Hardware-accelerated packet multicasting
Granted: February 5, 2019
Patent Number:
10200275
Methods and systems for hardware-accelerated packet multicasting are provided. According to one embodiment, a first multicast packet to be multicast to a first multicast destination is received by a virtual routing system. The multicast packet is caused to be transmitted to the multicast destination by: (i) directing the multicast packet to a first VR of multiple VRs instantiated within the virtual routing system by selecting the first VR from among the multiple VRs to multicast the…
Self-provisioning of a wireless communication network using coordination of data plane behavior to steer stations to preferred access points
Granted: January 29, 2019
Patent Number:
10194345
A wireless communication network is self-provisioned using coordination of data plane behavior to steer stations to preferred access points. To do so, a policy concerning traffic flow for the wireless communication network is received. Data plane traffic flow is monitored at each of the plurality of access points distributed around the wireless communication network. At some point, it may be determined the data plane traffic flow at a first access point from needs to be reduced based on…
Reducing multicast service traffic for matching and streaming in SDN (software defined networking enabled networks
Granted: January 29, 2019
Patent Number:
10193763
Multicast packets from streaming services on a data network are reduced. A packet conversion policy distributes OpenFlow rules to network components involved in multicasting services. In coordination with, and responsive to, detecting a matching service provider advertisement and service receiver request, executing an SDN policy governing a multicast streaming service. Specifically, multicast packets from a flow for streaming the multicast service are converted from multicast to unicast…
Monitoring wireless station experience on a wi-fi network by emulating client radios
Granted: January 22, 2019
Patent Number:
10187273
Wireless station experience is monitored by emulating client radios. A radio (or entire transceiver) from a plurality of radios on the access point is assigned to switch from a normal mode to a client mode to operate as a client radio. The client radio of the access point can send a probe request to a normal mode radio of the access point for registration as a client. Network performance can then be measured from the client radio and analyzed by the access point for network problems.
Dynamic application bandwidth throttling and station steering for access points based on QOE (quality of experience) on a wireless network
Granted: January 8, 2019
Patent Number:
10178570
Application bandwidth is dynamically throttled and/or stations are steered to different access points to maintain optimal QoE for stations on a wireless network. Responsive to a determination that the available bandwidth for the one or more applications is below a threshold for station QoE application minimum bandwidth, the current QoE station index is updated. Responsive to a determination that the current QoE station index is below a system determined QoE level, throttling the one or…
Augmented reality visualization device for network security
Granted: January 8, 2019
Patent Number:
10178130
Systems and methods for managing network security events with the assistance of augmented reality are provided. According to one embodiment, a reality image of a network object is captured by an augmented reality device. The network object is identified from the reality image by the augmented reality device. Dynamic network security information is received by the augmented reality device from a network security appliance associated with a network that is managing the network object. An…
Systems and methods for categorizing network traffic content
Granted: January 8, 2019
Patent Number:
10178115
A method for categorizing network traffic content includes determining a first characterization of the network traffic content determining a first probability of accuracy associated with the first characterization, and categorizing the network traffic content based at least in part on the first characterization and the first probability of accuracy. A method for use in a process to categorize network traffic content includes obtaining a plurality of data, each of the plurality of data…
Operation of a dual instruction pipe virus co-processor
Granted: January 8, 2019
Patent Number:
10176322
Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a method for performing content scanning of content objects is provided. A content object that is to be scanned is stored by a general purpose processor to a system memory of the general purpose processor. Content scanning parameters associated with the content object are set up by the general purpose processor. Instructions from a signature memory of a…
Denial-of-service (DoS) mitigation based on health of protected network device
Granted: January 1, 2019
Patent Number:
10171492
Systems and methods for improving the performance of DDoS mitigation by monitoring the health of a protected network resource are provided. According to one embodiment, health of a network device protected by DoS mitigation device can be evaluated and packet/traffic received on the DoS mitigation device can be selectively/conditionally forwarded to the protected network device or can be dropped based on the health of the protected network device. According to one embodiment, at-least a…
Network security management via social media network
Granted: January 1, 2019
Patent Number:
10171506
Systems and methods for managing users' local security policies based on social media network information are provided. According to one embodiment, a network security appliance of a private network receives authentication request from a client machine and provides a social login interface of a social media network to the client machine. After a user of the client machine is authenticated by the social media network through a personal social media network account of the user, the network…
