SYSTEMS AND METHODS FOR MULTI-TENANT SEGMENTATION TO VIRTUALIZE ZTNA PROCESSING
Granted: December 12, 2024
Application Number:
20240414159
Systems, devices, and methods are discussed for providing virtualized ZTNA control across multiple networks.
SYSTEMS AND METHODS FOR NETWORK EDGE SELECTION OF NETWORK SECURITY PROCESSING
Granted: December 12, 2024
Application Number:
20240414133
Various embodiments provide embodiments provide systems and methods for performing edge processing using selectively suspended network security processing.
SYSTEMS AND METHODS FOR AUTOMATED INCIDENT MANAGEMENT
Granted: December 12, 2024
Application Number:
20240414066
Systems, devices, and methods are discussed for automating incident management.
IDENTIFYING ATTACKS TO ACTIVE RESOURCES BY TRUSTED DEVICES WITH FAKE VULNERABILITIES ON DECEPTIVE PROXY RESOURCES
Granted: November 28, 2024
Application Number:
20240394368
A plurality of fake vulnerabilities are exposed to network traffic alongside an active resource. Each fake vulnerability cannot harm the active resource and wherein the deceptive proxy device and the legitimate device are reachable by a common IP address. Network traffic is monitored in real-time, to detect an attack by a malicious device concerning at least one of the fake vulnerabilities of the plurality of fake vulnerabilities exposed by the deceptive proxy resource. The malicious…
DETECTING ZERO-DAY MALWARE WITH TETRA CODE
Granted: November 21, 2024
Application Number:
20240386104
A string sample is received from a file in real-time and the string sample is converted to a Tetra code and used to search a database of Tetra code samples, organized by family and then by variant. Responsive to the real-time Tetra code not matching any stored Tetra codes, (a) an internal structure of the Tetra Code is generated to expose correlations of encrypted features of the file, without any access to the file, (b) machine learning is utilized to classify the internal structure of…
SYSTEMS AND METHODS FOR AUTOMATED RISK-BASED NETWORK SECURITY FOCUS
Granted: November 14, 2024
Application Number:
20240380774
Systems, devices, and methods are discussed for automatically determining a risk-based focus in determining zero trust network access policy on one or more network elements.
RISK EVALUATION FOR A VULNERABILITY ASSESSMENT SYSTEM ON A DATA COMMUNICATION NETWORK FROM A COLLECTION OF THREATS
Granted: November 7, 2024
Application Number:
20240372884
A private network is scanned to identify devices, and profiling identified devices for vulnerabilities. A score is determined from a Common Vulnerability Scoring System (CVSS) database for each vulnerability individually that characterizes severity. A score is determined for a collection of vulnerabilities. Exponential tapering functions curb an influence of large numbers of low priority threats on the collection score. The collection threat score increases with severity of the…
TETRA SYSTEMS AND METHODS FOR CLUSTERING FILES BASED UPON STRUCTURE
Granted: October 10, 2024
Application Number:
20240338444
Various embodiments provide systems and methods for identifying malicious files based upon file structure.
RESOLVING THE DISPARATE IMPACT OF SECURITY EXPLOITS TO RESOURCES WITHIN A RESOURCE GROUP
Granted: October 10, 2024
Application Number:
20240340294
Systems, methods, and apparatuses enable one or more security microservices to resolve the disparate impact of security exploits to resources within a resource group. When a resource group is determined to be impacted by a security exploit, the one or more security microservices determines whether the members of the resource group are disparately impacted. In response, the one or more security microservices splits the resource group into an impacted resource group and a non-impacted…
SYSTEMS AND METHODS FOR SD-WAN SETUP AUTOMATION
Granted: October 10, 2024
Application Number:
20240340221
Various embodiments provide systems and methods for automating an SD-WAN setup process.
