ENHANCED COMMAND LINE INTERFACE AUTO-COMPLETION
Granted: December 19, 2019
Application Number:
20190384415
Systems and methods for improved command line interface (CLI) auto-completion are provided. According to one embodiment, a command auto-complete assistant running on a network security device receives input text entered by a user via a command line interface (CLI) console associated with the network security device. A list of auto-complete suggestions is determined by the command auto-complete assistant by matching the input text with multiple commands of a command set based on a…
PREVENTING USERS FROM ACCESSING INFECTED FILES BY USING MULTIPLE FILE STORAGE REPOSITORIES AND A SECURE DATA TRANSFER AGENT LOGICALLY INTERPOSED THEREBETWEEN
Granted: November 28, 2019
Application Number:
20190362075
Systems and methods are provided for ensuring files that are newly introduced to a network or a defined portion thereof are first subjected to desired security checks, by a sandbox appliance, for example, while residing in a segregated data storage area before they are made available for access by copying only known good files to a sanitized storage area that is accessible to users. According to one embodiment, a determination is made by a network security device associated with the…
DETECTING EMAIL SENDER IMPERSONATION
Granted: October 3, 2019
Application Number:
20190306192
Systems and methods for detecting email messages in which the sender is attempting to impersonate an email user of the target domain are provided. According to one embodiment, an email is received by a network security device protecting a private network. A value of at least one header field of the received email is parsed to extract a display name and an email address. A determination is made regarding whether the received email is associated with an external domain. When it is…
ACCELERATING COMPUTER NETWORK POLICY SEARCH
Granted: October 3, 2019
Application Number:
20190306118
Systems and methods for accelerating computer network policy searching are provided. According to one embodiment, a packet is received by a policy search engine (PSE) of a packet processing device. A set of candidate policies are identified from among multiple policies of the packet processing device by screening the multiple policies by a speculation unit of the PSE based on metadata associated with the received packet. Finally, a matching policy for the received packet is identified by…
AUTOMATED LEARNING OF EXTERNALLY DEFINED NETWORK ASSETS BY A NETWORK SECURITY DEVICE
Granted: September 26, 2019
Application Number:
20190297055
Systems and methods for automated learning of externally defined network assets by a network security device are provided. According to one embodiment, updated information for a network asset associated with a private network is received by a network security device from an external asset management device associated with the private network. The updated information includes a change in a definition or an attribute of the network asset. The existence of a current definition and attribute…
MITIGATING EFFECTS OF FLOODING ATTACKS ON A FORWARDING DATABASE
Granted: September 19, 2019
Application Number:
20190289033
Systems and methods for mitigating effects of source-MAC flooding attacks on a forwarding database (FDB) that maps MAC addresses to EMACVLAN sub-interfaces of a physical Ethernet interface are provided. A VDOM operating in transparent mode receives an ingress packet an internal switch running on the virtualized network device via the sub-interface. When an entry, having a MAC address corresponding to a source MAC address of the ingress packet, does not exist in FDB: an entry containing…
MITIGATION OF NTP AMPLIFICATION AND REFLECTION BASED DDOS ATTACKS
Granted: September 19, 2019
Application Number:
20190289032
Systems and methods for mitigating DDoS attacks utilizing NTP are provided. According to one embodiment, a tracking table is maintained by a network security device protecting a private network. The tracking table contains information regarding NTP requests originated by clients of the private network and observed by the network security device. An NTP request sent from a client to an NTP server external to the private network is intercepted by the network security device. An NTP request…
CONFIGURATION OF SUB-INTERFACES TO ENABLE COMMUNICATION WITH EXTERNAL NETWORK DEVICES
Granted: September 19, 2019
Application Number:
20190288980
Systems and methods for facilitating communication between applications associated with virtual domains (VDOMs) of a virtualized network device and an external network are provided. According to one embodiment, a sub-interface is created for a physical Ethernet interface of the network device. A unique MAC address is assigned to the sub-interface. An application associated with a first VDOM is bound to the sub-interface. When the first VDOM is operating in transparent mode and an egress…
SYNCHRONIZING A FORWARDING DATABASE WITHIN A HIGH-AVAILABILITY CLUSTER
Granted: September 19, 2019
Application Number:
20190286737
Systems and methods for synchronizing an EMACVLAN FDB among cluster units of an HA cluster are provided. According to one embodiment, real-time synchronization of a first FDB maintained within a kernel space of a first network security operating system running on a primary unit and a second FDB maintained within a kernel space of a second network security operating system running on a secondary unit is performed by: transferring information regarding an entry from the kernel space of the…
EVALUATING TRUSTWORTHINESS OF DATA TRANSMITTED VIA UNENCRYPTED WIRELESS MOBILE COMMUNICATIONS
Granted: August 22, 2019
Application Number:
20190261171
Systems and methods for making local decisions regarding the trustworthiness of V2V communications are provided. According to one embodiment, a vehicle information packet is received by a vehicle connectivity subsystem of a connected car and is indicative of an attribute of a source from which the packet was received. The source purportedly represents a neighboring vehicle in proximity to the connected car. A trustworthiness value for the packet is determined based on the source and…
