Steering connection requests for an access point to a best-serving access point
Granted: May 12, 2020
Patent Number:
10652905
Network devices are steered to preferred access points using a probability function. A probe request for connection is received from a network device. The probe request can be from a network device attempting to use a wireless network (e.g., a IEEE 802.11-type network or other suitable type of network). A probability function that defines a likelihood of granting the network device a connection is used to determine whether to accept or deny the response. The probe response is then sent…
Forensic analysis
Granted: May 12, 2020
Patent Number:
10652255
The present invention relates to a forensic analysis method performed on a Distributed Computing System (DCS) (10) comprising a server (18) and at least one client machine (14). The method comprises collecting data in a client machine (14) of the DCS (10) to form a first data set, the collected data being a function call to a resource comprised in the DCS. The method further comprises applying a data reduction model to the first data set to form a second data set and processing the…
Containing internet of things (IOT) analytics poisoning on wireless local access networks (WLANs)
Granted: May 5, 2020
Patent Number:
10645585
An analytics containment system store RSSI values of connected stations and corresponding time stamps. If two or more stations have RSSI values within a certain proximity within a certain time period, a first condition for identifying analytics poisoning has been satisfied. Additionally, if RSSI values for the two or more stations changes at similar rate, the stations have satisfied a second optional condition.
Hardware-based detection devices for detecting unsafe network traffic content and methods of using the same
Granted: May 5, 2020
Patent Number:
10645097
A device for detecting network traffic content is provided. The device includes a first input port configured to receive one or more signatures, each of the one or more signatures associated with content desired to be detected, a second input port configured to receive data associated with network traffic content. The device also includes a processor configured to process the one or more signatures and the data to determine whether the network traffic content matches the content desired…
Generic and static detection of malware installation packages
Granted: April 14, 2020
Patent Number:
10621343
Systems and methods for generic and static detection of malware using machine learning are provided. According to one embodiment, a computing device receives an executable application or a part thereof. A package name associated with the received application is extracted. The received executable application is classified as being malicious or non-malicious based on evaluation of the package name using a language model. When the received executable application is classified as being…
Security information and event management
Granted: April 7, 2020
Patent Number:
10616258
Systems and methods for conducting correlation analysis for security events with assets attributes of a network by a SIEM device to enable more efficient reporting are provided. According to one embodiment, when a SIEM device obtains a security event, a risk level of the security event is calculated based on at least a correlation of the security event with one or more asset attributes of a network that is managed by the SIEM device. When the risk level meets a predetermined or…
Reducing redundant operations performed by members of a cooperative security fabric
Granted: March 17, 2020
Patent Number:
10595215
Systems and methods for coordinating security operations among members of a cooperative security fabric (CSF) are provided. According to one embodiment, a first network security appliance of a CSF receives incoming network traffic and determines if the incoming network traffic is transmitted from a second network security appliance based on the source address of the network traffic. If the incoming network traffic is from the second network security appliance, the first network security…
Configuring initial settings of a network security device via a hand-held computing device
Granted: March 17, 2020
Patent Number:
10594841
Process, equipment, and computer program product code for configuring a network security device using a hand-held computing device are provided. Default initial settings for a network security device are received by a mobile application running on a hand-held computing device. The default initial settings represent settings that allow the network security device to be remotely managed via a network to which the network security device is coupled. The default initial settings are…
Providing security in a communication network
Granted: March 17, 2020
Patent Number:
10594708
Systems and methods for optimizing system resources by selectively enabling various scanning functions of a network security device are provided. According to one embodiment, information specifying a set of reputable websites deemed to be trustworthy by one or more web filtering services is received by a network security device protecting a private network. One or more directives are received by the network security device from a network administrator via a GUI of the network security…
Securing internet of things (IOT) RF (radio frequency) location tags using source addresses to locate stations on a Wi-Fi network
Granted: March 3, 2020
Patent Number:
10579840
RF tags using source addresses to locate stations on a Wi-Fi network are secured. An RF location server receives a pseudo source address of an RF (radio frequency) tag from a station. The station obtains the pseudo source address while being within radio range of the RF tag and the station receiving a beacon frame from the RF tag. A source address for the RF tag is looked-up utilizing the pseudo source address, and a specific location for the RF tag is looked-up utilizing the source…
