CLASSIFICATION OF TOP-LEVEL DOMAIN (TLD) WEBSITES BASED ON A KNOWN WEBSITE CLASSIFICATION
Granted: January 4, 2018
Application Number:
20180007090
Systems and methods for classification of web sites and/or their corresponding URLs based on a known web site classification are provided. According to one embodiment, a website URL is received that is known to be associated with a particular content classification. A list of candidate domain names including a host name of the website URL is generated based on a defined TLD list. For each of the candidate domain names it is determined whether an IP address of the candidate domain name is…
DETECTION OF UNDESIRED COMPUTER FILES USING DIGITAL CERTIFICATES
Granted: January 4, 2018
Application Number:
20180007006
Methods and systems for detecting undesirable computer files based on scanning and analysis of information contained within an associated digital certificate chain are provided. According to one embodiment, a file having associated therewith a certificate chain is received. A type and structure of the file are identified. A location of the certificate chain is determined based on the identified type and structure. A signature of the file is formed by extracting a targeted subset of…
DUAL-MODE PROCESSING OF CRYPTOGRAPHIC OPERATIONS
Granted: January 4, 2018
Application Number:
20180006806
Systems and methods for dual mode hardware acceleration for cryptographic operations are provided. According to one embodiment, data upon which a cryptographic operation is to be performed is receive by a computer system that includes a host CPU and a cryptographic hardware accelerator. The data is divided into multiple blocks. Performance of the operation on a first block is offloaded to the hardware accelerator. For each remaining block: (i) the CPU requests state information of the…
OPERATION OF A DUAL INSTRUCTION PIPE VIRUS CO-PROCESSOR
Granted: January 4, 2018
Application Number:
20180004945
Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a method for performing content scanning of content objects is provided. A content object that is to be scanned is stored by a general purpose processor to a system memory of the general purpose processor. Content scanning parameters associated with the content object are set up by the general purpose processor. Instructions from a signature memory of a…
DENIAL-OF-SERVICE (DOS) MITIGATION APPROACH BASED ON CONNECTION CHARACTERISTICS
Granted: December 28, 2017
Application Number:
20170374098
Systems and methods for an improved DDoS mitigation approach are provided. According to one embodiment, a current threshold for a network connection characteristic is established within a Denial-of-Service (DoS) mitigation device logically interposed between a protected resource of a private network and multiple client devices residing external to the private network. A number of connections between the client devices and the protected network resource are tracked. During a period of…
DENIAL-OF-SERVICE (DOS) MITIGATION BASED ON HEALTH OF PROTECTED NETWORK DEVICE
Granted: December 28, 2017
Application Number:
20170374097
Systems and methods for improving the performance of DoS mitigation by monitoring the health of a protected network resource are provided. According to one embodiment, health of a network device protected by DoS mitigation device can be evaluated and packet/traffic received on the DoS mitigation device can be selectively/conditionally forwarded to the protected network device or can be dropped based on the health of the protected network device. According to one embodiment, at-least a…
EXAMINING AND CONTROLLING IPv6 EXTENSION HEADERS
Granted: December 28, 2017
Application Number:
20170374031
Methods and systems for selectively blocking, allowing and/or reformatting IPv6 headers by traversing devices are provided. According to one embodiment, reputation information regarding observed senders of Internet Protocol (IP) version 6 (IPv6) packets and packet fragments is maintained by a traversing device based on conformity or nonconformity of extension headers contained within the IPv6 packets with respect to a set of security checks performed by the traversing device. When an…
INTERNET PROTOCOL SECURITY (IPSEC) INTERFACE CONFIGURATION AND MANAGEMENT
Granted: December 28, 2017
Application Number:
20170374025
Systems and methods for bundling multiple IPsec dialup tunnels into a single IPsec interface are provided. According to one embodiment, an Internet Protocol security (IPsec) interface is configured between a first network device and a second network device, by the first network device and the IPsec interface is associated with a static Internet Protocol (IP) address. A first tunnel associated with the IPsec interface is created for a first client device based on a first client request…
MANAGEMENT OF CELLULAR DATA USAGE DURING DENIAL OF SERVICE (DOS) ATTACKS
Granted: December 21, 2017
Application Number:
20170366575
Systems and methods for managing data usage of a cellular modem during DoS/DDoS attacks are provided. According to one embodiment, a network security device of a private network detects a DoS attack in network traffic going through the network security device and determines whether the DoS attack is being transmitted through a cellular modem of a cellular data network. The network security device reduces data usage of the cellular modem when the DoS attack is detected and the DoS attack…
INTELLIGENT TELEPHONE CALL ROUTING
Granted: December 21, 2017
Application Number:
20170366664
Systems and methods for intelligently routing an incoming telephone call to an internal extension based on the calling history are provided. According to one embodiment, a session log, containing information regarding sessions between internal extension numbers and external telephone numbers, is maintained by a call monitor of a telephone system. The internal extension numbers are associated with telephone extensions within the telephone system and the external telephone numbers are…