Near real-time detection of denial-of-service attacks
Granted: January 1, 2019
Patent Number:
10171491
Methods and systems for detection and mitigation of denial-of-service (DoS) attacks against network applications/services/devices in near real-time are provided. According to one embodiment, multiple access requests are received at a network device from a source Internet Protocol (IP) address. Temporal and/or spacial information relating to the access requests are stored in a first database operatively coupled with the network device. It is determined based on a first defined condition…
Ransomware detection and damage mitigation
Granted: January 1, 2019
Patent Number:
10169586
Systems and methods for file encrypting malware detection are provided. According to one embodiment, a monitoring module is installed within active processes running on a computer system by a kernel mode driver. Performance of a directory traversal operation on a directory of the computer system is detected by a monitoring module of a first process of the multiple active processes in which a parameter of the traversal operation includes a wildcard character. When a number of…
Network flow analysis
Granted: December 25, 2018
Patent Number:
10164846
Systems and methods for a network flow analysis service that facilitates collection, analysis and sharing of information regarding network flows are provided. According to one embodiment, a network flow analysis service provider collects network traffic information of network flows from a plurality of different network sources, analyzes at least one attribute associating with the network flows based on the network traffic information; and distributes the at least one attribute to…
Steering wireless local area network (WLAN) clients
Granted: December 18, 2018
Patent Number:
10159039
Systems and methods for steering WiFi clients based on capabilities of the clients and access points (APs) are provided. According to one embodiment, multiple access points (APs) of a wireless local area network (WLAN) receives probe requests from a WLAN client for joining the WLAN. The APs forward the probe requests to an AP controller (AC) that controls the APs of the WLAN. The AC selects one or more of the multiple APs based at least on the matching of the capability of the WLAN…
Network processing unit (NPU) integrated layer 2 network device for layer 3 offloading
Granted: December 4, 2018
Patent Number:
10148576
Systems and methods for facilitating offloading of communication sessions from layer 3 network devices are provided. According to one embodiment, session information pertaining to a session capable of being offloaded is received from a layer 3 network device by a layer 2 network device that includes multiple network processing units (NPUs). The session is assigned to one of the NPUs. Subsequently, responsive to receiving, by the layer 2 network device, a packet associated with the…
Selective enforcement of event record purging in a high volume log system
Granted: December 4, 2018
Patent Number:
10148698
Event record purging is selectively enforced in a high volume log system. A plurality of data retention policies is received for one or more data types. Each data retention policy can describe a retention duration for enforcement of different data types with respect to online retention and offline retention. Only online compressed file from a period of time potentially containing event records with an expiring retention duration are uncompressed. Other files are ignored to save I/O…
Detection of unwanted electronic devices to provide, among other things, internet of things (IoT) security
Granted: December 4, 2018
Patent Number:
10148691
Systems and methods for detection of undesired/unwanted electronic devices are provided. According to one embodiment, a spectral signature of an electronic device is received by a sensing device configured to detect presence of an unwanted electronic device in proximity to an electronic device environment. The received spectral signature is matched against multiple stored spectral signatures of one or more electronic devices associated with the electronic device environment. When the…
Content filtering of remote file-system access protocols
Granted: December 4, 2018
Patent Number:
10148687
Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a proxy, implemented within a network gateway device of a private network, monitors remote file-system access protocol sessions involving client computer systems and a server computer system associated with the private network. For each file on a share of the server computer system being accessed by one or more of the client computer systems: (i) a shared holding…
Firewall policy management
Granted: December 4, 2018
Patent Number:
10148620
Methods and systems are provided for creation and implementation of firewall policies. According to one embodiment, a firewall maintains a log of observed network traffic flows. An administrator may request the firewall to generate a customized report based on the logged network traffic by extracting information from the log based on specified report parameters. The report includes aggregated network traffic items and one or more corresponding action objects. Responsive to receipt of a…
Application based conditional forwarding and load balancing in a software defined networking (SDN) architecture
Granted: December 4, 2018
Patent Number:
10148594
Systems and methods for an SDN switch that provides application-based conditional forwarding and session-aware load balancing are provided. According to one embodiment, a packet is received at an input port of a Software Defined Networking (SDN) switch. The packet is forwarded by the SDN switch to a first flow processing unit (FPU) of multiple FPUs of the SDN switch. The first FPU determines whether the packet is to be tracked. And, if so, the received packet is transmitted to a second…
