Mobile device battery optimization for processing location beacons using mobile inbuilt sensors
Granted: September 21, 2021
Patent Number:
11129099
A battery saving controller toggles between a normal mode and a battery saving mode which selectively processing location beacons using mobile inbuilt sensors. Bluetooth location beacons are periodically sent by nearby Bluetooth location devices for updating a current location of mobile devices. Battery power within the mobile devices is selectively used for processing the location beacon. The processing exposes the unique tag id from Bluetooth LE data packets, and determines the RSSI…
Dynamically applying application security settings and policies based on workload properties
Granted: September 14, 2021
Patent Number:
11120148
Systems, methods, and apparatuses enable a security orchestrator to detect a virtual machine deployed in a virtual environment. The virtual machine includes a tag storing information associated with the virtual machine. The security orchestrator determines that the tag contains one or more security elements, the security elements indicating information for determining security settings and policies to be applied to the virtual machine. The security orchestrator determines the security…
High-availability cluster architecture and protocol
Granted: July 20, 2021
Patent Number:
11068362
Methods and systems are provided for an improved cluster-based network architecture. According to one embodiment, an active connection is established between a first interface of a network device and an enabled interface of a first cluster unit of an HA cluster of network security devices. The HA cluster is configured to provide connectivity between network devices of an internal and external network. A backup connection is established between a second interface of the network device and…
Security fabric for internet of things (IOT)
Granted: July 13, 2021
Patent Number:
11063906
The present invention relates to a method for managing IoT devices by a security fabric. A method is provided for managing IoT devices includes collecting, by analyzing tier, data of Internet of Things (IoT) devices from a plurality of data sources, abstracting, by analyzing tier, profiled element baselines (PEBs) of IoT devices from the data, wherein each PEB includes characteristics of IoT devices; retrieving, by executing tier, the PEBs from the analyzing tier, wherein the executing…
Service detection for a policy controller of a software-defined wide area network (SD-WAN)
Granted: July 13, 2021
Patent Number:
11063905
Systems and methods for detecting Internet services by a network policy controller are provided. According to one embodiment, a network controller maintains an Internet service database (ISDB) in which multiple Internet services and corresponding protocols, port numbers, Internet Protocol (IP) address ranges and singularity levels of the IP ranges are stored. The network policy controller intercepts network traffic and detects the Internet service of the network traffic. If an IP address…
Management of internet of things (IoT) by security fabric
Granted: July 6, 2021
Patent Number:
11057346
The present invention relates to a method for managing IoT devices by a security fabric. According to one embodiment, an analyzing tier collects data of Internet of Things (IoT) devices from a plurality of data sources and abstracts profiled element baselines (PEBs) of IoT devices of the same type from the data. An executing tier retrieves the PEBs from the analyzing tier and generates security policies for IoT devices of the same type from PEBs. The executing tier controls network…
Increasing downstream network throughput from access points in data communication systems using transmit opportunities from RTS (request to send)frame errors
Granted: July 6, 2021
Patent Number:
11057932
A sender of the RTS frame is decoded based on the symbol error sequence and a station database within the access point, even if there is a CRC (cyclical redundancy checking) failure. The access point seizes the transmit opportunity during RTS reception failure, as collision results in higher back off window before stations can transmit. To minimize the impact of collision on voice clients, some embodiments prioritize transmission of voice packets within the new transmit opportunity.
