Direct cache access for network input/output devices
Granted: February 28, 2017
Patent Number:
9584621
Methods and systems for improving efficiency of direct cache access (DCA) are provided. According to one embodiment, a set of DCA control settings are defined by a network I/O device of a network security device for each of multiple I/O device queues based on network security functionality performed by corresponding CPUs of a host processor. The control settings specify portions of network packets that are to be copied to a cache of the corresponding CPU. A packet is received by the…
Managing transmission and storage of sensitive data
Granted: February 28, 2017
Patent Number:
9584587
Systems and methods for injecting sensitive data into outgoing traffic that is to be sent to a remote server from a client by a network security appliance logically interposed between the server and the client are provided. According to one embodiment, the method includes intercepting, by a network security appliance, outgoing traffic from the client to the server. The network security appliance identifies a submission command within the outgoing traffic that is used for submitting…
Presentation of threat history associated with network activity
Granted: February 28, 2017
Patent Number:
9584536
Methods and systems for extracting, processing, displaying, and analyzing events that are associated with one or more threats are provided. According to one embodiment, threat information, including information from one or more of firewall logs and historical threat logs, is maintained in a database. Information regarding threat filtering parameters, including one or more of types of threats to be extracted from the database, parameters of the threats, network-level details of the…
Examining and controlling IPv6 extension headers
Granted: February 28, 2017
Patent Number:
9584478
Methods and systems for selectively blocking, allowing and/or reformatting IPv6 headers by traversing devices are provided. According to one embodiment, reputation information regarding observed senders of Internet Protocol (IP) version 6 (IPv6) packets and packet fragments is maintained by a traversing device based on conformity or nonconformity of extension headers contained within the IPv6 packets with respect to a set of security checks performed by the traversing device. When an…
Facilitating content accessibility via different communication formats
Granted: January 3, 2017
Patent Number:
9537820
Methods and systems for facilitating content accessibility via different communication formats are provided. According to one embodiment, a method is provided for directing content requests to an appropriate server. Information indicative of one or more communication formats via which a client device is capable of communication is caused to be stored on a client device by (i) sending to the client device a web page having embedded therein one or more of IPv4 and IPv6 test content; and…
Power saving in Wi-Fi devices utilizing bluetooth
Granted: January 3, 2017
Patent Number:
9538468
The present description provides methods, computer program products, and systems for saving power in Wi-Fi devices utilizing Bluetooth. A Wi-Fi radio transitions to deep sleep mode from active mode while a Bluetooth radio remains active. An active Wi-Fi connection to the access point can be maintained by the station while in deep sleep mode as needed to prevent being disassociated. Responsive to the indication of data packets waiting at the access point, sent over the Bluetooth radio,…
Steering connection requests for an access point to a best-serving access point
Granted: January 3, 2017
Patent Number:
9538460
Network devices are steered to preferred access points using a probability function. A probe request for connection is received from a network device. The probe request can be from a network device attempting to use a wireless network (e.g., a IEEE 802.11-type network or other suitable type of network). A probability function that defines a likelihood of granting the network device a connection is used to determine whether to accept or deny the response. The probe response is then sent…
Directed station roaming in cloud managed Wi-Fi network
Granted: January 3, 2017
Patent Number:
9538446
Directing station roaming in a cloud-managed Wi-Fi network. Management messages are received from a controller that is located remotely from the Wi-Fi communication network by an access point. When an RSSI (received signal strength indication) value between the station and the access point falls below a threshold, the access point (i.e., controller access point) determines which neighboring access point would be a best fit for a hand-off, with limited real-time input form the cloud-based…
Systems and methods for categorizing network traffic content
Granted: January 3, 2017
Patent Number:
9537871
A method for categorizing network traffic content includes determining a first characterization of the network traffic content determining a first probability of accuracy associated with the first characterization, and categorizing the network traffic content based at least in part on the first characterization and the first probability of accuracy. A method for use in a process to categorize network traffic content includes obtaining a plurality of data, each of the plurality of data…
Systems and methods for passing network traffic content
Granted: January 3, 2017
Patent Number:
9537826
A method for transmitting content data includes receiving content data, and passing at least a portion of the content data based on a size of the received content data. A method for transmitting content data includes receiving content data, and passing at least a portion of the content data based on a prescribed rate. A method for transmitting content data includes receiving content data, and passing at least a portion of the content data before performing policy enforcement on the…
