Intrusion detection in a wireless network using location information of wireless devices
Granted: December 28, 2021
Patent Number:
11212681
Systems and methods for detecting and/or preventing intrusions in a wireless network based on location information of wireless devices are provided. According to one embodiment, a database is maintained by a wireless network security system that includes historical location information and a media access control (MAC) address for multiple wireless devices observed by wireless access points (APs) of a wireless network of an enterprise. Information regarding one or more probe signals…
Control maturity assessment in security operations environments
Granted: December 28, 2021
Patent Number:
11212316
Method and system embodiments for assessing control maturity in security operations environments are described. According to some embodiments, the method facilitates a nonintrusive, automated means to configure and detect security controls installed in an Information Technology (IT) environment. The system verifies that these controls function as expected over a specified period of time and then maps each security control to a cell in a matrix of operational functions crossed with asset…
Artificial intelligence (AI) management of roaming service provider agreements for offloading voice calls from cellular networks to Wi-Fi hotspots
Granted: November 23, 2021
Patent Number:
11184823
Requests for roaming service agreements intended for an ANQP server to initiate offloading an ongoing voice call from a cellular network associated with a SP for the station to the Wi-Fi network are received. A connection is made if the SP matches a list of SP providers for which the AP has a roaming service agreement. Responsive to not matching the list of SP providers, the SP miss and location data of the station is stored. Statistics concerning stored AP misses and identifying a…
Separating broadcast and multicast wireless traffic in WLANs (wireless local access networks) for quarantine stations
Granted: November 23, 2021
Patent Number:
11184741
Quarantine stations are steered to a hidden virtual access point for quarantining multicast and broadcast traffic from other traffic on an access point, or other device. The hidden virtual access point can be spawned, with the same configurations as a non-quarantine virtual access point, for on demand traffic containment. The data stream transmitted over Wi-Fi to the quarantine client using a different GTK key generated under virtual access point of hidden SSID for encryption of the…
Detection and mitigation of time-delay based network attacks
Granted: November 23, 2021
Patent Number:
11184372
Systems and methods are described for mitigation of time-delay based network attacks that seek to avoid detection by email security solutions employing sandboxing. According to one embodiment, a potentially malicious link associated with a communication is received from a computer system by a sandbox device. A link evasion technique, in which a first file to which the potentially malicious link points to at a first time is replaced with a second file on or before a second time, is…
Systems and methods for real-time configurable load determination
Granted: November 9, 2021
Patent Number:
11171969
Systems and methods are described herein generally relating to network security, and in particular, embodiments described generally relate to real-time configurable load determination. For example, a method is disclosed, which calls for receiving a request to perform a security service, performing the security service on data included with the request; calculating a service load associated with and during the performing the security service, and transmitting a response to the request,…
Alternative network communication for access point troubleshooting and monitoring
Granted: October 26, 2021
Patent Number:
11159963
The present description provides methods, computer program products, and systems for alternative network communication for access point troubleshooting and monitoring. When a station has difficulty initiating or maintaining a connection with an access point, or even when performance is suboptimal, alternative network communication is initiated. The issue can be handled by reporting to a troubled access point for self-correction, or by uploading interrogation commands or code for active…
Determining on-net/off-net status of a client device
Granted: October 19, 2021
Patent Number:
11153350
Systems and methods are described for determining an on-net/off-set status of a client device. An endpoint security program running on the client device maintains an enterprise public Internet Protocol (IP) list containing one or more ranges of public IP addresses associated with an enterprise network. Further, the endpoint security program sends a request to a cloud-based service for information regarding a public IP address of the client device. In response to the request, the endpoint…
True transparent proxy to support multiple HTTP/S web applications on same IP and port on a data communication network
Granted: October 19, 2021
Patent Number:
11153280
A true transparent proxy for a web application firewall is provided. Granular network security policies are applied on a per web application basis using unique SSL inspection certificates for web applications sharing a common IP address.
