CONTEXT-AWARE PATTERN MATCHING ACCELERATOR
Granted: November 12, 2015
Application Number:
20150326534
Methods and systems for improving accuracy, speed, and efficiency of context-aware pattern matching are provided. According to one embodiment, a packet stream is received by a first stage of a CPMP hardware accelerator of a network device. A pre-matching process is performed by the first stage to identify a candidate packet that matches a string or over-flow pattern associated with IPS or ADC rules. A candidate rule is identified based on a correlation of results of the pre-matching…
FILTERING HIDDEN DATA EMBEDDED IN MEDIA FILES
Granted: November 5, 2015
Application Number:
20150319138
Systems and methods for filtering unsafe content at a network security appliance are provided. According to one embodiment, a network security appliance captures network traffic and extracts a media file from the network traffic. The network security appliance then determines the presence of a hidden data item embedded in the media file in a machine-readable form. When such a hidden data item is identified, the network security appliance performs one or more actions on the media file…
SOFT TOKEN SYSTEM
Granted: October 29, 2015
Application Number:
20150312250
Systems and methods for a secure soft token solution applicable to multiple platforms and usage scenarios are provided. According to one embodiment a unique device ID of a mobile device is obtained by a soft token application via an API of an operating system of the mobile device. A seed for generating an OTP for accessing a secure network resource is requested from a provisioning server by the application via an IP-based network. The seed is received by the mobile device via a first…
POLICY-BASED CONTENT FILTERING
Granted: October 29, 2015
Application Number:
20150312220
Methods and systems for processing application-level content of network service protocols are described. According to one embodiment, a network connection is received at a networking subsystem of a firewall. The connection is characterized by a source IP address, a destination IP address and a network service protocol. The network service protocol of the network connection is determined. A matching firewall policy is identified for the connection. When the connection is allowed, it is…
SECURING EMAIL COMMUNICATIONS
Granted: October 29, 2015
Application Number:
20150312214
Methods and systems are provided for securing email communications. According to one embodiment, a network device receives an outbound email originated by a computing device of an internal network and directed to a target recipient. It is determined whether a domain name of the target recipient is present in a global doppelganger database. When the domain name is determined to be present in the global doppelganger database, transmission of the outbound email to the target recipient is…
DETECTION OF UNDESIRED COMPUTER FILES USING DIGITAL CERTIFICATES
Granted: October 15, 2015
Application Number:
20150295937
Methods and systems for detecting undesirable computer files based on scanning and analysis of information contained within an associated digital certificate chain are provided. According to one embodiment, a file having associated therewith a certificate chain is received. A type and structure of the file are identified. A location of the certificate chain is determined based on the identified type and structure. A signature of the file is formed by extracting a targeted subset of…
SCALABLE IP-SERVICES ENABLED MULTICAST FORWARDING WITH EFFICIENT RESOURCE UTILIZATION
Granted: October 1, 2015
Application Number:
20150280929
Methods, apparatus and data structures are provided for managing multicast IP flows. According to one embodiment, a network switch module includes a memory and multiple processors partitioned among multiple virtual routers (VRs). Each VR maintains a data structure containing therein information regarding the multicast sessions, including a first value for each of the multicast sessions, at least one chain of one or more blocks of second values and one or more transmit control blocks…
REMOTE WIRELESS ADAPTER
Granted: October 1, 2015
Application Number:
20150281963
Systems and methods are described for connecting a private network to the Internet through a remote wireless adapter. According to one embodiment, a remote wireless adapter sets up a tunnel with a network security device through a local area network (LAN) adapter of the remote wireless adapter and sets up a wide area network (WAN) connection through a wireless modem which is connected to the wireless adapter. The remote wireless adapter receives an outgoing data packet sent by the…
NETWORK POLICY ASSIGNMENT BASED ON USER REPUTATION SCORE
Granted: October 1, 2015
Application Number:
20150281277
A network controller device, systems, and methods thereof are described herein for enabling a mechanism of assigning network policies to one or more users based on their respective client reputation (CR) scores. CR scores indicate a measure of the level and kind of network activity that an internal resource does with external resources. Based on the evaluation of the CR score for a given user, system of the present invention can be configured to implement an appropriate policy on the…
NETWORK FLOW ANALYSIS
Granted: October 1, 2015
Application Number:
20150281007
Systems and methods for a network flow analysis service that facilitates collection, analysis and sharing of information regarding network flows are provided. According to one embodiment, a network flow analysis service provider collects network traffic information of network flows from a plurality of different network sources, analyzes at least one attribute associating with the network flows based on the network traffic information; and distributes the at least one attribute to…
VIRTUALIZATION IN A MULTI-HOST ENVIRONMENT
