LOGGING ATTACK CONTEXT DATA
Granted: July 6, 2017
Application Number:
20170195355
Methods and systems for improved attack context data logging are provided. According to one embodiment, prior to a logging event being triggered (i) it is determined by a network security device whether a received packet is potentially associated with a threat or undesired activity by analyzing the packet; (ii) when the determination is negative, the packet is stored within a circular buffer; and (iii) when the determination is affirmative, (a) the logging event is triggered, (b)…
DETECTING MALICIOUS RESOURCES IN A NETWORK BASED UPON ACTIVE CLIENT REPUTATION MONITORING
Granted: July 6, 2017
Application Number:
20170195351
Systems and methods for detecting malicious resources by analyzing communication between multiple resources coupled to a network are provided. According to one embodiment, a method of client reputation monitoring is provided. A monitoring unit executing on a network security device operable to protect a private network observes activities relating to multiple monitored devices within the private network. For each of the observed activities, a score is assigned by the monitoring unit…
SEQUENTIALLY SERVING NETWORK SECURITY DEVICES USING A SOFTWARE DEFINED NETWORKING (SDN) SWITCH
Granted: July 6, 2017
Application Number:
20170195292
Systems and methods for an SDN switch that provides service group chaining for sequentially serving multiple network security devices are provided. According to one embodiment, a packet received by the switch is processed by a first FPU based on a first set of rules and forwarded conditionally to a first security device. The packet is security processed, including dropping it or forwarding it to an egress port or forwarding it to a second FPU. When forwarded to the second FPU, the packet…
TUNNEL INTERFACE FOR SECURING TRAFFIC OVER A NETWORK
Granted: July 6, 2017
Application Number:
20170195289
Methods and systems for a flexible, scalable hardware and software platform that allows a managed security service provider to easily provide security services to multiple customers are provided. According to one embodiment, a method is provided for delivering customized network services to subscribers of the service provider. A request is received, at a service management system (SMS) of the service provider, to establish an Internet Protocol (IP) connection between a first and second…
CARDINALITY BASED PACKET PROCESSING IN SOFTWARE-DEFINED NETWORKING (SDN) SWITCHES
Granted: July 6, 2017
Application Number:
20170195257
Systems and methods for scalable SDN devices having ports/network interfaces mapped to cardinal flow processing (CFP) units are provided. According to one embodiment, an incoming packet is received, at a software-defined networking (SDN) switch. An ingress port on which the incoming packet was received is determined. A cardinal direction to which the ingress port is mapped is determined. Based on the determined cardinal direction, the SDN switch identifies a cardinal flow processing…
PACKET ROUTING USING A SOFTWARE-DEFINED NETWORKING (SDN) SWITCH
Granted: July 6, 2017
Application Number:
20170195255
Systems and methods for an SDN switch that facilitates forwarding/differential routing decision determination are provided. A packet is received at an input port of the SDN switch. The switch includes a first and second set of flow processing units (FPUs). The packet is forwarded to a first FPU of the first set. Based on a flow table associated with the first FPU, it is determined whether the packet is to be forwarded to a network device or an output port. The packet is received from the…
FILTERING HIDDEN DATA EMBEDDED IN MEDIA FILES
Granted: June 29, 2017
Application Number:
20170187683
Systems and methods for filtering unsafe content by a network security device are provided. According to one embodiment, a network security device captures network traffic and extracts a media file from the network traffic. The network security device then determines the presence of a hidden data item embedded in the media file in a machine-readable form. When such a hidden data item is identified, the network security device performs one or more actions on the media file based on a…
SECURITY CONFIGURATION FILE CONVERSION WITH SECURITY POLICY OPTIMIZATION
Granted: June 29, 2017
Application Number:
20170187750
Systems and methods for converting a configuration file from a first language into a second language with policy optimization and auditing are provided. According to one embodiment, a network appliance configuration converter parses network security policies of an input configuration file of a first network appliance to intermediate representations. The network security policies of the input configuration file are in a first language and the intermediate representations are general data…
RATING OF SIGNATURE PATTERNS FOR PATTERN MATCHING
Granted: June 29, 2017
Application Number:
20170187735
Systems and methods for rating of signature patterns are provided. According to one embodiment, a frequency of occurrence is determined by a network security system of each of multiple patterns within a pattern database containing a set of candidate patterns from which a set of patterns or sub-patterns thereof will be selected for inclusion within a pre-match list. For each pattern, the network security device determines whether a length of the pattern exceeds a pre-defined length; and,…
DETECTION OF UNDESIRED COMPUTER FILES USING DIGITAL CERTIFICATES
Granted: June 29, 2017
Application Number:
20170187684
Methods and systems for detecting undesirable computer files based on scanning and analysis of information contained within an associated digital certificate chain are provided. According to one embodiment, a file having associated therewith a certificate chain is received. A type and structure of the file are identified. A location of the certificate chain is determined based on the identified type and structure. A signature of the file is formed by extracting a targeted subset of…
