ADAPTIVE LOAD BALANCING
Granted: January 30, 2014
Application Number:
20140029429
Methods and systems for performing load balancing within an Ethernet network are provided. According to one embodiment, a set of paths is maintained by a first component of multiple components coupled in communication with a network. Each path is a loop-free switching path, reverse path learning network and the first component and a second component of the multiple components are connected through each path. A packet destined for the second component is received by the first component.…
DATA LEAK PROTECTION
Granted: January 2, 2014
Application Number:
20140007246
Methods and systems for Data Leak Prevention (DLP) in an enterprise network are provided. According to one embodiment a data leak protection method is provided. A network device receives information regarding a watermark filtering rule, including a sensitivity level and an action to be applied to files observed by the network device matching the watermark filtering rule. The network device scans a file attempted to be passed through the network device by locating a watermark embedded…
SYSTEMS AND METHODS FOR DETECTING AND PREVENTING FLOODING ATTACKS IN A NETWORK ENVIRONMENT
Granted: December 19, 2013
Application Number:
20130340078
A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes…
METHOD AND SYSTEM FOR POLLING NETWORK CONTROLLERS
Granted: December 19, 2013
Application Number:
20130339710
Improving the performance of multitasking processors are provided. For example, a subset of M processors within a Symmetric Multi-Processing System (SMP) with N processors is dedicated for a specific task. The M (M>0) of the N processors are dedicate to a task, thus, leaving (N-M) processors for running normal operating system (OS). The processors dedicated to the task may have their interrupt mechanism disabled to avoid interrupt handler switching overhead. Therefore, these…
VULNERABILITY-BASED REMEDIATION SELECTION
Granted: December 12, 2013
Application Number:
20130333044
A machine-actionable memory comprises one or more machine-actionable records arranged according to a data structure. Such a data structure may include links that respectively map between a remediation, at least one action, and at least two vulnerabilities. A method of selecting a remediation, that is appropriate to a vulnerability which is present on a machine to be remediated, may include: providing a machine-actionable memory as mentioned above; and indexing into the memory using: a…
INTEGRATED SECURITY SWITCH
Granted: December 12, 2013
Application Number:
20130333019
An integrated security switch and related method for managing connectivity and security among networks. The integrated security switch includes a security function connectable with a first network and at least one switching function connectable with a second network. A common management interface driven by both command line interface and graphic user interface protocols manages the switching function via a management path dedicated between the security function and the switching…
COMPUTERIZED SYSTEM AND METHOD FOR DEPLOYMENT OF MANAGEMENT TUNNELS
Granted: December 12, 2013
Application Number:
20130332997
Methods and systems for deploying management tunnels between managed and managing devices are provided. According to one embodiment, a managed device receives an address of a management device. The managed device has stored therein a pre-configured unique identifier of an authorized management device and a digital certificate assigned to the managed device prior to installation of the managed device within a network. A tunnel is established between the devices. The management device has…
HETEROGENEOUS MEDIA PACKET BRIDGING
Granted: November 28, 2013
Application Number:
20130315232
Methods and systems for bridging network packets transmitted over heterogeneous media channels are provided. According to one embodiment, a network device comprises network interfaces (netmods), including a first and second set operable to receive packets encapsulated within a first and second set of media transmissions, respectively, and each having a first and second framing media format, respectively. A single bridging domain is provided by a shared bridging application. A memory…
MECHANISM FOR ENABLING LAYER TWO HOST ADDRESSES TO BE SHIELDED FROM THE SWITCHES IN A NETWORK
Granted: November 21, 2013
Application Number:
20130308640
Methods and systems for shielding layer two host addresses (e.g., MAC addresses) from a network are provided. A border component interposed between a network of switches and multiple local hosts receives from a first local host a first packet destined for a first destination host. The first local host has a first layer 2 (L2) address and a first layer 3 (L3) address associated therewith. The first packet includes the first L2 address as a source L2 address for the first packet, and…
DETECTING MALICIOUS RESOURCES IN A NETWORK BASED UPON ACTIVE CLIENT REPUTATION MONITORING
Granted: November 21, 2013
Application Number:
20130312097
Systems and methods for detecting malicious resources by analyzing communication between multiple resources coupled to a network are provided. According to one embodiment, a method is performed for client reputation monitoring. A monitoring unit within a network observes activities relating to multiple monitored devices within the network. For each observed activity, the monitoring unit assigns a score to the observed activity based upon a policy of multiple polices established within…
ACCELERATING DATA COMMUNICATION USING TUNNELS
Granted: November 21, 2013
Application Number:
20130311671
