SECURITY THREAT DETECTION
Granted: September 22, 2016
Application Number:
20160277431
Systems and methods for retrospective scanning of network traffic logs for missed threats using updated scan engines are provided. According to an embodiment, a network security device maintains a network traffic log that includes information associated with network activities observed within a private network. Responsive to an event, the network traffic log is retrospectively scanned in an attempt to identify a threat that was missed by a previous signature-based scan or a previous…
APPLICATION-BASED NETWORK PACKET FORWARDING
Granted: September 22, 2016
Application Number:
20160277293
Methods and systems for detecting an application associated with a given IP flow and differentially forwarding packets based on determined application are provided. According to one embodiment, an initial Internet Protocol (IP) packet of an IP flow is received by a network device. An application with which the initial IP packet is associated is determined by the network device. Based on the determined application, a forwarding rule to be applied to the initial IP packet is identified by…
INTELLIGENT TELEPHONE CALL ROUTING
Granted: September 15, 2016
Application Number:
20160269560
Systems and methods for intelligently routing an incoming telephone call to an internal extension based on the calling history are provided. According to one embodiment, a session log is maintained by a call monitor of a telephone system. The session log contains multiple call session records relating to telephone calls between internal extension numbers and external telephone numbers. An incoming telephone call from a telephone external to the telephone system is received by the call…
INTELLIGENT TELEPHONE CALL ROUTING
Granted: September 15, 2016
Application Number:
20160269549
Systems and methods for intelligently routing an incoming telephone call to an internal extension based on the calling history are provided. According to one embodiment, a session log, containing information regarding sessions between internal extension numbers and external telephone numbers, is maintained by a call monitor of a telephone system. The internal extension numbers are associated with telephone extensions within the telephone system and the external telephone numbers are…
HARDWARE ACCELERATOR FOR PACKET CLASSIFICATION
Granted: September 15, 2016
Application Number:
20160269511
Systems and methods for packet classification hardware acceleration are provided. According to one embodiment, a packet classification hardware accelerator system includes multiple packet classification hardware units, a memory and a cache subsystem. The packet classification hardware units are each capable of operation in parallel on a corresponding decision tree of multiple decision trees that have been derived from respective subsets of a common ruleset defining packet classification…
POLICY-BASED SELECTION OF REMEDIATION
Granted: September 15, 2016
Application Number:
20160269444
Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, information regarding a program-code-based operational state of a host asset is collected by a light weight sensor (LWS) running on the host asset via a survey tool. The information is transmitted by the LWS to a remote server via an external network. Multiple security policies are enforced by the remote server with respect to the host asset based on the…
SOFT TOKEN SYSTEM
Granted: September 8, 2016
Application Number:
20160262013
Systems and methods for a secure soft token solution applicable to multiple platforms and usage scenarios are provided. According to one embodiment, a user of a mobile device is prompted to input an activation code previously provided to the user by an authentication server, which authenticates credentials provided by users of a secure network resource that is accessible via an IP-based network. A unique device ID of the mobile device is obtained via an API of an operating system of the…
CLOUD-BASED SECURITY POLICY CONFIGURATION
Granted: September 8, 2016
Application Number:
20160261639
Systems and methods for configuring security policies based on security parameters stored in a public or private cloud infrastructure are provided. According to one embodiment, security parameters associated with a first network security device of an enterprise are shared by the first network security device with other network security devices associated with the enterprise by logging into an shared enterprise cloud account. The shared security parameters are retrieved by a second…
LOCATION-BASED NETWORK SECURITY
Granted: September 8, 2016
Application Number:
20160261606
Methods and systems for a location-aware network security device are provided. According to one embodiment, a resource access request is received at a network security device of a protected network from a user device. The resource access request represents a request to access a resource of the protected network. A geographical location of the user device is determined by the network security device. The network security device then determines whether the user device should be allowed…
SECURING EMAIL COMMUNICATIONS
Granted: September 1, 2016
Application Number:
20160255049
Methods and systems are provided for securing email communications. According to one embodiment, a network device receives an outbound email originated by a computing device of an internal network and directed to a target recipient. It is determined whether a domain name of the target recipient is present in a global doppelganger database. When the domain name is determined to be present in the global doppelganger database, transmission of the outbound email to the target recipient is…
SECURE SYSTEM FOR ALLOWING THE EXECUTION OF AUTHORIZED COMPUTER PROGRAM CODE
Granted: September 1, 2016
Application Number:
