PROACTIVE MITIGATION OF WI-FI 6E ROGUE CLIENTS CONNECTING TO WI-FI 6E ACCESS POINTS IN WIRELESS NETWORKS
Granted: June 27, 2024
Application Number:
20240214815
A list is received from the Wi-Fi controller of rogue Wi-Fi 6E access points identified by BSSID within a vicinity of the Wi-Fi 6E access points based on RSSI measurements sent to the Wi-Fi controller. A rogue Wi-Fi 6E access point of the Wi-Fi controller list from the periodic beacon scanning. In response, prior to connection of any station to the rogue Wi-Fi 6E access point, broadcasts spoofed beacons on behalf of the rogue Wi-Fi 6E access point, using SSID and BSSID over the current…
MITIGATION OF ROGUE WI-FI 6E COMPATIBLE ACCESS POINTS
Granted: June 27, 2024
Application Number:
20240214813
A rogue Wi-Fi 6E access points are identified by on-wire data traffic of authorized Wi-Fi 6E access points. Data traffic is monitored across all access points for the rogue Wi-Fi 6E access points according to an SSID/BSSID scan table. In response, modified CSA values are sent from spoofed action frames that have a source BSSID of the rogue access points rather than the authenticated access point that transmits.
INTRUSION PROTECTION SYSTEM (IPS) FOR HASH-BASED STRING DETECTION WITHOUT MEMORY LOOKUP TABLE
Granted: June 20, 2024
Application Number:
20240205247
A CRC rule is generated for each CRC parity check circuit from a bank of CRC parity check circuits for mapping a fixed-length CRC output to a signature, each of the CRC parity check circuits servicing a specific string length. The selected CRC parity circuit outputs a fixed-length parity-check data for the specific data packet, and the string mapper maps the fixed-length parity-check data for the specific data packet to one of the string identifiers associated with the group of…
SYSTEMS AND METHODS FOR INTERNAL SECURE NETWORK RESOLUTION
Granted: June 20, 2024
Application Number:
20240205189
Systems, devices, and methods are discussed for limiting exposure of internal network operations beyond the boundary of a secure network.
AUTOMATIC DETECTION OF MALWARE FAMILIES AND VARIANTS WITHOUT THE PRESENCE OF MALWARE FILES BASED ON STRUCTURE PRESENTATION
Granted: June 13, 2024
Application Number:
20240193270
A string sample is received from a file in real-time and the string sample is converted to a Tetra code and used to search a database of Tetra code samples, organized by family and then by variant. It is determined whether the real-time Tetra code fits any family mask, and if not a new family mask is created. It is also determined whether real-time Tetra code fits any variant mask within the family mask, and if not, a new variant mask is created. The real-time Tetra code is stored in the…
SYSTEMS AND METHODS FOR NETWORK FLOW REORDERING
Granted: June 6, 2024
Application Number:
20240187343
Various embodiments provide systems and methods for reordering processed network traffic.
PER SESSION LINK LOAD BALANCING OF IPSEC TUNNELS OVER MULTIPLE UPLINKS TO SAME IPSEC GATEWAY
Granted: May 30, 2024
Application Number:
20240179565
A first data packet can be forwarded to a virtual SDWAN interface which has multiple IPSec tunnels as members, each of which is disposed over a different uplink, wherein the multiple IPSec tunnels each connect to the remote SDWAN controller. Load balancing of the particular session is performed relative to other sessions by selecting one of the multiple uplinks for transmission to the remote SDWAN controller. Phase 2 of IPSec is set up for the particular session by updating an IPSec…
CLOUD-BASED VIRTUAL EXTENSABLE LOCAL AREA NETWORK (VXLAN) TUNNEL SWITCHING ACROSS ACCESS POINTS
Granted: May 30, 2024
Application Number:
20240179028
VXLAN tunnels are configured between a VXLAN tunnel server and each of the plurality of access points using a VXLAN profile. Tunnel groups are formed between the access point and the plurality of access points. Each tunnel group defines interconnections between VXLAN tunnels such that each tunnel in a group is able to exchange packets securely. A data packet is switched between a first VXLAN tunnel coupled to the first access point on the first LAN and a second VXLAN tunnel coupled to…
SYSTEMS AND METHODS FOR ENHANCED ZTNA SECURITY
Granted: May 9, 2024
Application Number:
20240154938
Various embodiments provide systems and methods for enhancing the security of a ZTNA connection.
