Data leak protection in upper layer protocols
Granted: December 10, 2019
Patent Number:
10505900
Methods and systems for Data Leak Prevention (DLP) in a private network are provided. According to one embodiment, a packet is received by a network security device. An upper layer protocol associated with the packet is identified. It is determined whether the identified upper layer protocol is one of multiple candidate upper layer protocols having a potential to carry sensitive information with reference to a database identifying the candidate upper layer protocols, corresponding…
System and method of discovering paths in a network
Granted: December 10, 2019
Patent Number:
10505804
Systems and methods for discovering, testing, and optimizing paths in a network are provided. According to one embodiment, configuration data of a first and second packet forwarding device is obtained by a first and second agent associated with the first and second packet forwarding devices, respectively. Existence of multiple of equal cost links coupling the first and second packet forwarding devices is discovered by a network controller based on the configuration data. For each equal…
Network appliance health monitor
Granted: December 10, 2019
Patent Number:
10505793
Systems and methods for monitoring failures of network devices and identifying potential sources of the failures by a device health monitor are provided. A device monitor receives a usage log of a network device over a network connection and analyzes an abnormal usage of the network device from the usage log. The device health monitor further retrieves environment information of the network device and analyzes a defect of the environment information of the network device by associating…
Polarity recognition and swapping for DC powered devices
Granted: December 10, 2019
Patent Number:
10505365
A system for recognizing and swapping polarity for DC powered devices that includes a polarity detection module that is configured to identify polarity of DC power input, and further configured to send an output to a controller based on identification of polarity of the DC power input. The system includes a power switch array that is operatively coupled with the controller, and wherein the controller, based on the output, can set one or more switches of the power switch array for…
Generating recommendations for achieving optimal cellular connectivity based on connectivity details and current and predicted future events
Granted: November 19, 2019
Patent Number:
10484891
Machine learning and data analytics based systems and methods for generating recommendations for achieving optimal cellular connectivity based on connectivity details and current and predicted future events are provided. According to one embodiment, a carrier connection status based recommendation system, receives data pertaining to past, current, and predicted connection/performance data of various wireless carriers that it can recommend for a network, real-time user reports, external…
Automatic electronic mail (email) encryption by email servers
Granted: November 19, 2019
Patent Number:
10484397
Systems and methods for automated email encryption between email servers are provided. According to one embodiment, an email, originated by a sender using a client device coupled with a private network and directed to a recipient, is received by an email server associated with the private network. A key server is queried for public keys of the recipient and the sender. When the recipient's public key is returned by the key server, it is used to encrypt the email message; otherwise, no…
Application-based network packet forwarding
Granted: November 19, 2019
Patent Number:
10484278
Methods and systems for detecting an application associated with a given IP flow and differentially forwarding packets based on determined application are provided. According to one embodiment, an initial Internet Protocol (IP) packet of an IP flow is received by a network device. An application with which the initial IP packet is associated is determined by the network device. Based on the determined application, a forwarding rule to be applied to the initial IP packet is identified by…
Deployment and configuration of access points
Granted: October 15, 2019
Patent Number:
10448244
Systems and methods for facilitating automated configuration and deployment of APs are provided. According to one embodiment, prior to deployment of a wireless access point (AP) within a private network, a cloud service receives a unique identifier associated with the AP and information regarding a network controller within the private network by which the AP will be managed. A mapping is stored by the cloud service between the unique identifier and the information regarding the network…
Spatiotemporal credential leak detection to prevent identity fraud using a log management system
Granted: October 15, 2019
Patent Number:
10445479
Metadata is received for different log events, from a plurality of regional controller nodes, implemented at least partially in hardware and geographically-dispersed around the data communication network for proximity to network devices. Each of the log events is reported by the network devices to a regional collector node of the plurality of regional controller nodes. Log events concerning a user authenticating to a network device that is geographically proximate to the user and…
QoS (quality of service) beamforming by centrally controlling real-time locationing to control beamforming transmissions from access points independent of beamforming capability of stations
Granted: October 8, 2019
Patent Number:
10440589
A quality of service is determined for the specific station. Quality of service defines whether the specific station receives beamforming service or not, independent of beamforming capability of the specific station. QoS can be implemented by centrally controlling the locationing for beamforming. The beamforming location information and QoS information are transmitted to an access point servicing the specific station. The access point transmits network packets with beamforming signals to…