Increasing throughput density of TCP traffic on a hybrid data network having both wired and wireless connections by modifying TCP layer behavior over the wireless connection while maintaining TCP protocol
Granted: July 6, 2021
Patent Number:
11057501
A WLAN driver of the TCP proxy device transmits network packets transmitted from a sender device over the data communication network to a wireless station. TCP network packets are diverted to a TCP proxy pipeline. First, the wireless receiver device is emulated to a wireless sender device by providing an ACK packet to the sender device in order to close the TCP session on the sender side by responding to a TCP handshake with the sender device. Second, the sender device is emulated to a…
Hybrid cluster architecture for reverse proxies
Granted: July 6, 2021
Patent Number:
11057478
Systems and methods for an improved HA cluster architecture that provides for seamless failover while also maintaining full processing capacity are provided. According to one embodiment, each member of a hybrid HA cluster of reverse proxy network security devices is configured to operate in an active mode or in a backup mode. A primary member of a set of active members of the cluster receives and processes network traffic. The cluster detects existence of a failure scenario of multiple…
Detecting poisoning attacks of internet of things (IOT) location beacons in wireless local area networks (WLANS) with silence periods
Granted: July 6, 2021
Patent Number:
11057398
Poisoning attacks by spoofing location beacons in a WLAN are detected using silence periods. A location beacon identifier is received from a mobile device allegedly within range of a location device transmitting location beacons, along with a timestamp of transmission for each of the location beacons. Also silence periods associated with the location device, during which transmissions of location beacons are temporarily discontinued, and which are unknown to the public, are determined or…
Security fabric for internet of things (IoT)
Granted: July 6, 2021
Patent Number:
11057345
The present invention relates to methods, systems and non-transitory computer-readable storage medium for managing IoT devices by a security fabric. According to one embodiment, an analyzing tier collects data of Internet of Things (IoT) devices from a plurality of data sources and abstracts profiled element baselines (PEBs) of IoT devices of the same type from the data. An executing tier retrieves the PEBs from the analyzing tier and generates security policies for IoT devices of the…
Management of internet of things (IoT) by security fabric
Granted: July 6, 2021
Patent Number:
11057344
The present invention relates to a methods, systems and non-transitory computer-readable storage medium for managing IoT devices by a security fabric. According to one embodiment, an analyzing tier collects data of Internet of Things (IoT) devices from a plurality of data sources and abstracts profiled element baselines (PEBs) of IoT devices of the same type from the data. An executing tier retrieves the PEBs from the analyzing tier and generates security policies for IoT devices of the…
DNS (domain name server)-based application-aware routing on SD-WAN (software-defined wide access network)
Granted: July 6, 2021
Patent Number:
11057304
Applications associated with the network data packet are identified by parsing the network data packet of the received network data packets to identify a second-level domain from a destination IP address and searching the second-level domain database to identify the application associated with the second-level domain. It is determined whether the network data packet comprises a DNS packet or a non-DNS packet. Responsive to the network data packet comprising a DNS packet, a second-level…
Artificial intelligence for mining crypto currency with access point stratum pools over data communication networks
Granted: July 6, 2021
Patent Number:
11055676
An access point switches between an access point mode and a cryptomining mode. In the access point mode, the access point provides network access for end stations using a BSSID (Basic Service Set Identifier) while in the access point mode. In surveillance mode, the access point activates a mining co-processor and collectively works on problems coordinated by a stratum mining server. Artificial intelligence can be used to determine which access points to switch modes and for how long.
DHCP agent assisted routing and access control
Granted: June 22, 2021
Patent Number:
11044138
Systems and methods for increasing layer 2 visibility of layer 3 network devices so as to facilitate implementation of device-oriented policy actions by layer 3 network devices are provided. According to one embodiment, unique physical addresses of one or more host devices are retrieved by a dynamic host configuration protocol (DHCP) agent that is operatively coupled with a DHCP server. The physical addresses are mapped to corresponding Internet Protocol (IP) addresses assigned by the…
Natively mounting storage for inspection and sandboxing in the cloud
Granted: June 15, 2021
Patent Number:
11036856
Systems and methods for continuously scanning and/or sandboxing files to protect users from accessing infected files by natively mounting public cloud file stores are provided. According to one embodiment, a determination is made by a network security device that is protecting the enterprise network regarding whether an untrusted file stored within a first repository of a public cloud file store, which is natively mounted on the network security device, is a clean file that is free of…
Forensic analysis
Granted: June 8, 2021
Patent Number:
11032301
A forensic analysis method performed in respect of an endpoint device connected to a computer network. The forensic analysis method comprises collecting file system call data from the endpoint device. The file system call data corresponds to a plurality of system calls relating to file system operations arising from activity performed on the endpoint device. The forensic analysis method also comprises collecting network communication metadata from the endpoint device. The network…
Controlling bandwidth usage by media streams by limiting streaming options provided to client systems
Granted: June 1, 2021
Patent Number:
11025970
Systems and methods for controlling network bandwidth utilization by media streaming services are provided. According to one embodiment, a data stream associated with streaming media content being requested from an external service provider by a client device associated with a private network is intercepted by a network manager associated with the private network. Streaming options made available for streaming the streaming media content are limited by the network manager by: (i)…
Security sanitization of USB devices
Granted: June 1, 2021
Patent Number:
11023575
Methods and systems for performing security sanitization of Universal Serial Bus (USB) devices are provided. According to one embodiment, existence of a Universal Serial Bus (USB) device connected to a USB port of a network security device is detected by the network security device. Responsive thereto, read and write access to a memory of the USB device is facilitated, by mounting, by the network security device, the USB device within a file system of the network security device.…
Building a cooperative security fabric of hierarchically interconnected network security devices
Granted: May 25, 2021
Patent Number:
11019029
Systems and methods for implementing a cooperative security fabric (CSF) protocol are provided. According to one embodiment, an NSD of multiple NSDs participates in the dynamic construction of a CSF interconnecting the NSDs in a form of a tree, having multiple nodes each representing one of the NSDs, based on hierarchical interconnections between the NSD and directly connected upstream and downstream NSDs. A communication channel is established by a backend daemon of the NSD with a…
