BREACHED WEBSITE DETECTION AND NOTIFICATION
Granted: September 24, 2020
Application Number:
20200304544
System and methods for a cloud-based approach to breached website detection and notification as a security service are provided. According to one embodiment, a network security device protecting a private network of an enterprise, intercepts information associated with an interaction with a website by a browser of a client device associated with the private network. The network security device, based on the information, proactively determines whether the website or a domain with which…
DETERMINATION OF A SECURITY RATING OF A NETWORK ELEMENT
Granted: September 24, 2020
Application Number:
20200304533
Systems and methods for a security rating framework that translates compliance requirements to corresponding desired technical configurations to facilitate generation of security ratings for network elements is provided. According to one embodiment, a host network element executes a collection of security checks on at least a first network element. The execution is performed by receiving configuration data of the first network element pertaining to each security check of the collection…
SECURING INTRA-VEHICLE COMMUNICATIONS VIA A CONTROLLER AREA NETWORK BUS SYSTEM BASED ON BEHAVIORAL STATISTICAL ANALYSIS
Granted: September 24, 2020
Application Number:
20200304467
Systems and methods for enforcement of secure data communications between nodes of a Controller Area Network (CAN) bus implemented in a vehicle are provided. According to one embodiment, a node coupled with the CAN bus receives a data frame broadcast from a source node and extracts information from the data frame. The node analyzes coherence between the extracted information and historical information observed by the node. When a result of the analyzing coherence indicates that the data…
FILE ACCESS CONTROL BASED ON ANALYSIS OF USER BEHAVIOR PATTERNS
Granted: September 24, 2020
Application Number:
20200302074
Systems and methods for a machine-learning driven fine-grained file access control approach are provided. According to one embodiment, a server associated with an enterprise network can obtain and store information regarding historical user behavior of users of the enterprise network by observing file access requests initiated by the users. The server receives a file access request initiated by a user, which relates to a file stored within the enterprise network in encrypted form. In…
ENDPOINT NETWORK TRAFFIC ANALYSIS
Granted: September 10, 2020
Application Number:
20200287920
Systems and methods for an agent-based approach that facilitates endpoint network traffic analysis are provided. According to an embodiment, an agent running on an endpoint device associated with an enterprise network collects network communication metadata from the endpoint device responsive to receiving callbacks from a kernel-level tracing facility implemented within an OS of the endpoint device and locally stores the collected network communication metadata. Further, the agent…
PROVIDING SECURE DATA-REPLICATION BETWEEN A MASTER NODE AND TENANT NODES OF A MULTI-TENANCY ARCHITECTURE
Granted: August 13, 2020
Application Number:
20200259847
Systems and methods for providing selective data-replication among nodes of a distributed multi-tenancy MSSP architecture for performing secure orchestration and automated response (SOAR) are provided. According to one embodiment a master SOAR node of an MSSP receives multiple messages via a secure router coupling a computing environment of the MSSP in communication with respective computing environments of multiple customers of the MSSP. The messages contain information regarding alerts…
BUILDING A COOPERATIVE SECURITY FABRIC OF HIERARCHICALLY INTERCONNECTED NETWORK SECURITY DEVICES
Granted: July 23, 2020
Application Number:
20200236144
Systems and methods for implementing a cooperative security fabric (CSF) protocol are provided. According to one embodiment, an NSD of multiple NSDs participates in the dynamic construction of a CSF interconnecting the NSDs in a form of a tree, having multiple nodes each representing one of the NSDs, based on hierarchical interconnections between the NSD and directly connected upstream and downstream NSDs. A communication channel is established by a backend daemon of the NSD with a…
PROTECTION AGAINST OBSOLETE FILE FORMATS
Granted: June 25, 2020
Application Number:
20200204570
Systems and methods are provided for mitigating obsolete file format based attacks. In one embodiment, a security device captures a file on a computer or to be transmitted to the computer. The security device checks the format of the file and determines whether the file format is obsolete. The security device takes an action on the file when the file format is determined to be obsolete.
