DATA LEAK PROTECTION
Granted: October 9, 2014
Application Number:
20140304827
Methods and systems for Data Leak Prevention (DLP) in an enterprise network are provided. According to one embodiment a data leak protection method is provided. Information regarding a watermark filtering rule is received by a network device. The information includes a sensitivity level and an action to be applied to files observed by the network device that match the watermark filtering rule. A file attempted to be passed through the network device is received by the network device. A…
POLICY-BASED SELECTION OF REMEDIATION
Granted: October 9, 2014
Application Number:
20140304767
Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, information regarding a program-code-based operational state of a computer system is periodically sampled. A determination is made regarding whether the program-code-based operational state represents a violation of a security policy by evaluating the information with respect to multiple security policies each of with defines at least one parameter condition…
SYSTEM AND METHOD FOR INTEGRATED HEADER, STATE, RATE AND CONTENT ANOMALY PREVENTION FOR SESSION INITIATION PROTOCOL
Granted: September 25, 2014
Application Number:
20140289840
Methods and systems for an integrated solution to the rate based denial of service attacks targeting the Session Initiation Protocol are provided. According to one embodiment, header, state, rate and content anomalies are prevented and network policy enforcement is provided for session initiation protocol (SIP). A hardware-based apparatus helps identify SIP rate-thresholds through continuous and adaptive learning. The apparatus can determine SIP header and SIP state anomalies and drop…
SYSTEMS AND METHODS FOR DETECTING AND PREVENTING FLOODING ATTACKS IN A NETWORK ENVIRONMENT
Granted: September 18, 2014
Application Number:
20140283043
A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes…
NOTIFYING USERS WITHIN A PROTECTED NETWORK REGARDING EVENTS AND INFORMATION
Granted: September 18, 2014
Application Number:
20140282816
Systems and methods are provided for notifying users within protected network about various events and information. According to one embodiment, a method includes receiving, by a filtering device, a request originated by an application running on a client device. The method further includes making a determination, by the filtering device, whether the request is to be blocked or allowed, based on the one or more policies. If the request is to be blocked, a notification is provided to a…
SOFT TOKEN SYSTEM
Granted: September 18, 2014
Application Number:
20140281506
Systems and methods for a secure soft token solution applicable to multiple platforms and usage scenarios are provided. According to one embodiment a method is provided for soft token management. A mobile device of a user of a secure network resource receives and installs a soft token application. A unique device ID of the mobile device is programmatically obtained by the soft token application. A seed for generating a soft token for accessing the secure network resource is requested by…
REMOTE MANAGEMENT SYSTEM FOR CONFIGURING AND/OR CONTROLLING A COMPUTER NETWORK SWITCH
Granted: September 18, 2014
Application Number:
20140280809
Methods and systems for remotely managing a switching device are provided. According to one embodiment the existence of a firewall security device within a network is automatically determined by a discovery module of a switching device. Upon determining the existence of the firewall security device, a command channel is established with the firewall security device by a communication module of the switching device. The switching device may then receive commands issued by the firewall…
SYSTEMS AND METHODS FOR DETECTING UNDESIRABLE NETWORK TRAFFIC CONTENT
Granted: September 11, 2014
Application Number:
20140259141
A method of detecting a content desired to be detected includes receiving electronic data at a first host, determining a checksum value using the received electronic data, sending the checksum value to a processing station, the processing station being a second host that is different from the first host, and receiving a result from the processing station, the result indicating whether the electronic data is associated with a content desired to be detected. A method of detecting a content…
SYSTEMS AND METHODS FOR DETECTING AND PREVENTING FLOODING ATTACKS IN A NETWORK ENVIRONMENT
Granted: September 11, 2014
Application Number:
20140259163
A method for processing network traffic data includes receiving a packet, and determining whether the packet or a session of the packet is associated with a flooding attack. Some embodiments are implemented on network switching devices.
SYSTEMS AND METHODS FOR DETECTING UNDESIRABLE NETWORK TRAFFIC CONTENT
Granted: September 11, 2014
Application Number:
20140259142
A method of detecting a content desired to be detected includes receiving electronic data at a first host, determining a checksum value using the received electronic data, sending the checksum value to a processing station, the processing station being a second host that is different from the first host, and receiving a result from the processing station, the result indicating whether the electronic data is associated with a content desired to be detected. A method of detecting a content…
METHOD, APPARATUS, SIGNALS AND MEDIUM FOR ENFORCING COMPLIANCE WITH A POLICY ON A CLIENT COMPUTER
Granted: September 11, 2014
Application Number:
20140259098
A method and system for enforcing compliance with a policy on a client computer in communication with a network is disclosed. The method involves receiving a data transmission from the client computer on the network. The data transmission includes status information associated with the client computer. The data transmission is permitted to continue when the status information meets a criterion.
