Security fabric for internet of things (IoT)
Granted: July 6, 2021
Patent Number:
11057345
The present invention relates to methods, systems and non-transitory computer-readable storage medium for managing IoT devices by a security fabric. According to one embodiment, an analyzing tier collects data of Internet of Things (IoT) devices from a plurality of data sources and abstracts profiled element baselines (PEBs) of IoT devices of the same type from the data. An executing tier retrieves the PEBs from the analyzing tier and generates security policies for IoT devices of the…
Management of internet of things (IoT) by security fabric
Granted: July 6, 2021
Patent Number:
11057344
The present invention relates to a methods, systems and non-transitory computer-readable storage medium for managing IoT devices by a security fabric. According to one embodiment, an analyzing tier collects data of Internet of Things (IoT) devices from a plurality of data sources and abstracts profiled element baselines (PEBs) of IoT devices of the same type from the data. An executing tier retrieves the PEBs from the analyzing tier and generates security policies for IoT devices of the…
DNS (domain name server)-based application-aware routing on SD-WAN (software-defined wide access network)
Granted: July 6, 2021
Patent Number:
11057304
Applications associated with the network data packet are identified by parsing the network data packet of the received network data packets to identify a second-level domain from a destination IP address and searching the second-level domain database to identify the application associated with the second-level domain. It is determined whether the network data packet comprises a DNS packet or a non-DNS packet. Responsive to the network data packet comprising a DNS packet, a second-level…
Artificial intelligence for mining crypto currency with access point stratum pools over data communication networks
Granted: July 6, 2021
Patent Number:
11055676
An access point switches between an access point mode and a cryptomining mode. In the access point mode, the access point provides network access for end stations using a BSSID (Basic Service Set Identifier) while in the access point mode. In surveillance mode, the access point activates a mining co-processor and collectively works on problems coordinated by a stratum mining server. Artificial intelligence can be used to determine which access points to switch modes and for how long.
DHCP agent assisted routing and access control
Granted: June 22, 2021
Patent Number:
11044138
Systems and methods for increasing layer 2 visibility of layer 3 network devices so as to facilitate implementation of device-oriented policy actions by layer 3 network devices are provided. According to one embodiment, unique physical addresses of one or more host devices are retrieved by a dynamic host configuration protocol (DHCP) agent that is operatively coupled with a DHCP server. The physical addresses are mapped to corresponding Internet Protocol (IP) addresses assigned by the…
Natively mounting storage for inspection and sandboxing in the cloud
Granted: June 15, 2021
Patent Number:
11036856
Systems and methods for continuously scanning and/or sandboxing files to protect users from accessing infected files by natively mounting public cloud file stores are provided. According to one embodiment, a determination is made by a network security device that is protecting the enterprise network regarding whether an untrusted file stored within a first repository of a public cloud file store, which is natively mounted on the network security device, is a clean file that is free of…
Forensic analysis
Granted: June 8, 2021
Patent Number:
11032301
A forensic analysis method performed in respect of an endpoint device connected to a computer network. The forensic analysis method comprises collecting file system call data from the endpoint device. The file system call data corresponds to a plurality of system calls relating to file system operations arising from activity performed on the endpoint device. The forensic analysis method also comprises collecting network communication metadata from the endpoint device. The network…
Controlling bandwidth usage by media streams by limiting streaming options provided to client systems
Granted: June 1, 2021
Patent Number:
11025970
Systems and methods for controlling network bandwidth utilization by media streaming services are provided. According to one embodiment, a data stream associated with streaming media content being requested from an external service provider by a client device associated with a private network is intercepted by a network manager associated with the private network. Streaming options made available for streaming the streaming media content are limited by the network manager by: (i)…
Security sanitization of USB devices
Granted: June 1, 2021
Patent Number:
11023575
Methods and systems for performing security sanitization of Universal Serial Bus (USB) devices are provided. According to one embodiment, existence of a Universal Serial Bus (USB) device connected to a USB port of a network security device is detected by the network security device. Responsive thereto, read and write access to a memory of the USB device is facilitated, by mounting, by the network security device, the USB device within a file system of the network security device.…
Building a cooperative security fabric of hierarchically interconnected network security devices
Granted: May 25, 2021
Patent Number:
11019029
Systems and methods for implementing a cooperative security fabric (CSF) protocol are provided. According to one embodiment, an NSD of multiple NSDs participates in the dynamic construction of a CSF interconnecting the NSDs in a form of a tree, having multiple nodes each representing one of the NSDs, based on hierarchical interconnections between the NSD and directly connected upstream and downstream NSDs. A communication channel is established by a backend daemon of the NSD with a…
Optimization of MU-MIMO beamforming in a Wi-Fi communication network based on mobility profiles
Granted: May 11, 2021
Patent Number:
11006422
An access point associated on Wi-Fi portion of the communication network selectively groups stations according to a mobility profile. The mobility profile includes factors that characterize at least an amount of movement and current location for a station. Each station is assigned to a beamforming group of similar mobility profiles. A type of beamforming transmission is selected for each beamforming group based on mobility profiles of associated stations. The type of beamforming…
DNS-enabled communication between heterogeneous devices
Granted: April 27, 2021
Patent Number:
10992641
Methods and systems for an IPv4-IPv6 proxy mode for DNS servers are provided. According to one embodiment, a DNS query is received by a network device from a dual-stack client. A determination is made the network device whether a first record type containing an Internet Protocol (IP) address for a server associated with the query exists within a DNS database of the network device. If the first record type exists for the server, then communication is enabled between the client and the…
Application-specific airtime fairness in WLANS (wireless local access networks) based on time sensitivity of applications
Granted: April 20, 2021
Patent Number:
10986642
Network packets are pre-processed and stored in network queues based on time sensitivity and other factors. More specifically, a specific application associated with a specific session of the network packets locally at the access point is determined. An ATR is adjusted based on a priority of the application with respect to time sensitivity. Other factors include throughput capability of a wireless device.