Methods and systems are provided for increasing application performance and accelerating data communications in a WAN environment. According to one embodiment, packets are received at a flow classification module operating at the Internet Protocol (IP) layer of a first wide area network (WAN) acceleration device via a private tunnel, which is operable to convey application layer data for connection-oriented applications between WAN acceleration devices. Packets that are classified as…
SERVICE PROCESSING SWITCH
Granted: November 21, 2013
Application Number:
20130308460
Methods and systems for providing IP services in an integrated fashion are provided. According to one embodiment, packets are load balanced among virtual routing processing resources of an IP service generator of a virtual router (VR) based switch. A packet flow cache is maintained with packet flow entries containing information indicative of packet processing actions for established packet flows. Deep packet classification is performed to determine whether a packet is associated with an…
COMPUTERIZED SYSTEM AND METHOD FOR HANDLING NETWORK TRAFFIC
Granted: November 14, 2013
Application Number:
20130305343
Methods and systems for processing network content associated with multiple virtual domains are provided. According to one embodiment, a service daemon process is instantiated within a firewall to handle content processing of network traffic of virtual domains by aggregating communication channels associated with the virtual domains and by applying an appropriate content processing policy for the corresponding virtual domain. A connection request is received by the firewall from a…
POLICY-BASED CONFIGURATION OF INTERNET PROTOCOL SECURITY FOR A VIRTUAL PRIVATE NETWORK
Granted: November 7, 2013
Application Number:
20130298182
A method for performing policy-based configuration of Internet Protocol Security (IPSec) for a Virtual Private Network (VPN) is provided. According to one embodiment, a browser-based interface of a network device displays a policy page through which multiple settings may be configured for a VPN connection. The settings include a type of IPSec tunnel to be established between the network device and a peer. One or more parameter values corresponding to one or more of the settings are…
DETECTING NETWORK TRAFFIC CONTENT
Granted: October 3, 2013
Application Number:
20130263271
A device for detecting network traffic content is provided. The device includes a memory configured for storing one or more signatures, each of the one or more signatures associated with content desired to be detected, and 5 defined by one or more predicates. The device a/so includes a processor configured to receive data associated with network traffic content, execute one or more instructions based on the one or more signatures and the data, and determine whether the network traffic…
SYSTEMS AND METHODS FOR UPDATING CONTENT DETECTION DEVICES AND SYSTEMS
Granted: October 3, 2013
Application Number:
20130263246
A method of updating a content detection module includes obtaining content detection data, and transmitting the content detection data to a content detection module, wherein the transmitting is performed not in response to a request from the content detection module. A method of sending content detection data includes obtaining content detection data, selecting an update station from a plurality of update stations, and sending the, content detection data to the selected update station. A…
SYSTEMS AND METHODS FOR CATEGORIZING NETWORK TRAFFIC CONTENT
Granted: October 3, 2013
Application Number:
20130262667
A method for categorizing network traffic content includes determining a first characterization of the network traffic content determining a first probability of accuracy associated with the first characterization, and categorizing the network traffic content based at least in part on the first characterization and the first probability of accuracy. A method for use in a process to categorize network traffic content includes obtaining a plurality of data, each of the plurality of data…
SYSTEMS AND METHODS FOR CONTENT TYPE CLASSIFICATION
Granted: October 3, 2013
Application Number:
20130258863
Various embodiments illustrated and described herein include systems, methods and software for content type classification. Some such embodiments include determining a potential state of classification for packets associated with a session based at least in part on a packet associated with the session that is a packet other than the first packet of the session.
DELEGATED NETWORK MANAGEMENT SYSTEM AND METHOD OF USING THE SAME
Granted: September 26, 2013
Application Number:
20130254310
A method for providing a management function requested by a user that uses a managed device includes establishing a session on a managed device in response to a user logging into an account on the managed device, establishing a delegated management session on a management device, the delegated management session corresponding to the session on the managed device, receiving a management message on the management device, the management message being related to a management function…
VIRTUAL MEMORY PROTOCOL SEGMENTATION OFFLOADING
Granted: August 22, 2013
Application Number:
20130215904
Methods and systems for a more efficient transmission of network traffic are provided. According to one embodiment, a user process of a host processor requests a network driver to store payload data within a system memory. The network driver stores (i) payload buffers each containing therein at least a subset of the payload data and (ii) buffer descriptors each containing therein information indicative of a starting address of a corresponding payload buffer within a user memory space. A…