EVALUATION OF WEB REQUESTS WITH AN EXTERNAL SOURCE OF INFORMATION BY BROWSER EXTENSIONS USING AN INTERNAL GATEWAY PAGE
Granted: October 3, 2024
Application Number:
20240330017
A web request to the web browser is intercepted by the web browser extension to determine whether information is synchronously available to evaluate the web request. Responsive to not having information for synchronous evaluation, the web request is redirected to display a gateway page while asynchronous obtaining information from an external information provider server, the request tracked with a request identifier and storing the asynchronously gathered information for synchronous…
LOCATIONING ACCURACY AND ANALYTICS OF WIRELESS DEVICES
Granted: October 3, 2024
Application Number:
20240334369
A plurality of access points synch with a first synch event to establish a first predefined time interval for periodically sending STA reports. Responsive to detecting the new access point, each of the plurality of access points is resynched by sending a second sync event to establish a second predefined time interval for periodically sending STA reports. A real-time mapping can be displayed of the station using a first location at a first instance, as initially synched, and a second…
SYSTEMS AND METHODS FOR NETWORK ENDPOINT DEVICE SECURITY FABRIC
Granted: October 3, 2024
Application Number:
20240333760
Various embodiments provide systems and methods for detecting and/or stopping lateral movement between endpoint devices by malicious actors.
SYSTEMS AND METHODS FOR DETECTING COMPLEX ATTACKS IN A COMPUTER NETWORK
Granted: October 3, 2024
Application Number:
20240333740
Various embodiments provide systems and methods for identifying malicious network behavior based upon historical analysis.
SYSTEMS AND METHODS FOR VISUALIZING DETECTED ATTACKS IN A COMPUTER NETWORK
Granted: October 3, 2024
Application Number:
20240333736
Various embodiments provide systems and methods for visually displaying an developing attack in a computer network based at least in part on historical information.
SYNCHRONOUSLY EVALUATING WEB REQUESTS IN A WEB BROWSER USING ASYNCHRONOUS INFORMATION SERVICES
Granted: October 3, 2024
Application Number:
20240333735
Web requests are intercepted and it is determined whether information is synchronously available to evaluate the web request. Responsive to not having information for synchronous evaluation, the web request can be redirected to a parking service to asynchronously obtain information to evaluate the web request. A response from the redirected web request including information for evaluation is received and stored. Then, web requests are reissued for synchronously evaluation by the browser.…
SYSTEMS AND METHODS FOR APPLYING UNFAIR THROTTLING TO SECURITY SERVICE REQUESTS
Granted: October 3, 2024
Application Number:
20240333731
Various embodiments provide systems and methods for granting/denying access to network security services to a plurality of service requesters.
LAYING OUT SECURITY ZONE POLICIES FOR INFORMATION TECHNOLOGY AND OPERATIONAL TECHNOLOGY DEVICES ON HYBRID NETWORKS
Granted: October 3, 2024
Application Number:
20240333721
From deep packet inspection, it is determined whether each of the plurality of network devices is part of the IT segment or the OT segment by examining a physical network address, a data type and a network protocol of one or more of the network packets. A network hierarchy is dynamically generated that maps the IT segment with interconnected IT levels having IT devices relative to the OT segment with interconnected OT levels having OT devices. A plurality of security zones is set up from…
MACHINE LEARNING LANGUAGE BASED DYNAMIC NETWORK DISCOVERY
Granted: October 3, 2024
Application Number:
20240333600
An adaptive TTL model is generated from connection events, based on varying flight delay times for connecting the device manager to a plurality of managed devices. During a connection event for any of the plurality of managed devices, a TTL value is automatically chosen for the connection event from the adaptive TTL model.
OPTMIZATION OF COMMUNICATION BETWEEN NETWORK DEVICES USING WIRELESS
Granted: October 3, 2024
Application Number:
20240333579
A downstream wired port receives network packets over the at least one or more downstream wired port. An upstream routing table, responsive the failure of the at least one of the one or more upstream wired ports, in this embodiment, determines whether a valid route for the network packets exists over the upstream network device. The upstream routing table, responsive to determining that a valid route exists, redirects the network packets for the failed upstream wired port to the upstream…
