Enhancing security of a cloud deployment based on learnings from other cloud deployments
Granted: October 22, 2024
Patent Number:
12126695
Learning from other cloud deployments to combat security threats, including: identifying, for at least a portion of a first cloud deployment, one or more additional cloud deployments to utilize for cross-customer learning; receiving information describing a security threat to one or more of the additional cloud deployments; receiving information describing configuration settings used to combat the security threat; and identifying, based on the information describing configuration…
Leveraging generative artificial intelligence (‘AI’) for securing a monitored deployment
Granted: October 22, 2024
Patent Number:
12126643
Leveraging generative artificial intelligence (‘AI’) for securing a monitored deployment, including: receiving natural language input associated with the monitored deployment, the monitored deployment monitored by a monitoring tool; and receiving, from a generative AI application, a response to the natural language input, wherein: the generative AI application accesses publicly available information as well as data sources associated with the monitoring tool; and the response is…
Content presentation based on access point location
Granted: October 22, 2024
Patent Number:
12125061
Methods and systems for AP location based content presentation are provided. According to one embodiment, a web service receives from a widget executing within a web page requested by a wireless computing device of multiple wireless computing devices operating within an enterprise, a unique identifier of the wireless computing device. An access point (AP) identifier is determined for an AP of multiple APs of the enterprise that is servicing the wireless computing device by querying a log…
Detecting threats against computing resources based on user behavior changes
Granted: October 15, 2024
Patent Number:
12120140
An illustrative method includes generating, based on log data associated with at least one user session in a network environment associated with a user, a logical graph, wherein the logical graph comprises: (1) a first node corresponding to the user, (2) a plurality of additional nodes, and (3) a set of edges connecting the first node to one or more of the additional nodes, wherein each edge in the set of edges represents a change in behavior of the user; using the logical graph to…
Systems and methods for quantifying file access risk exposure by an endpoint in a network environment
Granted: October 8, 2024
Patent Number:
12111919
Systems, devices, and methods are discussed for identifying possible improper file accesses by an endpoint device. In some cases an agent is placed on each system to be surveilled that records the absolute paths for each file accessed for each user. This information may be accumulated and sent to a central server or computer for analysis of all such file accesses on a user basis. In some cases, a file access tree is created, and in some implementations be pruned of branches and leaves if…
Systems and methods for automated incident management
Granted: September 24, 2024
Patent Number:
12101231
Systems, devices, and methods are discussed for automating incident management.
Systems and methods for SD-WAN setup automation
Granted: September 3, 2024
Patent Number:
12081400
Various embodiments provide systems and methods for automating an SD-WAN setup process.
Systems and methods for automated risk-based network security focus
Granted: September 3, 2024
Patent Number:
12081577
Systems, devices, and methods are discussed for automatically determining a risk-based focus in determining zero trust network access policy on one or more network elements.
Management of internet of things (IoT) by security fabric
Granted: September 3, 2024
Patent Number:
12081520
The present invention relates to a method for managing IoT devices by a security fabric. A method is provided for managing IoT devices comprises collecting, by analyzing tier, data of Internet of Things (IoT) devices from a plurality of data sources, abstracting, by analyzing tier, profiled element baselines (PEBs) of IoT devices from the data, wherein each PEB includes characteristics of IoT devices; retrieving, by executing tier, the PEBs from the analyzing tier, wherein the executing…
Automatic configuration of SD-WAN link rules on a per application basis using real-time network conditions
Granted: September 3, 2024
Patent Number:
12081447
New link requests are received and an application making the request is identified. SD-WAN parameters are retrieved from an application control database. A first parameter is a JLP loss requirement for the application, and can be either low JLP, medium JLP, or high JLP SLA level. A second parameter a downstream/upstream bandwidth capability requirement. Links are determined from the pool of available links that meet the JLP requirement. One of the links is selected for the new link…
Cache look up during packet processing by uniformly caching non-uniform lengths of payload data in a dual-stage cache of packet processors
Granted: September 3, 2024
Patent Number:
12079136