Generating design verification test cases using a restricted randomization process based on variable dependencies
Granted: April 20, 2021
Patent Number:
10984158
Systems and methods for generating design verification test cases using a restricted randomization process are provided. According to one embodiment, a processor of a hardware design verification system receives a set of restrictions and defines a scenario involving the values that is to be excluded from the test case. The processor also receives pre-assigned values for one or more variables. For each variable other than the one or more variables, the processor assigns a first random…
Automatic virtual private network (VPN) establishment
Granted: April 13, 2021
Patent Number:
10979395
Systems and methods for automatic VPN establishment are provided. According to one embodiment, a P1 message is received by a hub network device (ND) a remote device (RD) of a spoke. P1 specifies VPN connection attributes corresponding to a lowest ENC/AUTH suite supported by RD. A VPN tunnel entry is automatically created by ND based on the VPN connection attributes. A P2 message is transmitted by ND specifying ENC/AUTH attributes based on corresponding ENC/AUTH of the VPN connection…
Reliable call hand-off from cellular networks to Wi-Fi networks
Granted: March 30, 2021
Patent Number:
10966131
Reliable call hand-offs from a cellular network to a Wi-Fi network. A hand-off controller detects a hand-off condition (e.g., hand-off request, potential/predicted hand-off request) and, in response, initiates a test call. For example, a telephone call made through a smart phone, using a cellular network (e.g., Verizon, AT&T or Sprint) can be handed over to a hot spot at a Starbucks. In response to detecting an available data network, transmission quality for VOIP conditions is…
Dynamic service-based load balancing in a software-defined wide area network (SD-WAN)
Granted: March 16, 2021
Patent Number:
10951529
Systems and methods for dynamic service-based load balancing in an SD-WAN are provided. According to one embodiment, a routing protocol daemon of an SDN controller within a spoke network receives a dynamically assigned subnet and associated attributes for a client device newly registered with the hub network. The routing protocol daemon tags the subnet with a route tag using a route map based on the received attributes meeting network administrator-defined match criteria for…
Accelerating computer network policy search
Granted: March 9, 2021
Patent Number:
10944724
Systems and methods for accelerating computer network policy searching are provided. According to one embodiment, a packet is received by a policy search engine (PSE) of a packet processing device. A set of candidate policies are identified from among multiple policies of the packet processing device by screening the multiple policies by a speculation unit of the PSE based on metadata associated with the received packet. Finally, a matching policy for the received packet is identified by…
Programmable, policy-based efficient wireless sniffing networks in WIPS (wireless intrusion prevention systems)
Granted: March 9, 2021
Patent Number:
10944650
A plurality of sniffing policies describing deep packet inspection processes performed on network traffic at sniffing access points from the plurality of access points is received. Network traffic levels are monitored at the plurality of access points and a level of sniffed traffic backhauled over the Wi-Fi network for analysis. A change can be detected in network traffic affecting a sniffing policy. Responsive to exceeding a certain level of sniffed traffic being backhauled, an amount…
User and IoT (internet of things) apparatus tracking in a log management system
Granted: March 2, 2021
Patent Number:
10938926
Network identity to User Identity and location mapping information can be found in various logs (such as Active Directory logs, DHCP logs, VPN logs, and WLAN authentication logs) and certain files such as router Layer 2 or 3 forwarding tables. For a large organization, this mapping can be dynamic. Accurate user identity and location information is crucial to assessing the security risk associated with a host and take corrective action. This invention discloses a distributed in-memory…