DATA LEAK PROTECTION IN UPPER LAYER PROTOCOLS
Granted: December 21, 2017
Application Number:
20170366507
Methods and systems for Data Leak Prevention (DLP) in a private network are provided. According to one embodiment, a packet is received by a network security device. An upper layer protocol associated with the packet is identified. It is determined whether the identified upper layer protocol is one of multiple candidate upper layer protocols having a potential to carry sensitive information with reference to a database identifying the candidate upper layer protocols, corresponding…
POLICY-BASED CONTENT FILTERING
Granted: November 23, 2017
Application Number:
20170339107
Methods and systems for processing application-level content of network service protocols are described. According to one embodiment, a firewall maintains multiple configuration schemes, each defining a set of administrator-configurable content filtering process settings. The firewall also maintains a security policy database including multiple firewall security policies. At least one of the firewall security policies includes an associated configuration scheme and an action to take with…
DIRECT CACHE ACCESS FOR NETWORK INPUT/OUTPUT DEVICES
Granted: November 2, 2017
Application Number:
20170318031
Methods and systems for improving efficiency of direct cache access (DCA) are provided. According to one embodiment, a set of DCA control settings are defined by a network interface controller (NIC) of a network security device for each of multiple I/O device queues. The control settings specify portions of network packets that are to be copied to a cache of the corresponding CPU. A packet is received by the NIC. The packet is parsed to identify boundaries of portions of the packet and…
FACILITATING CONTENT ACCESSIBILITY VIA DIFFERENT COMMUNICATION FORMATS
Granted: October 26, 2017
Application Number:
20170310779
Methods and systems for facilitating content accessibility via different communication formats are provided. According to one embodiment, information indicative of one or more communication formats via which a client device is capable of communication is stored on a client device by (i) sending the client device a web page having embedded therein test content associated with a first protocol stack and/or a second protocol stack; and (ii) based on a response to the test content received…
MOBILE HOTSPOT MANAGED BY ACCESS CONTROLLER
Granted: October 26, 2017
Application Number:
20170310640
Systems and methods are described for a mobile hotspot that can be managed by an access controller. According to an embodiment, a WAN connection is established by a mobile hotspot through a telecommunication data network via a wireless WAN module. When in a first mode, the mobile hotspot: (i) sets up a secure tunnel through the WAN connection with an AC of the enterprise that manages APs of a wireless network of an enterprise; (ii) broadcasts an SSID that is also broadcast by the APs;…
COMPUTERIZED SYSTEM AND METHOD FOR ADVANCED NETWORK CONTENT PROCESSING
Granted: October 19, 2017
Application Number:
20170302705
A computerized system and method for processing network content in accordance with at least one content processing rule is provided. According to one embodiment, the network content is received at a first interface. A transmission protocol according to which the received network content is formatted is identified and used to intercept at least a portion of the received network content. The intercepted portion of the network content is redirected to a proxy, which buffers the redirected…
SCALABLE INLINE BEHAVIORAL DDOS ATTACK MITIGATION
Granted: October 19, 2017
Application Number:
20170302698
Methods and systems for a scalable solution to behavioral Distributed Denial of Service (DDoS) attacks targeting a network are provided. According to one embodiment, a method to determine the scaling treatment is provided for various granular layer parameters of the Open System Interconnection (OSI) model for communication systems. A hardware-based apparatus helps identify packet rates and determine packet rate thresholds through continuous and adaptive learning with multiple DDoS attack…
DIRECTING CLIENTS BASED ON COMMUNICATION FORMAT
Granted: October 19, 2017
Application Number:
20170302622
Methods and systems for redirecting client requests are provided. According to one embodiment, a system includes a processor and a memory coupled to the processor and configured to provide the processor with instructions. A request is received from a client capable of communicating via multiple supported communication formats. The request is capable of being serviced by multiple servers each of which are configured to communicate via a different communication format. A server is selected…
NETWORK APPLIANCE HEALTH MONITOR
Granted: October 5, 2017
Application Number:
20170288955
Systems and methods for monitoring failures of network devices and identifying potential sources of the failures by a device health monitor are provided. A device monitor receives a usage log of a network device over a network connection and analyzes an abnormal usage of the network device from the usage log. The device health monitor further retrieves environment information of the network device and analyzes a defect of the environment information of the network device by associating…
SANDBOXING PROTECTION FOR ENDPOINTS
Granted: October 5, 2017
Application Number:
20170289179
Methods and systems for integrating a sandboxing service and distributed threat intelligence within an endpoint security application are provided. According to one embodiment, The method includes file system or operating system activity relating to a file accessible to an endpoint system is monitored by an endpoint security application running on the endpoint system. The endpoint security application determines whether the file has been previously analyzed for a threat status. When a…
