES IN THE CLOUD
Granted: October 8, 2020
Application Number:
20200322181
Systems and methods are described for integration of networking infrastructure with network services running in a Virtual Private Cloud (VPC) of an enterprise network. According to one embodiment, a cloud switch implemented by cloud services provided by a cloud service provider, creates a logical cloud port to provide connectivity to one of multiple resources provided by the cloud service provider. The cloud switch creates a physical cloud port to provide connectivity to a physical,…
MITIGATION OF DDOS ATTACKS ON MOBILE NETWORKS
Granted: October 1, 2020
Application Number:
20200314655
Systems and methods for inspection of traffic between UE and the core network to mitigate DDoS attacks on mobile networks are provided. According to one embodiment, the method involves parsing SCTP packets and monitoring header anomalies to block anomalous packet floods. According to another embodiment, a memory table maintains requesting S1AP-IDs which have sent certain monitored commands and then blocking those which are sending these messages at abnormally high rates. According to yet…
DEVICE INTEGRATION FOR A NETWORK ACCESS CONTROL SERVER BASED ON DEVICE MAPPINGS AND TESTING VERIFICATION
Granted: October 1, 2020
Application Number:
20200314098
Systems and methods for facilitating self-service device integration for a NAC server is provided. According to one embodiment, a database is maintained by a NAC server. The database includes mappings of system object identifiers to corresponding implementation details of associated devices. A system object identifier of a device that is to be modeled within the NAC server based on implementation details of another device is received. A list of candidate devices is retrieved from the…
FILE ACCESS CONTROL BASED ON ANALYSIS OF USER BEHAVIOR PATTERNS
Granted: September 24, 2020
Application Number:
20200302074
Systems and methods for a machine-learning driven fine-grained file access control approach are provided. According to one embodiment, a server associated with an enterprise network can obtain and store information regarding historical user behavior of users of the enterprise network by observing file access requests initiated by the users. The server receives a file access request initiated by a user, which relates to a file stored within the enterprise network in encrypted form. In…
BREACHED WEBSITE DETECTION AND NOTIFICATION
Granted: September 24, 2020
Application Number:
20200304544
System and methods for a cloud-based approach to breached website detection and notification as a security service are provided. According to one embodiment, a network security device protecting a private network of an enterprise, intercepts information associated with an interaction with a website by a browser of a client device associated with the private network. The network security device, based on the information, proactively determines whether the website or a domain with which…
DETERMINATION OF A SECURITY RATING OF A NETWORK ELEMENT
Granted: September 24, 2020
Application Number:
20200304533
Systems and methods for a security rating framework that translates compliance requirements to corresponding desired technical configurations to facilitate generation of security ratings for network elements is provided. According to one embodiment, a host network element executes a collection of security checks on at least a first network element. The execution is performed by receiving configuration data of the first network element pertaining to each security check of the collection…
SECURING INTRA-VEHICLE COMMUNICATIONS VIA A CONTROLLER AREA NETWORK BUS SYSTEM BASED ON BEHAVIORAL STATISTICAL ANALYSIS
Granted: September 24, 2020
Application Number:
20200304467
Systems and methods for enforcement of secure data communications between nodes of a Controller Area Network (CAN) bus implemented in a vehicle are provided. According to one embodiment, a node coupled with the CAN bus receives a data frame broadcast from a source node and extracts information from the data frame. The node analyzes coherence between the extracted information and historical information observed by the node. When a result of the analyzing coherence indicates that the data…