VIRTUAL ROUTING AND FORWARDING (VRF)-AWARE SOCKET
Granted: June 25, 2020
Application Number:
20200204520
Systems and methods for a VRF-aware socket are provided. According to one embodiment, a user-space application of a network device, maintaining a virtual routing table for each of multiple VRF domains, creates a VRF-aware listening socket. The socket includes information regarding: (i) which of the virtual routing tables is to be used to look up routing or forwarding information for outgoing traffic; (ii) the VRF domain(s) from which the socket is able to receive incoming traffic; and/or…
OVER-THE-AIR (OTA) WI-FI OFFLOADING
Granted: June 18, 2020
Application Number:
20200196191
Systems and methods for OTA Wi-Fi offloading are provided. According to one embodiment, a first AP of a private network provides connectivity between one or more wireless client devices and a wired network portion of the private network. The first AP is coupled to a switch via a first wired link. The first AP determines whether the traffic being transmitted on the first wired link exceeds a configurable or predefined threshold. When the determination is affirmative, the first AP offloads…
ANALYZING USER BEHAVIOR PATTERNS TO DETECT COMPROMISED NODES IN AN ENTERPRISE NETWORK
Granted: June 18, 2020
Application Number:
20200195672
Systems and methods for analyzing user behavior patterns to detect compromised computing devices in an enterprise network are provided. According to one embodiment, an enforcement engine running on a network security device, identifies top users of a network exhibiting a suspicious behavior relating to login failures by determining a first set of users having a number of login failure events during a given time duration exceeding a threshold. The enforcement engine identifies from the…
DYNAMIC SERVICE-BASED LOAD BALANCING IN A SOFTWARE-DEFINED WIDE AREA NETWORK (SD-WAN)
Granted: June 18, 2020
Application Number:
20200195557
Systems and methods for dynamic service-based load balancing in an SD-WAN are provided. According to one embodiment, a routing protocol daemon of an SDN controller within a spoke network receives a dynamically assigned subnet and associated attributes for a client device newly registered with the hub network. The routing protocol daemon tags the subnet with a route tag using a route map based on the received attributes meeting network administrator-defined match criteria for…
MULTI-TIERED SANDBOX BASED NETWORK THREAT DETECTION
Granted: April 30, 2020
Application Number:
20200134177
Systems and methods for multi-tiered sandbox based network threat detection are provided. According to one embodiment, a file is received by a virtual sandbox appliance. The file is caused to exhibit a first set of behaviors by running the file within a virtualization application based environment of the virtual sandbox appliance. The virtualization application based environment acts as an intermediary between executable code, an operating system (OS) application programming interface…
LOGICAL NETWORK ABSTRACTION FOR NETWORK ACCESS CONTROL
Granted: April 2, 2020
Application Number:
20200106783
Systems and methods for NAC access policy creation and reconfiguration of access points to enforce same are provided. A NAC device maintains (i) an access point model that maps logical networks to a corresponding enforcement action implementation for each access point associated with a private network and (ii) access policies each specifying a current state of a particular endpoint device and an enforcement action, specified with reference to a logical network. Responsive to an event…
DEVICE INTEGRATION FOR A NETWORK ACCESS CONTROL SERVER BASED ON DEVICE MAPPINGS AND TESTING VERIFICATION
Granted: April 2, 2020
Application Number:
20200106773
Systems and methods for facilitating self-service device integration for a network access control (NAC) server are provided. An enforcement engine running on a NAC server initializes modeling of a network device by reading a system object identifier associated with the network device and queries a device information database for the system object identifier to determine whether a mapping for the system object identifier exists in the database. When a match of the system object identifier…
NATIVELY MOUNTING STORAGE FOR INSPECTION AND SANDBOXING IN THE CLOUD
Granted: March 19, 2020
Application Number:
20200089881
Systems and methods for continuously scanning and/or sandboxing files to protect users from accessing infected files by natively mounting public cloud file stores are provided. According to one embodiment, a determination is made by a network security device that is protecting the enterprise network regarding whether an untrusted file stored within a first repository of a public cloud file store, which is natively mounted on the network security device, is a clean file that is free of…
CONTROLLING BANDWIDTH USAGE BY MEDIA STREAMS BY LIMITING STREAMING OPTIONS PROVIDED TO CLIENT SYSTEMS
Granted: February 6, 2020
Application Number:
20200045351
Systems and methods for controlling network bandwidth utilization by media streaming services are provided. According to one embodiment, a data stream associated with streaming media content being requested from an external service provider by a client device associated with a private network is intercepted by a network manager associated with the private network. Streaming options made available for streaming the streaming media content are limited by the network manager by: (i)…
AUTOMATED FEATURE EXTRACTION AND ARTIFICIAL INTELLIGENCE (AI) BASED DETECTION AND CLASSIFICATION OF MALWARE
Granted: February 6, 2020
Application Number:
20200045063
Systems and methods for detection and classification of malware using an AI-based approach are provided. In one embodiment, a T-node maintains a sample library including benign and virus samples. A classification model is generated by training a classifier based on features extracted from the samples. The classification model is distributed to D-nodes for use as a local virus detection model. Responsive to detection of a virus by a D-node, the T-node receives a virus sample from the…
MALWARE IDENTIFICATION USING MULTIPLE ARTIFICIAL NEURAL NETWORKS
Granted: February 6, 2020
Application Number:
20200042701
Systems and methods for malware detection using multiple neural networks are provided. According to one embodiment, for each training sample, a supervised learning process is performed, including: (i) generating multiple code blocks of assembly language instructions by disassembling machine language instructions contained within the training sample; (ii) extracting dynamic features corresponding to each of the code blocks by executing each of the code blocks within a virtual environment;…
DNS-ENABLED COMMUNICATION BETWEEN HETEROGENEOUS DEVICES
Granted: January 16, 2020
Application Number:
20200021559
Methods and systems for an IPv4-IPv6 proxy mode for DNS servers are provided. According to one embodiment, a DNS query is received by a network device from a dual-stack client. A determination is made the network device whether a first record type containing an Internet Protocol (IP) address for a server associated with the query exists within a DNS database of the network device. If the first record type exists for the server, then communication is enabled between the client and the…