PATTERN MATCHING FOR DATA LEAK PREVENTION
Granted: June 29, 2017
Application Number:
20170185799
Systems and methods for preprocessing data to facilitate DLP pattern matching are provided. An input string is received by a Data Leak Prevention (DLP) system. The input string is converted by the DLP system into a fixed string pattern. The conversion is performed based on multiple class definitions, including a digit class, a letter class and a symbol class. A determination is then made by the DLP system regarding whether the input string contains potential sensitive data to which a…
POLICY-BASED CONFIGURATION OF INTERNET PROTOCOL SECURITY FOR A VIRTUAL PRIVATE NETWORK
Granted: June 22, 2017
Application Number:
20170180428
A method for performing policy-based configuration of IPSec for a VPN is provided. According to one embodiment, a request for a VPN connection to be established between a network device and a peer network device is received by the network device from the peer network device. Responsive to receipt of the request, the VPN connection is established by the network device in accordance with a policy associated with the request without requiring manual entry of VPN settings by a network…
TWO-STAGE HASH BASED LOGIC FOR APPLICATION LAYER DISTRIBUTED DENIAL OF SERVICE (DDoS) ATTACK ATTRIBUTION
Granted: June 22, 2017
Application Number:
20170180415
Methods and systems for a two-stage attribution of application layer DDoS attack are provided. In a first table just a hash index is maintained whereas the second stage table keeps the string parameter corresponding to the application layer attribute under attack. A linked list maintains a plurality of rows if there is hash collision in the first table. The second table is aged out and reported periodically with details of large strings.
SYSTEM AND METHOD FOR SECURING VIRTUALIZED NETWORKS
Granted: June 22, 2017
Application Number:
20170180323
Systems and methods for securing a dynamic virtualized network are provided. According to one embodiment, a network policy of a dynamic virtualized network is received by an SDN controller of the dynamic virtualized network. The network policy includes network policy elements which each identify (i) an authorized endpoint, (ii) a network access device, and (iii) a port of the network access device with which the authorized endpoint is associated. A security policy for the dynamic…
NETWORK INTERFACE CARD RATE LIMITING
Granted: June 22, 2017
Application Number:
20170180315
Systems and methods for limiting the rate of packet transmission from a NIC to a host CPU are provided. According to one embodiment, data packets are received from a network by the NIC. The NIC is coupled to a host central processing unit (CPU) of a network security device through a bus. A status of the host CPU is monitored by the NIC. A rate limiting mode indicator is set by the NIC based on the status. When the rate limiting mode indicator indicates rate limiting is inactive, then the…
MOBILE HOTSPOT MANAGED BY ACCESS CONTROLLER
Granted: June 8, 2017
Application Number:
20170163601
Systems and methods are described for a mobile hotspot that can be managed by an access controller. According to an embodiment, a WAN connection is established by a mobile hotspot through a telecommunication data network via a wireless WAN module. When in a first mode, the mobile hotspot: (i) sets up a secure tunnel through the WAN connection with an AC of the enterprise that manages APs of a wireless network of an enterprise; (ii) broadcasts an SSID that is also broadcast by the APs;…
SECURITY THREAT DETECTION
Granted: June 8, 2017
Application Number:
20170163674
Systems and methods for retrospective scanning of network traffic logs for missed threats using updated scan engines are provided. According to an embodiment, a network security device maintains a network traffic log that includes information associated with network activities observed within a private network. Responsive to an event, the network traffic log is retrospectively scanned in an attempt to identify a threat that was missed by a previous signature-based scan or a previous…
PRESENTATION OF THREAT HISTORY ASSOCIATED WITH NETWORK ACTIVITY
Granted: June 8, 2017
Application Number:
20170163673
Methods and systems for extracting, processing, displaying, and analyzing events that are associated with one or more threats are provided. According to one embodiment, threat information, including information from one or more of firewall logs and historical threat logs, is maintained in a database. Information regarding threat filtering parameters is received. Information regarding threats matching the threat filtering parameters are extracted from the database and is presented in a…
DIRECT CACHE ACCESS FOR NETWORK INPUT/OUTPUT DEVICES
Granted: June 8, 2017
Application Number:
20170163662
Methods and systems for improving efficiency of direct cache access (DCA) are provided. According to one embodiment, a set of DCA control settings are defined by a network interface controller (NIC) of a network security device for each of multiple I/O device queues. The control settings specify portions of network packets that are to be copied to a cache of the corresponding CPU. A packet is received by the NIC. The packet is parsed to identify boundaries of portions of the packet and…
FIREWALL POLICY MANAGEMENT
Granted: June 8, 2017
Application Number:
20170163606
Methods and systems are provided for creation and implementation of firewall policies. According to one embodiment, a firewall maintains a log of observed network traffic flows. An administrator may request the firewall to generate a customized report based on the logged network traffic by extracting information from the log based on specified report parameters. The report includes aggregated network traffic items and one or more corresponding action objects. Responsive to receipt of a…
