REDIRECTION CONTENT REQUESTS
Granted: July 9, 2015
Application Number:
20150195354
Methods and systems for redirecting content requests are provided. According to one embodiment, a subscription request from a publisher is received by a redirect host. The subscription request includes a content delivery policy and requests the redirect host to service requests for content published by the publisher. The content is hosted by servers of the publisher residing within a private network. A client request is received by the redirect host for content. It is determined based on…
HARDWARE-ACCELERATED PACKET MULTICASTING
Granted: July 9, 2015
Application Number:
20150195098
Methods and systems for hardware-accelerated packet multicasting are provided. According to one embodiment, a first packet to be multicast to a first destination and a second packet to be multicast to a second destination are received. The first and second packets are classified in accordance with different virtual routers (VRs) of multiple VRs instantiated by a virtual routing engine (VRE) of a virtual routing system by determining a first selected VR to multicast the first packet and a…
SECURE SYSTEM FOR ALLOWING THE EXECUTION OF AUTHORIZED COMPUTER PROGRAM CODE
Granted: July 9, 2015
Application Number:
20150193614
Systems and methods for selective authorization of code modules are provided. According to one embodiment, a kernel mode driver monitors events occurring within a file system or an operating system. Responsive to observation of a trigger event performed by or initiated by an active process, in which the active process corresponds to a first code module within the file system and the event relates to a second code module within the file system, performing or bypassing a real-time…
DETECTING MALICIOUS RESOURCES IN A NETWORK BASED UPON ACTIVE CLIENT REPUTATION MONITORING
Granted: July 2, 2015
Application Number:
20150188930
Systems and methods for detecting malicious resources by analyzing communication between multiple resources coupled to a network are provided. According to one embodiment, a method of client reputation monitoring is provided. A monitoring unit executing on a network security device operable to protect a private network observes activities relating to multiple monitored devices within the private network. For each of the observed activities, a score is assigned by the monitoring unit…
EXAMINING AND CONTROLLING IPv6 EXTENSION HEADERS
Granted: July 2, 2015
Application Number:
20150188885
Methods and systems for selectively blocking, allowing and/or reformatting IPv6 headers by traversing devices are provided. According to one embodiment, a traversing device receives an Internet Protocol (IP) version 6 (IPv6) packet or packet fragment. One or more security checks are applied to extension headers of the IPv6 packet or packet fragment. If a security check of the one or more security checks is determined to be violated, then one or more appropriate countermeasures are…
CLOUD BASED LOGGING SERVICE
Granted: July 2, 2015
Application Number:
20150188784
Methods and systems are provided for providing access to a cloud-based logging service to a user without requiring user registration. According to one embodiment, access to a cloud-based logging service is integrated within a network security gateway appliance by automatically configuring access settings for the logging service without registering the gateway appliance with the logging service. A traffic or event log is transparently created within the logging service by making use of…
LOGGING ATTACK CONTEXT DATA
Granted: June 25, 2015
Application Number:
20150180887
Methods and systems for improved attack context data logging are provided. According to one embodiment, configuration information is received from an administrator of a network security device. The configuration information includes information indicative of a quantity of packets to be captured for post attack analysis. Responsive to receipt of the configuration information, a size of a circular buffer is configured based thereon. Multiple packets directed to a network protected by the…
HUMAN USER VERIFICATION OF HIGH-RISK NETWORK ACCESS
Granted: June 25, 2015
Application Number:
20150180829
Systems and methods for performing a human user test when a high-risk network access is captured by an intermediary security device are provided. According to one embodiment, when an intermediary security device identifies a high-risk network access that is potentially initiated by a human user or a piece of software running on the device of the human user, a human user test message is sent to the human user to verify that the high-risk network access was indeed initiated by the human…
FACILITATING CONTENT ACCESSIBILITY VIA DIFFERENT COMMUNICATION FORMATS
Granted: June 18, 2015
Application Number:
20150172163
Methods and systems for facilitating content accessibility via different communication formats are provided. According to one embodiment, a method is provided for directing content requests to an appropriate content delivery network. A content request is received from a client. The content request relates to web page content published by a content publisher in an Internet Protocol version 4 (IPv4) format or an Internet Protocol version 6 (IPv6) format that is obtained by the content…
POLICY-BASED SELECTION OF REMEDIATION
Granted: June 11, 2015
Application Number:
20150163249
Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, a first computer system receives information regarding an operational state of a second computer system. It is determined whether the operational state represents a violation of a security policy that has been applied to or is active in regard to the second computer system by evaluating the received information with respect to the multiple security policies.…