DERIVING TEST PROFILES BASED ON SECURITY AND NETWORK TELEMETRY INFORMATION EXTRACTED FROM THE TARGET NETWORK ENVIRONMENT
Granted: August 22, 2019
Application Number:
20190260663
Systems and methods for deriving test profiles for validating network devices based on security and network telemetry information extracted from the target network environment is provided. According to one embodiment, security and network telemetry information are extracted by a test generator during a monitoring period from one or more network devices running within a target network environment. Performance related parameters and data associated with the performance related parameters…
GENERATING RECOMMENDATIONS FOR ACHIEVING OPTIMAL CELLULAR CONNECTIVITY BASED ON CONNECTIVITY DETAILS AND CURRENT AND PREDICTED FUTURE EVENTS
Granted: June 27, 2019
Application Number:
20190200244
Machine learning and data analytics based systems and methods for generating recommendations for achieving optimal cellular connectivity based on connectivity details and current and predicted future events are provided. According to one embodiment, a carrier connection status based recommendation system, receives data pertaining to past, current, and predicted connection/performance data of various wireless carriers that it can recommend for a network, real-time user reports, external…
TRANSFERING SOFT TOKENS FROM ONE MOBILE DEVICE TO ANOTHER
Granted: June 27, 2019
Application Number:
20190200218
Systems and methods for securely transferring tokens from one device to another are provided. According to one embodiment, a token transfer request (TTR), requesting transfer of a soft token stored on a first mobile device to a second mobile device, is received by a provisioning server from the first device. A transfer activation code (TAC) is generated by the provisioning server responsive to receipt of token data associated with the soft token from the first device. The token data…
WIRELESS MULTI-FACTOR AUTHENTICATION BASED ON PROXIMITY OF A REGISTERED MOBILE DEVICE TO A PROTECTED COMPUTING DEVICE AT ISSUE
Granted: June 20, 2019
Application Number:
20190188368
Systems and methods for a passive wireless multi-factor authentication approach are provided. According to one embodiment, a user authentication request is received by a first computing device connected to a private network. The user authentication request is sent by an endpoint protection suite running on the first computing device to an authentication device associated with the private network. A proximity of a second computing device, which was previously registered with the…
LIGHTWEIGHT ANTI-RANSOMWARE SYSTEM
Granted: May 23, 2019
Application Number:
20190158512
Systems and methods for detecting ransomware are provided. According to one embodiment, a computer device intercepts an operation on a file by an application and determines whether the application is ransomware based on one or more factors. The computer device mitigates the operation to the file when the application is deemed to be ransomware.
ETHERNET KEY
Granted: March 28, 2019
Application Number:
20190097991
A Compact computing device with peer-to-peer communication through an Ethernet interface is provided. According to one embodiment, a compact computing device includes an Ethernet interface, an Ethernet discovery agent, a memory and a micro-controller. The Ethernet interface is capable of connecting to a host though an Ethernet link. One side wall of the compact shielding case accommodates only the Ethernet interface. The Ethernet discovery agent is capable of discovering the host to…
USER AUTHENTICATION VIA A COMBINATION OF A FINGERPRINT AND A TACTILE PATTERN
Granted: March 28, 2019
Application Number:
20190095735
Systems and methods for authenticating a user by a combination of the user's fingerprint and a tactile pattern are provided. According to one embodiment, a computing device captures a tactile pattern that is drawn by a user's finger on a touch panel that is operationally connected to the computing device. The computing device captures one or more fingerprints of the user using a fingerprint reader component of the computing device at one or more locations on the touch panel while the…
AUTOMATED AUDITING OF NETWORK SECURITY POLICIES
Granted: March 21, 2019
Application Number:
20190089740
Systems and methods for automated testing of network security controls are provided. According to one embodiment, information regarding multiple desired security controls for a protected network are received by a network device. Network traffic configured to validate an extent of conformance by the protected network with the desired security controls is generated by the network device. The generated network traffic is transmitted by the network device onto the protected network. An…
LINK AGGREGATION AND DYNAMIC DISTRIBUTION OF NETWORK TRAFFIC IN A SWITCHING CLOS NETWORK
Granted: February 28, 2019
Application Number:
20190068485
Systems and methods are described for link aggregation and dynamic distribution of network traffic in a switching Clos network. In one embodiment of the present invention, a spine switch of a Clos network learns a first mapping of a Media Access Control (MAC) address of a client device to a first port of the spine switch and a second mapping of the MAC of the client device to a second port of the spine switch. The spine switch aggregates the first mapping and the second mapping as a link…
COMBINATION WIRELESS ACCESS POINT AND EMERGENCY ASSISTANCE DEVICE
Granted: February 21, 2019
Application Number:
20190059130
A combination device that provides both emergency assistance functionality and wireless AP functionality is provided. The combination device includes an emergency assistance unit, a wireless access point unit and a local area network (LAN) port that is capable of connecting to a computer network. A housing of the combination device encloses the emergency assistance unit, the wireless access point unit and the LAN port.