Wireless station steering based on station data exchange capacity
Granted: September 24, 2019
Patent Number:
10425946
Wireless stations of a Wi-Fi network based are steered to either a high throughput channel or a low throughput channel based on data exchange capacity, in addition to dual-band capability. A probe request data packet from a wireless station seeking to join a channel of the plurality of channels supported by the access point is detected. Dual-band capability is determined as indicated by the probe request. Responsive to having dual-band capability, a high throughput capability of the…
Synchronizing configurations between access point controllers over N+1 network
Granted: September 17, 2019
Patent Number:
10420049
Systems and methods for synchronizing configurations between access point controllers (ACs) over N+1 network are provided. According to one embodiment, a first peer access point controller (AC) of a N+1 AC network sends a synchronizing request to a second peer AC of the n+1 AC network for synchronizing running configurations of the second peer AC. The first peer AC receives a running configuration package that contains the running configurations from the second peer AC and checks if the…
Scalable inline behavioral DDoS attack mitigation
Granted: September 17, 2019
Patent Number:
10419490
Methods and systems for a scalable solution to behavioral Distributed Denial of Service (DDoS) attacks targeting a network are provided. According to one embodiment, a method to determine the scaling treatment is provided for various granular layer parameters of the Open System Interconnection (OSI) model for communication systems. A hardware-based apparatus helps identify packet rates and determine packet rate thresholds through continuous and adaptive learning with multiple DDoS attack…
Stand-by controller assisted failover
Granted: September 17, 2019
Patent Number:
10419273
Methods and systems for standby controller aided failover are provided. According to one embodiment, an active control channel and an active data channel are established by an active controller with a managed device via a management protocol. A standby control channel and a standby data channel are established by a standby controller with the managed device via the management protocol. A keep-alive message is periodically sent by the standby controller to the active controller. When a…
Malware detection and classification based on memory semantic analysis
Granted: September 17, 2019
Patent Number:
10417420
Systems and methods for malware detection and classification based on semantic analysis of memory dumps of malware are provided. According to one embodiment, a malware detector running within a computer system causes a sample file to be executed within a target process that is monitored by a process monitor of the malware detector. One or more memory dumps associated with the sample file are captured by the process monitor. A determination regarding whether the sample file represents…
Detecting network traffic content
Granted: September 3, 2019
Patent Number:
10404724
A device for detecting network traffic content is provided. The device includes a memory configured for storing one or more signatures, each of the one or more signatures associated with content desired to be detected, and 5 defined by one or more predicates. The device also includes a processor configured to receive data associated with network traffic content, execute one or more instructions based on the one or more signatures and the data, and determine whether the network traffic…
Adaptive allocation for dynamic reporting rates of log events to a central log management server from distributed nodes in a high volume log management system
Granted: September 3, 2019
Patent Number:
10404558
Dynamic reporting rates for a log management system are adaptively allocated. Each individual controller node device of plurality of controller nodes is initially allocated an EPS rate limit for submitting event records to a log management system (e.g., an SIEM log management system) out of a licensed EPS rate. When surges are detected, the log management system dynamically reallocates proportions of EPS rates, within the licensed EPS rate. The individual EPS rate limit for at least one…
System and method for dynamic management of network device data
Granted: September 3, 2019
Patent Number:
10404555
A method and apparatus of a device that dynamically changes how management data is managed in response to events detected in a network system is described. In an exemplary embodiment, the device detects an event occurring in the network system. The device further determines if the event triggers a system change in how the management data is reported on one or more of the managed nodes. If the event notification does trigger the system change, for each of the one or more of the managed…
Telecommunication terminal
Granted: August 20, 2019
Patent Number:
10389423
A telecommunication terminal that integrated with a wireless access point is provided. According to one embodiment, a telecommunication terminal includes a local area network (LAN) port, a processor, an Internet Protocol (IP) phone unit, a wireless access point unit and a housing. The LAN port is connectable to an enterprise computer network via an Ethernet cable. The processor runs a host operating system (OS). The IP phone unit is implemented as an application that is loaded and run…
Managing transmission and storage of sensitive data
Granted: August 13, 2019
Patent Number:
10382525
Systems and methods for injecting sensitive data into outgoing traffic on behalf of a user of a private network are provided. According to one embodiment, a network security appliance maintains a database of sensitive data. Secure submission of sensitive data of a user is facilitated by the security appliance in connection with interactions between a client and a server by: (i) intercepting outgoing traffic from the client to the server; (ii) determining whether the outgoing traffic…
