Systems and methods for automated risk-based network security focus
Granted: September 3, 2024
Patent Number:
12081577
Systems, devices, and methods are discussed for automatically determining a risk-based focus in determining zero trust network access policy on one or more network elements.
Management of internet of things (IoT) by security fabric
Granted: September 3, 2024
Patent Number:
12081520
The present invention relates to a method for managing IoT devices by a security fabric. A method is provided for managing IoT devices comprises collecting, by analyzing tier, data of Internet of Things (IoT) devices from a plurality of data sources, abstracting, by analyzing tier, profiled element baselines (PEBs) of IoT devices from the data, wherein each PEB includes characteristics of IoT devices; retrieving, by executing tier, the PEBs from the analyzing tier, wherein the executing…
Automatic configuration of SD-WAN link rules on a per application basis using real-time network conditions
Granted: September 3, 2024
Patent Number:
12081447
New link requests are received and an application making the request is identified. SD-WAN parameters are retrieved from an application control database. A first parameter is a JLP loss requirement for the application, and can be either low JLP, medium JLP, or high JLP SLA level. A second parameter a downstream/upstream bandwidth capability requirement. Links are determined from the pool of available links that meet the JLP requirement. One of the links is selected for the new link…
Systems and methods for SD-WAN setup automation
Granted: September 3, 2024
Patent Number:
12081400
Various embodiments provide systems and methods for automating an SD-WAN setup process.
Cache look up during packet processing by uniformly caching non-uniform lengths of payload data in a dual-stage cache of packet processors
Granted: September 3, 2024
Patent Number:
12079136
At a first stage, cells of a row of the index table are searched, using a portion of the unified hash value bits as index to identify the row of the index table. Also, a pointer to the content table is identified by comparing an index table tag of an entry of a cell with a calculated tag of the hash to identify a cell in the row. At a second stage, a cell is looked up in the content table, responsive to a match of calculated tag of the hash and index table tag of entry, comparing the…
Controlling wi-fi traffic from network applications with centralized firewall rules implemented at the edge of a data communication network
Granted: August 27, 2024
Patent Number:
12075249
Application data collected by an IDS (intrusion detection system) on the data communication network and concerning applications executing on stations coupled to the plurality of access points, is received. Additionally, firewall rules for applications from a firewall device coupled to the data communication network and providing firewall services to the plurality of access points, including outbound traffic from the plurality of access points, are received. The firewall rules can be…
Preventing DHCP pool exhaustion and starvation with centralized arp protocol messages
Granted: August 27, 2024
Patent Number:
12074889
A low number of available Internet Protocol (IP) addresses is detected in an IP pool that available for lease from the Dynamic Host Configuration Protocol (DHCP) server. A neighbor table from a gateway device behind a firewall that blocks Internet Control Message Protocol (ICMP) echo requests from the DHCP server. The gateway device is triggered to broadcast an Address Resolution Protocol (ARP) request to network devices of the neighbor table behind the firewall to determine whether a…
Software defined network access for endpoint
Granted: August 27, 2024
Patent Number:
12074788
Multiple types of lines are made simultaneously available, including a Wi-Fi link, a cell link and a wired link. A list of running cloud applications is identified by monitoring A quality of each available link for each running cloud application is periodically tested, including measurements of latency, jitter and packet loss. A first link is selected for a first application and a second link is selected for a second application. Data packets related to the first application are…
Artificial virtual machine for preventing malware execution by applying virtual machine characteristics in real computing environments
Granted: August 20, 2024
Patent Number:
12069093
A process being initiated for exposure to an operating system of the computer device is detected. A control module can then check whether the process has been whitelisted, and if not, activate an artificial virtual machine to test the process prior to direct exposure to an operating system of the real computing environment. The control module can detect when the process responds to the presumed virtual environment preventing execution. A security action can then be taken on the process…
Systems and methods for posture checking across local network zone ZTNA control
Granted: August 20, 2024
Patent Number:
12069187
Systems, devices, and methods are discussed for providing ZTNA control across multiple related, but independently provisioned networks.
Securing intra-vehicle communications via a controller area network bus system based on behavioral statistical analysis
Granted: August 20, 2024
Patent Number:
12069027
Systems and methods for enforcement of secure data communications between nodes of a Controller Area Network (CAN) bus implemented in a vehicle are provided. According to one embodiment, a node coupled with the CAN bus receives a data frame broadcast from a source node and extracts information from the data frame. The node analyzes coherence between the extracted information and historical information observed by the node. When a result of the analyzing coherence indicates that the data…
Non-interfering access layer end-to-end encryption for IOT devices over a data communication network
Granted: August 13, 2024
Patent Number:
12063207
Once a new session of data packets is detected, whether to proxy encrypt the data packets, on behalf of a specific headless endpoint device from the plurality of headless endpoint devices for a session, is determined based on analysis of payload data of a data packet from a session. Responsive to a determination to proxy encrypt data packets, encryption attributes are set up between a local data port on the network device and a remote data port on a remote network device as parsed from a…
Systems and methods for security policy organization using a dual bitmap
Granted: July 30, 2024
Patent Number:
12052287
Systems, devices, and methods are discussed for classifying a number of security policies in relation to criteria for applying those security policies to yield a dual bitmap scheme representing a correlation between security policies and one or more criteria.
Chassis system management through data paths
Granted: July 30, 2024
Patent Number:
12052219
A firewall processing card from a plurality of firewall processing cards coupled to a chassis, is selected by a load balancing engine (or other mechanism) and receives the data packet over the fabric channel. First, if the session match exists to management-type data packets the data packet is returned to the I/O board and if a match exists to user data packets the data packet is sent to a firewall service of the firewall processing card. If no session match exists, the firewall…
Systems and methods for arbitrated failover control using countermeasures
Granted: July 23, 2024
Patent Number:
12047226
Various approaches for multi-node network cluster systems and methods. In some cases systems and methods for incident detection and/or recovery in multi-node processors are discussed.
Resolving the disparate impact of security exploits to resources within a resource group
Granted: July 16, 2024
Patent Number:
12041065
Systems, methods, and apparatuses enable one or more security microservices to resolve the disparate impact of security exploits to resources within a resource group. When a resource group is determined to be impacted by a security exploit, the one or more security microservices determines whether the members of the resource group are disparately impacted. In response, the one or more security microservices splits the resource group into an impacted resource group and a non-impacted…
Systems and methods for security policy application based upon a dual bitmap scheme
Granted: July 16, 2024
Patent Number:
12041032
Systems, devices, and methods are discussed for identifying security policies applicable to a received information packet based upon a dual bitmap scheme accounting for bit position mergers and/or policies common to multiple bit positions.
Systems and methods for scalable zero trust security processing
Granted: July 9, 2024
Patent Number:
12034769
Various approaches for providing scalable network access processing. In some cases, approaches discussed relate to systems and methods for providing scalable zero trust network access control.
Convex optimized stochastic vector sampling based representation of ground truth
Granted: June 4, 2024
Patent Number:
12001515
Systems and methods are described for training a machine learning model using intelligently selected multiclass vectors. According to an embodiment, a processing resource of a computing system receives a first set of un-labeled feature vectors. The first set feature vectors are homomorphically translated using a T-Distributed Stochastic Neighbor Embedding (t-SNE) algorithm to obtain a second set of feature vectors with reduced dimensionality. The second set of feature vectors are…
Systems and methods for preventing data leaks over RTP or SIP
Granted: June 4, 2024
Patent Number:
12003484
Systems, devices, and methods are discussed for avoiding data thefts in real-time transactions.