Rule based cache processing in application delivery controller for load balancing
Granted: February 11, 2020
Patent Number:
10560543
Methods and systems for improving performance of an HTTP cache are provided. According to one embodiment, an HTTP request is received by an ADC for a resource associated with a server on behalf of which the ADC is performing load balancing. The ADC determines based on a local HTTP cache whether it can service the request. The request is parsed to identify a header. The existence or non-existence of locally cached content matching the request is identified by comparing portions of the…
Application control
Granted: February 11, 2020
Patent Number:
10560362
Systems and methods for controlling applications on a network are provided. According to one embodiment, a network security device intercepts network traffic and conducts a heuristic detection of an application protocol used in the network traffic by multiple application protocol identifying engines defined in a heuristic rule. According to another embodiment, the network security device confirms a suspect application protocol as an actual application protocol used in the network traffic…
Remote wireless adapter
Granted: January 14, 2020
Patent Number:
10536850
Systems and methods are described for connecting a private network to the Internet through a remote wireless adapter. According to one embodiment, a remote wireless adapter sets up a tunnel with a network security device through a local area network (LAN) adapter of the remote wireless adapter and sets up a wide area network (WAN) connection through a wireless modem which is connected to the wireless adapter. The remote wireless adapter receives an outgoing data packet sent by the…
Multi-tiered sandbox based network threat detection
Granted: January 14, 2020
Patent Number:
10534909
Systems and methods for multi-tiered sandbox based network threat detection are provided. According to one embodiment, a file is received by a computer system. The file is caused to exhibit a first set of behaviors by processing the file within a virtualization application based environment of the computer system. The virtualization application based environment is created based on an application to which the file pertains. The file is further caused to exhibit a second set of behaviors…
Link aggregation and dynamic distribution of network traffic in a switching clos network
Granted: January 7, 2020
Patent Number:
10530680
Systems and methods are described for link aggregation and dynamic distribution of network traffic in a switching Clos network. In one embodiment of the present invention, a spine switch of a Clos network learns a first mapping of a Media Access Control (MAC) address of a client device to a first port of the spine switch and a second mapping of the MAC of the client device to a second port of the spine switch. The spine switch aggregates the first mapping and the second mapping as a link…
Uninterrupted flow processing by a software defined network (SDN) appliance despite a lost or disrupted connection with an SDN controller
Granted: January 7, 2020
Patent Number:
10530641
Systems and methods for allowing continuous network traffic processing by an SDN appliance despite a lost or disrupted connection with an SDN controller are provided. According to one embodiment, a software-defined networking (SDN) appliance receives one or more policies/flows from an SDN controller. The policies/flows are locally stored by the SDN appliance within the SDN appliance. Responsive to receipt of a packet to be processed by the SDN appliance, the SDN appliance queries the SDN…
Load balancing for a cloud-based Wi-Fi controller based on local conditions
Granted: December 24, 2019
Patent Number:
10517018
Load balancing for cloud-based monitoring of Wi-Fi devices on local access networks is based on local conditions. Requests for connection are received from Wi-Fi devices of the plurality of WLANs exceed a threshold. An indication of at least one condition for each of the WLANs is also received either with the connection request or separately. Example conditions include, without limitation, a number of local connections, network security breaches, guaranteed service levels, local latency…
Automated resolution of Wi-Fi connectivity issues over SMS
Granted: December 24, 2019
Patent Number:
10515318
Wi-Fi connectivity issues are automatically resolved over SMS. An SMS message including a MAC address is received for a station having a wireless connectivity issue involving a Wi-Fi portion of the data communication network. The SMS message is converted according to an API (application programming interface) of the network manager. Error logs are retrieved according to the MAC address. Based on the error logs, a connectivity solution (or other type of solution) to the connectivity issue…
System and method for dynamic management of network device data
Granted: December 17, 2019
Patent Number:
10511497
A method and apparatus of a device that dynamically changes how management data is managed in response to events detected in a network system is described. In an exemplary embodiment, the device receives an event notification from an agent associated with a managed node. The device further determines if the received event notification triggers a change in how the management data is managed on that manage node. If the event notification does trigger a change, the device determines a…
System and method of discovering paths in a network
Granted: December 10, 2019
Patent Number:
10505804
Systems and methods for discovering, testing, and optimizing paths in a network are provided. According to one embodiment, configuration data of a first and second packet forwarding device is obtained by a first and second agent associated with the first and second packet forwarding devices, respectively. Existence of multiple of equal cost links coupling the first and second packet forwarding devices is discovered by a network controller based on the configuration data. For each equal…