Granted: October 1, 2015
Application Number:
20150277763
Methods and systems for implementing improved partitioning and virtualization in a multi-host environment are provided. According to one embodiment, multiple devices, including CPUs and peripherals, coupled with a system via an interconnect matrix/bus are associated with a shared memory logically partitioned into multiple domains. A first domain is associated with a first set of the devices and a second domain is associated with a second set of the devices. A single shared virtual map…
EFFICIENT DATA TRANSFER IN A VIRUS CO-PROCESSING SYSTEM
Granted: September 24, 2015
Application Number:
20150269381
Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a processor maintains a page directory and a page table within a system memory that contain information for translating virtual addresses to physical addresses. Virus processing of a content object is offloaded to a hardware accelerator coupled to the processor by storing scanning parameters, including the content object and a type of the content object, to the…
SECURITY INFORMATION AND EVENT MANAGEMENT
Granted: September 17, 2015
Application Number:
20150264011
Systems and methods are described for conducting work flows by an SIEM device to carry out a complex task automatically. According to one embodiment, an SIEM device may create a work flow that includes multiple security tasks that are performed by one or more security devices. When a security event is captured or the work flow is scheduled to be executed, the SIEM device starts the work flow by scheduling the security tasks defined in the work flow. The SIEM device then collects results…
FIREWALL INTERFACE CONFIGURATION TO ENABLE BI-DIRECTIONAL VOIP TRAVERSAL COMMUNICATIONS
Granted: September 10, 2015
Application Number:
20150256513
Methods and systems for an intelligent network protection gateway (NPG) and network architecture are provided. According to one embodiment, a firewall provides network-layer protection to internal hosts against unauthorized access by hosts of an external network by performing network address translation (NAT) processing of Internet Protocol (IP) addresses. The firewall also provides application-layer protection on behalf of the internal hosts and supports Voice over IP (VoIP) services by…
INITIAL DIAGNOSTICS OF A NETWORK SECURITY DEVICE VIA A HAND-HELD COMPUTING DEVICE
Granted: September 3, 2015
Application Number:
20150249686
Process, equipment, and computer program product code for configuration of and/or performing diagnostics on a network security device using a hand-held computing device are provided. According to one embodiment, a hand-held computing device is connected to a network security device via a connecting cable that is coupled to a management interface of the hand-held computing device. A mobile application running on the hand-held computing device sends a diagnostic command via the connecting…
CLOUD-BASED SECURITY POLICY CONFIGURATION
Granted: September 3, 2015
Application Number:
20150249644
Systems and methods for configuring security policies based on security parameters stored in a public or private cloud infrastructure are provided. According to one embodiment, security parameters associated with a first network appliance of an enterprise, physically located at a first site, are shared by the first network appliance with multiple network appliances of the enterprise by logging into an shared enterprise cloud account. The shared parameters are retrieved by a second…
HUMAN USER VERIFICATION OF HIGH-RISK NETWORK ACCESS
Granted: September 3, 2015
Application Number:
20150249641
Systems and methods for performing a human user test when a high-risk network access is captured by an intermediary security device are provided. According to one embodiment, a request that is sent from a client to a server is captured by an intermediary security device logically interposed between the client and the server. A human user test message is sent by the intermediary security device to the client to verify that the request was initiated by a human user of the client. A…
POLICY-BASED CONFIGURATION OF INTERNET PROTOCOL SECURITY FOR A VIRTUAL PRIVATE NETWORK
Granted: August 27, 2015
Application Number:
20150244691
A method for performing policy-based configuration of Internet Protocol Security (IPSec) for a Virtual Private Network (VPN) is provided. According to one embodiment, a policy page through which a policy, including multiple VPN settings for establishing a VPN connection, may be viewed and configured is displayed via a user interface of a source network device. The VPN settings include a type of IPSec tunnel to be established between the source network device and a peer network device. A…
SERVICE PROCESSING SWITCH
Granted: August 13, 2015
Application Number:
20150229567
Methods and systems for providing IP services in an integrated fashion are provided. According to one embodiment, packets are load balanced among virtual routing processing resources of an IP service generator of a virtual router (VR) based switch. A packet flow cache is maintained with packet flow entries containing information indicative of packet processing actions and/or packet field manipulations for established packet flows. A determination is made regarding whether a packet is…
INHERITANCE BASED NETWORK MANAGEMENT
Granted: July 23, 2015
Application Number:
20150207693
Systems and methods for normalization of physical interfaces having different physical attributes are provided. According to one embodiment, information regarding multiple network devices is presented to a network manager. The network devices have substantially identical function. Two physical interfaces of two network devices that are to be normalized are identified. The physical interfaces are normalized by creating a virtual interface (VI) to which both correspond. A policy applicable…