Secure cloud storage distribution and aggregation
Granted: January 3, 2017
Patent Number:
9536103
Methods and systems for vendor independent and secure cloud storage distribution and aggregation are provided. According to one embodiment, an application programming interface (API) is provided by a cloud storage gateway device logically interposed between third-party cloud storage platforms and users of an enterprise. The API facilitates storing of files, issuing of search requests against the files and retrieval of content of the files. A file storage policy is assigned to each user,…
Method and system for dedicating processors for desired tasks
Granted: January 3, 2017
Patent Number:
9535760
Improving the performance of multitasking processors are provided. For example, a subset of M processors within a system with N processors is dedicated for a desired task. The M (where M>0) of the N processors are dedicate to a task, thus, leaving N?M (N minus M) processors for running normal operating system (OS). The processors dedicated to the task may have their interrupt mechanism disabled to avoid interrupt handler switching overhead. Therefore, these processors run in an…
Cloud based logging service
Granted: December 13, 2016
Patent Number:
9521159
Methods and systems are provided for facilitating access to a cloud-based logging service. According to one embodiment, access to a cloud-based logging service is integrated within a network security appliance by automatically configuring access settings for the logging service and creating an account for the security appliance with the logging service. A log is created within the logging service by making use of the automatically configured access settings and the account. A request is…
Securing email communications
Granted: December 13, 2016
Patent Number:
9521114
Methods and systems are provided for securing email communications. According to one embodiment, a network device receives an outbound email originated by a computing device of an internal network and directed to a target recipient. It is determined whether a domain name of the target recipient is present in a global doppelganger database. When the domain name is determined to be present in the global doppelganger database, transmission of the outbound email to the target recipient is…
Inheritance based network management
Granted: December 6, 2016
Patent Number:
9516034
Systems and methods for normalization of physical interfaces having different physical attributes are provided. According to one embodiment, information regarding multiple network devices is presented to a network manager. The network devices have substantially identical function. Two physical interfaces of two network devices that are to be normalized are identified. The physical interfaces are normalized by creating a virtual interface (VI) to which both correspond. A policy applicable…
Heterogeneous media packet bridging
Granted: November 29, 2016
Patent Number:
9509638
Methods and systems for bridging network packets transmitted over heterogeneous media channels are provided. According to one embodiment, a network switching/routing blade server comprises network modules, including a first and second set operable to receive packets having a first and second framing media format, respectively. A single bridging domain is provided by a shared bridging application. A memory stores data structures for translating between the first and second framing media…
Network policy assignment based on user reputation score
Granted: November 22, 2016
Patent Number:
9503477
A network controller device, systems, and methods thereof are described herein for enabling a mechanism of assigning network policies to one or more users based on their respective client reputation (CR) scores. CR scores indicate a measure of the level and kind of network activity that an internal resource does with external resources. Based on the evaluation of the CR score for a given user, system of the present invention can be configured to implement an appropriate policy on the…
Security information and event management
Granted: November 22, 2016
Patent Number:
9503421
Systems and methods are described for conducting work flows by an SIEM device to carry out a complex task automatically. According to one embodiment, an SIEM device may create a work flow that includes multiple security tasks that are performed by one or more security devices. When a security event is captured or the work flow is scheduled to be executed, the SIEM device starts the work flow by scheduling the security tasks defined in the work flow. The SIEM device then collects results…
Secure cloud storage distribution and aggregation
Granted: November 15, 2016
Patent Number:
9495556
Methods and systems for secure cloud storage are provided. According to one embodiment, a trusted gateway device establishes and maintains multiple cryptographic keys. A request is received by the gateway from a user of an enterprise network to store a file. The file is partitioned into chunks. A directory is created within a cloud storage service having a name attribute based on an encrypted version of a name of the file. For each chunk: (i) a cryptographic key is selected; (ii)…
Interface groups for rule-based network security
Granted: November 15, 2016
Patent Number:
9497162
Systems and methods for designating interfaces of a network security appliance as source/destination interfaces in connection with defining a security rule are provided. According to one embodiment, a security rule configuration interface is displayed through which a network administrator can specify parameters of security rules to be applied to traffic attempting to traverse the network security appliance. Information defining a traffic flow to be controlled by a security rule is…
