NETWORK APPLIANCE HEALTH MONITOR
Granted: October 5, 2017
Application Number:
20170288955
Systems and methods for monitoring failures of network devices and identifying potential sources of the failures by a device health monitor are provided. A device monitor receives a usage log of a network device over a network connection and analyzes an abnormal usage of the network device from the usage log. The device health monitor further retrieves environment information of the network device and analyzes a defect of the environment information of the network device by associating…
SECURE, AUTOMATIC SECOND FACTOR USER AUTHENTICATION USING PUSH SERVICES
Granted: September 28, 2017
Application Number:
20170279795
A network-based multi-factor authentication approach is provided. A request to access a protected network resource and user credentials are received from a client by an application server hosting the resource. Attributes associated with the request are obtained. After determining the credentials are valid, the access attributes are provided to an authentication server. A first OTP is generated by the authentication server. The client is caused to seek confirmation from the user regarding…
AUTOMATED CREATION AND USE OF VPN CONFIGURATION PROFILES
Granted: September 28, 2017
Application Number:
20170279769
Systems and methods for automatically obtaining virtual private network (VPN) connection profile data from a barcode are provided. According to one embodiment, a client security application obtains a barcode, wherein the client security application is installed on a client machine and is used for managing the security of the client machine. The client security application identifies a configuration profile of a virtual private network (VPN) that is encoded by the barcode and creates the…
NETWORK SECURITY MANAGEMENT VIA SOCIAL MEDIA NETWORK
Granted: September 21, 2017
Application Number:
20170272468
Systems and methods for managing users' local security policies based on social media network information are provided. According to one embodiment, a network security appliance of a private network receives authentication request from a client machine and provides a social login interface of a social media network to the client machine. After a user of the client machine is authenticated by the social media network through a personal social media network account of the user, the network…
SYSTEM AND METHOD FOR SOFTWARE DEFINED BEHAVIORAL DDOS ATTACK MITIGATION
Granted: September 14, 2017
Application Number:
20170264646
Systems and methods for software defined behavioral DDoS attack mitigation are provided. According to one embodiment, a method is provided for controlling multiple distributed denial of service (DDoS) mitigation appliances. A DDoS attack mitigation central controller configures attack mitigation policies for the DDoS attack mitigation appliances. The DDoS attack mitigation policies are sent to the DDoS attack mitigation appliances through a network connecting the DDoS attack mitigation…
SYSTEM AND METHOD FOR SOFTWARE DEFINED BEHAVIORAL DDOS ATTACK MITIGATION
Granted: September 14, 2017
Application Number:
20170264638
Systems and methods for software defined behavioral DDoS attack mitigation are provided. According to one embodiment, a method is provided for mitigating DDoS attacks. A DDoS attack mitigation appliance of multiple mitigation appliances controlled by a DDoS attack mitigation central controller receives DDoS attack mitigation policies through a network connecting the controller and the mitigation appliance. A DDoS attack is mitigated by the mitigation appliance based on the received…
SYSTEM AND METHOD FOR DYNAMIC MANAGEMENT OF NETWORK DEVICE DATA
Granted: September 14, 2017
Application Number:
20170264509
A method and apparatus of a device that dynamically changes how management data is managed in response to events detected in a network system is described. In an exemplary embodiment, the device detects an event occurring in the network system. The device further determines if the event triggers a system change in how the management data is reported on one or more of the managed nodes. If the event notification does trigger the system change, for each of the one or more of the managed…
FILTERING HIDDEN DATA EMBEDDED IN MEDIA FILES
Granted: September 7, 2017
Application Number:
20170257347
Systems and methods for filtering unsafe content by a network security device are provided. According to one embodiment, a network security device captures network traffic and extracts a media file from the network traffic. The network security device then determines the presence of a hidden data item embedded in the media file in a machine-readable form. When such a hidden data item is identified, the network security device performs one or more actions on the media file based on a…
MANAGING TRANSMISSION AND STORAGE OF SENSITIVE DATA
Granted: September 7, 2017
Application Number:
20170257422
Systems and methods for injecting sensitive data into outgoing traffic on behalf of a user of a private network are provided. According to one embodiment, a network security appliance maintains a database of sensitive data. Secure submission of sensitive data of a user is facilitated by the security appliance in connection with interactions between a client and a server by: (i) intercepting outgoing traffic from the client to the server; (ii) determining whether the outgoing traffic…
SYSTEM AND METHOD FOR INTEGRATED HEADER, STATE, RATE AND CONTENT ANOMALY PREVENTION FOR SESSION INITIATION PROTOCOL
Granted: September 7, 2017
Application Number:
20170257348
Methods and systems for an integrated solution to the rate based denial of service attacks targeting the Session Initiation Protocol are provided. According to one embodiment, header, state, rate and content anomalies are prevented and network policy enforcement is provided for session initiation protocol (SIP). A hardware-based apparatus helps identify SIP rate-thresholds through continuous and adaptive learning. The apparatus can determine SIP header and SIP state anomalies and drop…