SCALABLE IP-SERVICES ENABLED MULTICAST FORWARDING WITH EFFICIENT RESOURCE UTILIZATION
Granted: June 4, 2015
Application Number:
20150156234
Methods, apparatus and data structures are provided for managing multicast IP flows. According to one embodiment, active multicast IP sessions are identified by a network device. A data structure is maintained by the network device and contains therein information regarding the multicast sessions, including a first value for each of the multicast sessions, at least one chain of one or more blocks of second values and one or more transmit control blocks (TCBs). Each first value is…
SECURE CLOUD STORAGE DISTRIBUTION AND AGGREGATION
Granted: June 4, 2015
Application Number:
20150154418
Methods and systems for vendor independent and secure cloud storage distribution and aggregation are provided. According to one embodiment, an application programming interface (API) is provided by a cloud storage gateway device logically interposed between third-party cloud storage platforms and users of an enterprise. The API facilitates storing of files, issuing of search requests against the files and retrieval of content of the files. A file storage policy is assigned to each user,…
CONTENT FILTERING OF REMOTE FILE-SYSTEM ACCESS PROTOCOLS
Granted: May 28, 2015
Application Number:
20150150135
Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a remote file-system access protocol response is received at a network device logically interposed between one or more clients and a server. The response represents a response to a request from one of the clients relating to a file associated with a share of the server. A determination is made whether a holding buffer corresponding to the file exists. If not, then…
DETECTING MALICIOUS RESOURCES IN A NETWORK BASED UPON ACTIVE CLIENT REPUTATION MONITORING
Granted: May 28, 2015
Application Number:
20150150134
Systems and methods for detecting malicious resources by analyzing communication between multiple resources coupled to a network are provided. According to one embodiment, a method is performed for client reputation monitoring. A monitoring unit within a network observes activities relating to multiple monitored devices within the network. For each observed activity, the monitoring unit assigns a score to the observed activity based upon a policy of multiple polices established within…
HETEROGENEOUS MEDIA PACKET BRIDGING
Granted: May 28, 2015
Application Number:
20150146730
Methods and systems for bridging network packets transmitted over heterogeneous media channels are provided. According to one embodiment, a network switching/routing blade server comprises network interfaces, including a first and second set operable to receive packets encapsulated within a first and second set of media transmissions, respectively, and each having a first and second framing media format, respectively. A single bridging domain is provided by a shared bridging application.…
COMPUTERIZED SYSTEM AND METHOD FOR ADVANCED NETWORK CONTENT PROCESSING
Granted: April 23, 2015
Application Number:
20150113630
A computerized system and method for processing network content in accordance with at least one content processing rule is provided. According to one embodiment, the network content is received at a first interface. A transmission protocol according to which the received network content is formatted is identified and used to intercept at least a portion of the received network content. The intercepted portion of the network content is redirected to a proxy, which buffers the redirected…
INLINE INSPECTION OF SECURITY PROTOCOLS
Granted: April 23, 2015
Application Number:
20150113264
Systems and methods for inline security protocol inspection are provided. According to one embodiment, a security device receives an encrypted raw packet from a first network appliance and buffers the encrypted raw packet in a buffer. An inspection module accesses the encrypted raw packet from the buffer, decrypts the encrypted raw packet to produce a plain text and scans the plain text by the inspection module.
VIRTUAL MEMORY PROTOCOL SEGMENTATION OFFLOADING
Granted: April 23, 2015
Application Number:
20150110125
Methods and systems for a more efficient transmission of network traffic are provided. According to one embodiment, payload data originated by a user process running on a host processor of the computer system is fetched by an interface of the computer system by performing direct virtual memory addressing of a user memory space of a system memory of the computer system on behalf of a network processor of the computer system. The direct virtual memory addressing maps a physical address of…
SECURITY INFORMATION AND EVENT MANAGEMENT
Granted: April 16, 2015
Application Number:
20150106867
Systems and methods for conducting correlation analysis for security events with assets attributes of a network by a SIEM device to enable more efficient reporting are provided. According to one embodiment, when a SIEM device obtains a security event, a risk level of the security event is calculated based on at least a correlation of the security event with one or more asset attributes of a network that is managed by the SIEM device. When the risk level meets a predetermined or…
SELECTING AMONG MULTIPLE CONCURRENTLY ACTIVE PATHS THROUGH A NETWORK
Granted: April 9, 2015
Application Number:
20150098335
Methods and systems for selecting among multiple concurrently active paths through a network are provided. According to one embodiment, a method is performed by a network interface of a source node within a loop-free, reverse-path-learning network. The network is divided into multiple virtual networks. A packet destined for a destination node and specifying an address for the destination or including information from which the address can be derived is received from the source. A set of…