20160253491
Systems and methods for selective authorization of code modules are provided. According to one embodiment, a kernel-level driver within a kernel of an operating system of a computer system intercepts activity in connection with a file system associated with the computer system or the operating system relating to a code module. A determination is made by the kernel-level driver regarding whether to allow the intercepted activity to proceed by performing a real-time authentication process…
MANAGEMENT OF WIRELESS ACCESS POINTS VIA VIRTUALIZATION
Granted: August 18, 2016
Application Number:
20160241702
Wireless access point (AP) and methods for providing wireless connectivity to wireless client are provided. According to one embodiment, a wireless AP includes a host hardware platform and a hypervisor for providing a first virtual machine where a first guest operating system (OS) is configured to run on the first virtual machine. A wireless module is configured to run on the first guest OS for managing the wireless connection to at least one wireless client. A wireless AP management…
VIRTUAL MEMORY PROTOCOL SEGMENTATION OFFLOADING
Granted: August 11, 2016
Application Number:
20160234352
Methods and systems for a more efficient transmission of network traffic are provided. According to one embodiment, payload data originated by a user process running on a host processor of a network device is fetched by an interface of the network device by performing direct virtual memory addressing of a user memory space of a system memory of the network device on behalf of a network interface unit of the network device. The direct virtual memory addressing maps physical addresses of…
FILTERING HIDDEN DATA EMBEDDED IN MEDIA FILES
Granted: August 11, 2016
Application Number:
20160234228
Systems and methods for filtering unsafe content at a network security appliance are provided. According to one embodiment, a network security appliance captures network traffic and extracts a media file from the network traffic. The network security appliance then determines the presence of a hidden data item embedded in the media file in a machine-readable form. When such a hidden data item is identified, the network security appliance performs one or more actions on the media file…
MOBILE MALWARE DETECTION AND USER NOTIFICATION
Granted: August 11, 2016
Application Number:
20160232349
Methods and systems for detecting and responding to malware events associated with mobile/portable computing devices by means of a malware detection gateway device associated with a mobile service provider network are provided. According to one embodiment, a malware detection gateway device associated with a mobile service provider network detects a malware event based on a data stream transmitted to or from a portable computing device communicating with a packet data network via the…
SCALABLE IP-SERVICES ENABLED MULTICAST FORWARDING WITH EFFICIENT RESOURCE UTILIZATION
Granted: August 4, 2016
Application Number:
20160226670
Methods, apparatus and data structures are provided for managing multicast IP flows. According to one embodiment, a router identifies active multicast IP sessions. A data structure is maintained by the router that contains information regarding the active multicast IP sessions and includes multiple pairs of a source field and a group field ({S, G} pairs), a first pointer associated with each of the {S,G} pairs and a set of slots. Each of the {S, G} pairs defines an active multicast IP…
MANAGING TRANSMISSION AND STORAGE OF SENSITIVE DATA
Granted: August 4, 2016
Application Number:
20160224801
Systems and methods for injecting sensitive data into outgoing traffic that is to be sent to a remote server from a client by a network security appliance logically interposed between the server and the client are provided. According to one embodiment, the method includes intercepting, by a network security appliance, outgoing traffic from the client to the server. The network security appliance identifies a submission command within the outgoing traffic that is used for submitting…
NETWORK ADVERTISING SYSTEM
Granted: July 28, 2016
Application Number:
20160217505
Systems and methods for transmitting content to a client via a communication network are provided. According to one embodiment, an insertion server running within a firewall device of a network observes a content request of an application protocol by monitoring or proxying transport communication protocol connections established through the firewall device. The content request is (i) originated by a client device coupled to the network, (ii) directed to a destination device coupled to…
LOAD BALANCING AMONG A CLUSTER OF FIREWALL SECURITY DEVICES
Granted: July 21, 2016
Application Number:
20160212051
A method for balancing load among firewall security devices in a network is disclosed. According to one embodiment, a switch causes firewall security devices (FSDs) of a cluster to enter into a load balancing mode. Responsive to receiving a heartbeat signal from an FSD, information regarding the FSD and the port on which the heartbeat signal was received are added to a table maintained by the switch that maps outputs of a load balancing function to ports of the switch. A received packet…
CENTRALIZED MANAGEMENT OF ACCESS POINTS
Granted: July 14, 2016
Application Number:
20160204987
Systems and methods are provided for centralized access, control, and management of APs. According to one embodiment, multiple APs of a private IP network are decoupled from potentially transient IP addresses by assigning a unique identifier to each of the multiple APs by an AC. An AC GUI is presented by the AC to an administrator through which (i) commands are provided by the administrator and (ii) the administrator is provided with access to a first AP of the multiple APs responsive to…