At a first stage, cells of a row of the index table are searched, using a portion of the unified hash value bits as index to identify the row of the index table. Also, a pointer to the content table is identified by comparing an index table tag of an entry of a cell with a calculated tag of the hash to identify a cell in the row. At a second stage, a cell is looked up in the content table, responsive to a match of calculated tag of the hash and index table tag of entry, comparing the…
Controlling wi-fi traffic from network applications with centralized firewall rules implemented at the edge of a data communication network
Granted: August 27, 2024
Patent Number:
12075249
Application data collected by an IDS (intrusion detection system) on the data communication network and concerning applications executing on stations coupled to the plurality of access points, is received. Additionally, firewall rules for applications from a firewall device coupled to the data communication network and providing firewall services to the plurality of access points, including outbound traffic from the plurality of access points, are received. The firewall rules can be…
Preventing DHCP pool exhaustion and starvation with centralized arp protocol messages
Granted: August 27, 2024
Patent Number:
12074889
A low number of available Internet Protocol (IP) addresses is detected in an IP pool that available for lease from the Dynamic Host Configuration Protocol (DHCP) server. A neighbor table from a gateway device behind a firewall that blocks Internet Control Message Protocol (ICMP) echo requests from the DHCP server. The gateway device is triggered to broadcast an Address Resolution Protocol (ARP) request to network devices of the neighbor table behind the firewall to determine whether a…
Software defined network access for endpoint
Granted: August 27, 2024
Patent Number:
12074788
Multiple types of lines are made simultaneously available, including a Wi-Fi link, a cell link and a wired link. A list of running cloud applications is identified by monitoring A quality of each available link for each running cloud application is periodically tested, including measurements of latency, jitter and packet loss. A first link is selected for a first application and a second link is selected for a second application. Data packets related to the first application are…
Systems and methods for posture checking across local network zone ZTNA control
Granted: August 20, 2024
Patent Number:
12069187
Systems, devices, and methods are discussed for providing ZTNA control across multiple related, but independently provisioned networks.
Artificial virtual machine for preventing malware execution by applying virtual machine characteristics in real computing environments
Granted: August 20, 2024
Patent Number:
12069093
A process being initiated for exposure to an operating system of the computer device is detected. A control module can then check whether the process has been whitelisted, and if not, activate an artificial virtual machine to test the process prior to direct exposure to an operating system of the real computing environment. The control module can detect when the process responds to the presumed virtual environment preventing execution. A security action can then be taken on the process…
Securing intra-vehicle communications via a controller area network bus system based on behavioral statistical analysis
Granted: August 20, 2024
Patent Number:
12069027
Systems and methods for enforcement of secure data communications between nodes of a Controller Area Network (CAN) bus implemented in a vehicle are provided. According to one embodiment, a node coupled with the CAN bus receives a data frame broadcast from a source node and extracts information from the data frame. The node analyzes coherence between the extracted information and historical information observed by the node. When a result of the analyzing coherence indicates that the data…
Non-interfering access layer end-to-end encryption for IOT devices over a data communication network
Granted: August 13, 2024
Patent Number:
12063207
Once a new session of data packets is detected, whether to proxy encrypt the data packets, on behalf of a specific headless endpoint device from the plurality of headless endpoint devices for a session, is determined based on analysis of payload data of a data packet from a session. Responsive to a determination to proxy encrypt data packets, encryption attributes are set up between a local data port on the network device and a remote data port on a remote network device as parsed from a…
Chassis system management through data paths
Granted: July 30, 2024
Patent Number:
12052219
A firewall processing card from a plurality of firewall processing cards coupled to a chassis, is selected by a load balancing engine (or other mechanism) and receives the data packet over the fabric channel. First, if the session match exists to management-type data packets the data packet is returned to the I/O board and if a match exists to user data packets the data packet is sent to a firewall service of the firewall processing card. If no session match exists, the firewall…
Systems and methods for security policy organization using a dual bitmap
Granted: July 30, 2024
Patent Number:
12052287
Systems, devices, and methods are discussed for classifying a number of security policies in relation to criteria for applying those security policies to yield a dual bitmap scheme representing a correlation between security policies and one or more criteria.