VIRTUALIZATION IN A MULTI-HOST ENVIRONMENT
Granted: September 7, 2017
Application Number:
20170255549
Methods and systems for implementing improved partitioning and virtualization in a multi-host environment are provided. According to one embodiment, multiple devices, including CPUs and peripherals, coupled with a system via an interconnect matrix/bus are associated with a shared memory logically partitioned into multiple domains. A first domain is associated with a first set of the devices and a second domain is associated with a second set of the devices. A single shared virtual map…
HIGH-AVAILABILITY CLUSTER ARCHITECTURE AND PROTOCOL
Granted: September 7, 2017
Application Number:
20170255532
Methods and systems are provided for an improved cluster-based network architecture. According to one embodiment, an active connection is established between a first interface of a network device and an enabled interface of a first cluster unit of a high availability (HA) cluster. The HA cluster is configured to provide connectivity between network devices of an internal and external network. A backup connection is established between a second interface of the network device and a…
SOCKET APPLICATION PROGRAM INTERFACE (API) FOR EFFICIENT DATA TRANSACTIONS
Granted: August 31, 2017
Application Number:
20170251052
Methods and systems for efficient data transactions between applications running on devices associated with the same host. According to one embodiment, a host system includes an HTTP proxy and an SSL/TLS proxy operatively coupled with each other. The SSL/TLS proxy may be configured to perform SSL negotiation with a client and the HTTP proxy may be configured to communicate with a web server in clear text. Data can be transferred directly between the proxies through a pair of connected…
METADATA INFORMATION BASED FILE PROCESSING
Granted: August 31, 2017
Application Number:
20170251001
Methods and systems for network level file processing based on metadata information retrieved from a file are provided. According to one embodiment, a file is received by a network security appliance. Metadata information is extracted from the file. The extracted metadata information is processed based on one or more defined rules. An action is taken on one or more of the file or a sender of the file based on an outcome of the processing.
CENTRALIZED MANAGEMENT OF ACCESS POINTS
Granted: August 17, 2017
Application Number:
20170237617
Systems and methods are provided for centralized access, control, and management of APs. According to one embodiment, multiple APs of a private IP network are decoupled from potentially transient IP addresses by assigning a unique identifier to each of the multiple APs by an AC. An AC GUI is presented by the AC to an administrator through which (i) commands are provided by the administrator and (ii) the administrator is provided with access to a first AP of the multiple APs responsive to…
COMPUTERIZED SYSTEM AND METHOD FOR DEPLOYMENT OF MANAGEMENT TUNNELS
Granted: July 13, 2017
Application Number:
20170201488
Methods and systems for deploying management tunnels between managed and managing devices are provided. According to one embodiment, the use of PKI-authenticated serial numbers within network devices manufactured by a particular manufacturer enables one-step provisioning of one or more managed devices. A managed device is provisioned with the serial number of a management device manufactured by the particular manufacturer. When the managed device is installed within a network, the…
EFFICIENT DATA TRANSFER IN A VIRUS CO-PROCESSING SYSTEM
Granted: July 6, 2017
Application Number:
20170193231
Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a processor maintains a page directory and a page table within a system memory for use in connection with translating virtual addresses to physical addresses. Content scanning of a content object is offloaded to a hardware accelerator coupled to the processor by storing content scanning parameters, including the content object and a type of the content object, to…
PACKET ROUTING USING A SOFTWARE-DEFINED NETWORKING (SDN) SWITCH
Granted: July 6, 2017
Application Number:
20170195255
Systems and methods for an SDN switch that facilitates forwarding/differential routing decision determination are provided. A packet is received at an input port of the SDN switch. The switch includes a first and second set of flow processing units (FPUs). The packet is forwarded to a first FPU of the first set. Based on a flow table associated with the first FPU, it is determined whether the packet is to be forwarded to a network device or an output port. The packet is received from the…
APPLICATION BASED CONDITIONAL FORWARDING AND LOAD BALANCING IN A SOFTWARE DEFINED NETWORKING (SDN) ARCHITECTURE
Granted: July 6, 2017
Application Number:
20170195254
Systems and methods for an SDN switch that provides application-based conditional forwarding and session-aware load balancing are provided. According to one embodiment, a packet is received at an input port of a Software Defined Networking (SDN) switch. The packet is forwarded by the SDN switch to a first flow processing unit (FPU) of multiple FPUs of the SDN switch. The first FPU determines whether the packet is to be tracked. And, if so, the received packet is transmitted to a second…
FLEXIBLE PIPELINE ARCHITECTURE FOR MULTI-TABLE FLOW PROCESSING
Granted: July 6, 2017
Application Number:
20170195253
Methods and systems for implementing scalable SDN devices having a flexible data path pipeline having multiple flow tables and a hybrid memory approach are provided. According to one embodiment, an SDN switch performs a method of storing a flow table within a memory device most suitable for the type of rules contained within the flow table. A flow table for use in connection with determining how to process a packet received by the SDN switch is received by the SDN switch. The flow table…