SYSTEMS AND METHODS FOR USING A NETWORK ACCESS DEVICE TO SECURE A NETWORK PRIOR TO REQUESTING ACCESS TO THE NETWORK BY THE NETWORK ACCESS DEVICE
Granted: April 18, 2024
Application Number:
20240129308
Various approaches for securing networks against access from off network devices. In some cases, embodiments discussed relate to systems and methods for identifying potential threats included in a remote network by a network access device prior to requesting access to a known secure network via the remote network.
SYSTEMS AND METHODS FOR AUTOMATED SD-WAN PERFORMANCE RULE FORMATION
Granted: April 18, 2024
Application Number:
20240129206
Systems, devices, and methods are discussed for defining and monitoring network communication performance in an SD-WAN environment.
REMOTE MONITORING OF A SECURITY OPERATIONS CENTER (SOC)
Granted: April 4, 2024
Application Number:
20240114060
Systems and methods for remote monitoring of a Security Operations Center (SOC) via a mobile application are provided. According to one embodiment, a management service retrieves information regarding multiple network elements that are associated with an enterprise network and extracts parameters of the monitored network elements from the retrieved information. The management service prioritizes the monitored network elements by determining a severity level associated with…
SYSTEMS AND METHODS FOR IDENTIFYING SECURITY REQUIREMENTS IN A ZTNA SYSTEM
Granted: April 4, 2024
Application Number:
20240114036
Various embodiments provide systems and methods for providing security in a ZTNA system.
SYSTEMS AND METHODS FOR SD-WAN SETUP AUTOMATION
Granted: April 4, 2024
Application Number:
20240113939
Various embodiments provide systems and methods for automating an SD-WAN setup process.
INTENT-BASED ORCHESTRATION OF INDEPENDENT AUTOMATIONS
Granted: March 28, 2024
Application Number:
20240103911
Systems and methods for intent-based orchestration of independent automations are provided. Examples described herein alleviate the complexities and technical challenges associated with deploying, provisioning, configuring, and managing configurable endpoints, including network devices, network security systems, cloud-based security services (e.g., provided by or representing a Secure Access Service Edge (SASE) platform), and other infrastructure, on behalf of numerous customers (or…
DETECTING MALICIOUS BEHAVIOR IN A NETWORK USING SECURITY ANALYTICS BY ANALYZING PROCESS INTERACTION RATIOS
Granted: February 29, 2024
Application Number:
20240070267
Systems and methods for detecting malicious behavior in a network by analyzing process interaction ratios (PIRs) are provided. According to one embodiment, information regarding historical process activity is maintained. The historical process activity includes information regarding various processes hosted by computing devices of a private network. Information regarding process activity within the private network is received for a current observation period. For each process, for each…
SYSTEMS AND METHODS FOR FINE GRAINED FORWARD TESTING FOR A ZTNA ENVIRONMENT
Granted: February 8, 2024
Application Number:
20240048564
Systems, devices, and methods are discussed for forward testing rule sets at a granularity that is less than all activity on the network. In some cases, the granularity is that of an individual application.
SYSTEMS AND METHODS FOR FINE GRAINED FORWARD TESTING FOR A ZTNA ENVIRONMENT
Granted: February 8, 2024
Application Number:
20240048564
Systems, devices, and methods are discussed for forward testing rule sets at a granularity that is less than all activity on the network. In some cases, the granularity is that of an individual application.
SYSTEMS AND METHODS FOR PREVENTING DATA LEAKS OVER RTP OR SIP
Granted: January 11, 2024
Application Number:
20240015139
Systems, devices, and methods are discussed for avoiding data thefts in real-time transactions.
SYSTEMS AND METHODS FOR SECURITY ENHANCED DOMAIN CATEGORIZATION
Granted: January 11, 2024
Application Number:
20240015181
Systems, devices, and methods are discussed for mitigating security threats due to web-domain characteristic changes.