HIGH-AVAILABILITY CLUSTER ARCHITECTURE AND PROTOCOL
Granted: September 11, 2014
Application Number:
20140258771
Methods and systems are provided for an improved cluster-based network architecture. According to one embodiment, an active connection is established between a first interface of a network device and an enabled interface of a first cluster unit of a high availability (HA) cluster. The HA cluster is configured to provide connectivity between network devices of an internal and external network. A backup connection is established between a second interface of the network device and a…
SYSTEMS AND METHODS FOR CATEGORIZING NETWORK TRAFFIC CONTENT
Granted: September 11, 2014
Application Number:
20140258520
A method for categorizing network traffic content includes determining a first characterization of the network traffic content determining a first probability of accuracy associated with the first characterization, and categorizing the network traffic content based at least in part on the first characterization and the first probability of accuracy. A method for use in a process to categorize network traffic content includes obtaining a plurality of data, each of the plurality of data…
OPERATION OF A DUAL INSTRUCTION PIPE VIRUS CO-PROCESSOR
Granted: August 21, 2014
Application Number:
20140237601
Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a content object is stored by a general purpose processor to a system memory. The memory has stored therein a page directory containing information for translating virtual addresses to physical addresses. Multiple most recently used entries of the page directory are cached, by a virus co-processor, within translation lookaside buffers (TLBs) implemented within an…
FIREWALL INTERFACE CONFIGURATION TO ENABLE BI-DIRECTIONAL VOIP TRAVERSAL COMMUNICATIONS
Granted: August 7, 2014
Application Number:
20140223540
Methods and systems for an intelligent network protection gateway (NPG) and network architecture are provided. According to one embodiment, a firewall provides network-layer protection to internal hosts against unauthorized access by hosts of an external network by performing network address translation (NAT) processing of Internet Protocol (IP) addresses. The firewall changes data in headers of VoIP packets and corresponding data contents of the VoIP packets, to enable bi-directional…
CLOUD-BASED SECURITY POLICY CONFIGURATION
Granted: August 7, 2014
Application Number:
20140223507
Systems and methods for configuring security policies based on cloud are provided. According to one embodiment, security parameters are shared on cloud by security devices. A first network appliance may fetch one or more security parameters shared by a second network appliance from a cloud account. Then the first network appliance automatically creates a security policy that controlling a connection between the first network appliance and the second network appliance based at least in…
PERFORMING RATE LIMITING WITHIN A NETWORK
Granted: June 26, 2014
Application Number:
20140177442
Methods and systems for performing rate limiting are provided. According to one embodiment, information is maintained regarding a set of virtual networks into which a network has been logically divided. Each virtual network comprises a loop-free switching path, reverse path learning network and provides a path through the network between a first and second network device thereby collectively providing multiple paths between the first and second network devices. Packets are received by…
CONTENT FILTERING OF REMOTE FILE-SYSTEM ACCESS PROTOCOLS
Granted: June 26, 2014
Application Number:
20140181979
Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a remote file-system access protocol request issued by a client to a server is received at a network device logically interposed between the client and the server. The request is issued to the server by the network device. A single shared holding buffer, used for both read and write accesses to the file and used by multiple processes running on the client, is…
SECURE SYSTEM FOR ALLOWING THE EXECUTION OF AUTHORIZED COMPUTER PROGRAM CODE
Granted: June 26, 2014
Application Number:
20140181511
Systems and methods for selective authorization of code modules are provided. According to one embodiment, file system or operating system activity relating to a code module is intercepted by a kernel mode driver of a computer system. The code module is selectively authorized by authenticating a cryptographic hash value of the code module with reference to a multi-level whitelist. The multi-level whitelist includes (i) a global whitelist database remote from the computer system that is…
HARDWARE-ACCELERATED PACKET MULTICASTING
Granted: June 26, 2014
Application Number:
20140177631
Methods and systems for hardware-accelerated packet multicasting are provided. According to one embodiment, a multicast packet is received at an ingress system of a packet-forwarding engine (PFE). Multiple flow classification indices are identified for the multicast packet by the ingress system. The multiple flow classification indices are sent to an egress system of the PFE by the ingress system. A single copy of the multicast packet is buffered in a memory accessible by the egress…
