HTTP PROXY
Granted: June 8, 2017
Application Number:
20170163758
Systems and methods for translating between an older version of HTTP and a newer version of HTTP are provided. According to an embodiment, a first request message, compliant with the newer version and directed to a server that supports the older version but does not support the newer version, is received by the proxy from a client that supports the newer version. A second request message, compliant with the older version, is created by the proxy by translating the first request message.…
ASSOCIATING POSITION INFORMATION COLLECTED BY A MOBILE DEVICE WITH AMANAGED NETWORK APPLIANCE
Granted: May 25, 2017
Application Number:
20170150322
Systems and methods for obtaining and managing network appliance position information are provided. According to one embodiment, a network appliance controller establishes a network connection with a mobile device. The network appliance controller receives via the network connection from the mobile device identification information associated with a network appliance and position information. The network appliance controller associates the identification information with the position…
SYSTEM AND METHOD FOR SOFTWARE DEFINED BEHAVIORAL DDOS ATTACK MITIGATION
Granted: May 25, 2017
Application Number:
20170149822
Systems and methods for software defined behavioral DDoS attack mitigation are provided. According to one embodiment, a method is provided for mitigating DDoS attacks. A DDoS attack mitigation appliance of multiple mitigation appliances controlled by a DDoS attack mitigation central controller receives DDoS attack mitigation policies through a network connecting the controller and the mitigation appliance. A DDoS attack is mitigated by the mitigation appliance based on the received…
APPLICATION CONTROL
Granted: May 11, 2017
Application Number:
20170134257
Systems and methods for controlling applications on a network are provided. According to one embodiment, a network security device detects a suspect application protocol used in connection with network traffic exchanged between a source peer and a destination peer. The network security device sends a probing request to the destination peer based on the suspect application protocol. The suspect application protocol is confirmed when a response is received from the destination peer in…
CALCULATING CONSECUTIVE MATCHES USING PARALLEL COMPUTING
Granted: May 4, 2017
Application Number:
20170126713
Methods and systems for determining consecutive matches are provided. According to one embodiment, a class definition and a data stream are received by a network security device. The data stream is partitioned into multiple data blocks each containing N data segments. Each data block is processed in parallel to compute: (i) a value (F) indicating whether every data segment value meets the class definition; (ii) a value (L) indicating a number of consecutive data segment values meeting…
SYSTEM AND METHOD FOR SOFTWARE DEFINED BEHAVIORAL DDOS ATTACK MITIGATION
Granted: April 20, 2017
Application Number:
20170111397
Systems and methods for software defined behavioral DDoS attack mitigation are provided. According to one embodiment, a method is provided for controlling multiple distributed denial of service (DDoS) mitigation appliances. A DDoS attack mitigation central controller configures attack mitigation policies for the DDoS attack mitigation appliances. The DDoS attack mitigation policies are sent to the DDoS attack mitigation appliances through a network connecting the DDoS attack mitigation…
EXAMINING AND CONTROLLING IPv6 EXTENSION HEADERS
Granted: April 20, 2017
Application Number:
20170111319
Methods and systems for selectively blocking, allowing and/or reformatting IPv6 headers by traversing devices are provided. According to one embodiment, reputation information regarding observed senders of Internet Protocol (IP) version 6 (IPv6) packets and packet fragments is maintained by a traversing device based on conformity or nonconformity of extension headers contained within the IPv6 packets with respect to a set of security checks performed by the traversing device. When an…
FACILITATING CONTENT ACCESSIBILITY VIA DIFFERENT COMMUNICATION FORMATS
Granted: April 13, 2017
Application Number:
20170104837
Methods and systems for facilitating content accessibility via different communication formats are provided. According to one embodiment, information indicative of one or more communication formats via which a client device is capable of communication is stored on a client device by (i) sending the client device a web page having embedded therein test content associated with a first protocol stack and/or a second protocol stack; and (ii) based on a response to the test content received…
IDENTIFYING NODES IN A RING NETWORK
Granted: April 13, 2017
Application Number:
20170104638
Methods and systems for determining a token master on a ring network are provided. According to one embodiment, a ring controller of a first blade participating in the ring network receives an indication that an arbitration token originated by an originating blade has been received. The ring controller compares the priorities of the originating blade and the first blade. When the priority of the originating blade is higher, the ring controller transmits the arbitration token to the next…
SECURE CLOUD STORAGE DISTRIBUTION AND AGGREGATION
Granted: April 6, 2017
Application Number:
20170098096
Methods and systems for vendor independent and secure cloud storage distribution and aggregation are provided. According to one embodiment, an application programming interface (API) is provided by a cloud storage gateway device logically interposed between third-party cloud storage platforms and users of an enterprise. The API facilitates storing of files, issuing of search requests against the files and retrieval of content of the files. A file storage policy is assigned to each user,…