Active path detection for on-demand network links in a software-defined wide area network (SDWAN)
Granted: October 5, 2021
Patent Number:
11140059
Systems and methods are described for active path detection for on-demand network links in an SDWAN. According to one embodiment, on establishment of an on-demand network link between a first spoke device and a second spoke device of an SDWAN, the first spoke creates a health check object and periodically measures a metric representing a latency between the first and second spokes. Responsive to receipt of a packet via the on-demand network link, the first spoke determines whether the…
Mobile device battery optimization for processing location beacons using mobile inbuilt sensors
Granted: September 21, 2021
Patent Number:
11129099
A battery saving controller toggles between a normal mode and a battery saving mode which selectively processing location beacons using mobile inbuilt sensors. Bluetooth location beacons are periodically sent by nearby Bluetooth location devices for updating a current location of mobile devices. Battery power within the mobile devices is selectively used for processing the location beacon. The processing exposes the unique tag id from Bluetooth LE data packets, and determines the RSSI…
Dynamically applying application security settings and policies based on workload properties
Granted: September 14, 2021
Patent Number:
11120148
Systems, methods, and apparatuses enable a security orchestrator to detect a virtual machine deployed in a virtual environment. The virtual machine includes a tag storing information associated with the virtual machine. The security orchestrator determines that the tag contains one or more security elements, the security elements indicating information for determining security settings and policies to be applied to the virtual machine. The security orchestrator determines the security…
High-availability cluster architecture and protocol
Granted: July 20, 2021
Patent Number:
11068362
Methods and systems are provided for an improved cluster-based network architecture. According to one embodiment, an active connection is established between a first interface of a network device and an enabled interface of a first cluster unit of an HA cluster of network security devices. The HA cluster is configured to provide connectivity between network devices of an internal and external network. A backup connection is established between a second interface of the network device and…
Security fabric for internet of things (IOT)
Granted: July 13, 2021
Patent Number:
11063906
The present invention relates to a method for managing IoT devices by a security fabric. A method is provided for managing IoT devices includes collecting, by analyzing tier, data of Internet of Things (IoT) devices from a plurality of data sources, abstracting, by analyzing tier, profiled element baselines (PEBs) of IoT devices from the data, wherein each PEB includes characteristics of IoT devices; retrieving, by executing tier, the PEBs from the analyzing tier, wherein the executing…
Service detection for a policy controller of a software-defined wide area network (SD-WAN)
Granted: July 13, 2021
Patent Number:
11063905
Systems and methods for detecting Internet services by a network policy controller are provided. According to one embodiment, a network controller maintains an Internet service database (ISDB) in which multiple Internet services and corresponding protocols, port numbers, Internet Protocol (IP) address ranges and singularity levels of the IP ranges are stored. The network policy controller intercepts network traffic and detects the Internet service of the network traffic. If an IP address…
Artificial intelligence for mining crypto currency with access point stratum pools over data communication networks
Granted: July 6, 2021
Patent Number:
11055676
An access point switches between an access point mode and a cryptomining mode. In the access point mode, the access point provides network access for end stations using a BSSID (Basic Service Set Identifier) while in the access point mode. In surveillance mode, the access point activates a mining co-processor and collectively works on problems coordinated by a stratum mining server. Artificial intelligence can be used to determine which access points to switch modes and for how long.
Management of internet of things (IoT) by security fabric
Granted: July 6, 2021
Patent Number:
11057346
The present invention relates to a method for managing IoT devices by a security fabric. According to one embodiment, an analyzing tier collects data of Internet of Things (IoT) devices from a plurality of data sources and abstracts profiled element baselines (PEBs) of IoT devices of the same type from the data. An executing tier retrieves the PEBs from the analyzing tier and generates security policies for IoT devices of the same type from PEBs. The executing tier controls network…
Security fabric for internet of things (IoT)
Granted: July 6, 2021
Patent Number:
11057345
The present invention relates to methods, systems and non-transitory computer-readable storage medium for managing IoT devices by a security fabric. According to one embodiment, an analyzing tier collects data of Internet of Things (IoT) devices from a plurality of data sources and abstracts profiled element baselines (PEBs) of IoT devices of the same type from the data. An executing tier retrieves the PEBs from the analyzing tier and generates security policies for IoT devices of the…
Management of internet of things (IoT) by security fabric
Granted: July 6, 2021
Patent Number:
11057344
The present invention relates to a methods, systems and non-transitory computer-readable storage medium for managing IoT devices by a security fabric. According to one embodiment, an analyzing tier collects data of Internet of Things (IoT) devices from a plurality of data sources and abstracts profiled element baselines (PEBs) of IoT devices of the same type from the data. An executing tier retrieves the PEBs from the analyzing tier and generates security policies for IoT devices of the…
DNS (domain name server)-based application-aware routing on SD-WAN (software-defined wide access network)
Granted: July 6, 2021
Patent Number:
11057304
Applications associated with the network data packet are identified by parsing the network data packet of the received network data packets to identify a second-level domain from a destination IP address and searching the second-level domain database to identify the application associated with the second-level domain. It is determined whether the network data packet comprises a DNS packet or a non-DNS packet. Responsive to the network data packet comprising a DNS packet, a second-level…