CENTRALIZED MANAGEMENT AND ENFORCEMENT OF ONLINE BEHAVIORAL TRACKING POLICIES
Granted: March 30, 2017
Application Number:
20170093917
Systems and methods for manipulating online behavioral tracking policies are provided. According to one embodiment, a hypertext transfer protocol (HTTP) response transmitted from a web server to a client is captured by a network security device. A status of the client is determined by the network security device. An online behavioral tracking policy associated with the client is identified by the network security device based on the determined status. The identified online behavioral…
TUNNEL INTERFACE FOR SECURING TRAFFIC OVER A NETWORK
Granted: March 30, 2017
Application Number:
20170093808
Methods and systems for a flexible, scalable hardware and software platform that allows a managed security service provider to easily provide security services to multiple customers are provided. According to one embodiment, a method is provided for delivering customized network services to subscribers of the service provider. A request is received, at a service management system (SMS) of the service provider, to establish an Internet Protocol (IP) connection between a first and second…
INLINE INSPECTION OF SECURITY PROTOCOLS
Granted: March 30, 2017
Application Number:
20170093796
Systems and methods for inline security protocol inspection are provided. According to one embodiment, a security device receives an encrypted packet from a first network appliance and buffers the encrypted packet in a buffer. An inspection module accesses the encrypted packet from the buffer, decrypts the encrypted packet to produce plain text and scans the plain text by the inspection module.
METADATA INFORMATION BASED FILE PROCESSING
Granted: March 2, 2017
Application Number:
20170063883
Methods and systems for network level file processing based on metadata information retrieved from a file are provided. According to one embodiment, a file is received by a network security appliance. Metadata information is extracted from the file. The extracted metadata information is processed based on one or more defined rules. An action is taken on one or more of the file or a sender of the file based on an outcome of the processing.
FIREWALL INTERFACE CONFIGURATION TO ENABLE BI-DIRECTIONAL VOIP TRAVERSAL COMMUNICATIONS
Granted: March 2, 2017
Application Number:
20170063803
Methods and systems for an intelligent network protection gateway (NPG) and network architecture are provided. According to one embodiment, a firewall provides network-layer protection to hosts of a private network against unauthorized access by hosts of an external network by performing network address translation (NAT) processing of Internet Protocol (IP) addresses. The firewall also provides application-layer protection on behalf of the hosts and supports Voice over IP (VoIP) services…
INTERFACE GROUPS FOR RULE-BASED NETWORK SECURITY
Granted: March 2, 2017
Application Number:
20170063796
Systems and methods for designating interfaces of a network security appliance as source/destination interfaces in connection with defining a security rule are provided. According to one embodiment, a security rule configuration interface is displayed through which a network administrator can specify parameters of security rules to be applied to traffic attempting to traverse the network security appliance. Information defining a traffic flow to be controlled by a security rule is…
DATA LEAK PROTECTION
Granted: March 2, 2017
Application Number:
20170063790
Methods and systems for Data Leak Prevention (DLP) in an enterprise network are provided. According to one embodiment, a network security device maintains a filter database containing multiple filtering rules. Each filtering rule specifies a watermark hash value, a set of network services for which the filtering rule is active and an action to be taken. Network traffic directed to a destination residing outside of an enterprise network, associated with a particular network service and…
DETECTION OF FRAUDULENT CERTIFICATE AUTHORITY CERTIFICATES
Granted: March 2, 2017
Application Number:
20170063557
Systems and methods for verifying a certificate authority are provided. According to one embodiment, a network security device intercepts a session between a client and a server, wherein a secure channel is requested to be established between the client and the server in the session. The network security device captures a digital certificate that is being sent from the server to the client, wherein the digital certificate is used for authenticating the server in connection with…
SECURE CLOUD STORAGE DISTRIBUTION AND AGGREGATION
Granted: March 2, 2017
Application Number:
20170061141
Methods and systems for secure cloud storage are provided. According to one embodiment, a gateway maintains multiple cryptographic keys. A file that is to be stored across multiple third-party cloud storage services is received by the gateway from a user of an enterprise network. The file is partitioned into chunks. A directory is created within a cloud storage service having a name attribute based on an encrypted version of a name of the file. For each chunk: (i) existence of data is…
POLARITY RECOGNITION AND SWAPPING FOR DC POWERED DEVICES
Granted: February 23, 2017
Application Number:
20170054290
A system for recognizing and swapping polarity for DC powered devices that includes a polarity detection module that is configured to identify polarity of DC power input, and further configured to send an output to a controller based on identification of polarity of the DC power input. The system includes a power switch array that is operatively coupled with the controller, and wherein the controller, based on the output, can set one or more switches of the power switch array for…
