Detecting malicious resources in a network based upon active client reputation monitoring
Granted: November 15, 2016
Patent Number:
9497212
Systems and methods for detecting malicious resources by analyzing communication between multiple resources coupled to a network are provided. According to one embodiment, a method is performed for client reputation monitoring. A monitoring unit within a network observes activities relating to multiple monitored devices within the network. For each observed activity, the monitoring unit assigns a score to the observed activity based upon a policy of multiple polices established within…
Data leak protection
Granted: November 15, 2016
Patent Number:
9497192
Methods and systems for Data Leak Prevention (DLP) in an enterprise network are provided. According to one embodiment, a data leak protection method is provided. Information regarding a watermark filtering rule is received by a network security device. The information includes a sensitivity level and an action to be applied to files observed by the network security device that match the watermark filtering rule. A file attempted to be passed through the network security device is…
Firewall interface configuration to enable bi-directional VoIP traversal communications
Granted: November 15, 2016
Patent Number:
9497166
Methods and systems for an intelligent network protection gateway (NPG) and network architecture are provided. According to one embodiment, a firewall provides network-layer protection to internal hosts against unauthorized access by hosts of an external network by performing network address translation (NAT) processing of Internet Protocol (IP) addresses. The firewall also provides application-layer protection on behalf of the internal hosts and supports Voice over IP (VoIP) services by…
Context-aware pattern matching accelerator
Granted: November 8, 2016
Patent Number:
9491143
Methods and systems for improving accuracy, speed, and efficiency of context-aware pattern matching are provided. According to one embodiment, a packet stream is received by a first stage of a CPMP hardware accelerator of a network device. A pre-matching process is performed by the first stage to identify a candidate packet that matches a string or over-flow pattern associated with IPS or ADC rules. A candidate rule is identified based on a correlation of results of the pre-matching…
Increasing access point throughput by exceeding A-MPDU buffer size limitation in a 802.11 compliant station
Granted: October 11, 2016
Patent Number:
9467895
An 802.11-compliant device for high throughput is disclosed. A plurality of TCP packets received in a buffer for transmission are stored. The plurality of TCP packets can be aggregated as A-MSDU sub-frames to form a A-MSDU frame in accordance with an IEEE 802.11 standard. Additionally, a plurality of A-MSDU frames can be aggregated as A-MPDU sub-frames to form a A-MPDU frame. The A-MPDU frame is compliant with a number of allowable sub-frames and a maximum size in accordance with an…
Human user verification of high-risk network access
Granted: October 4, 2016
Patent Number:
9462007
Systems and methods for performing a human user test when a high-risk network access is captured by an intermediary security device are provided. According to one embodiment, network security application includes a network traffic control module, a human user test engine and a risk management module. The network traffic control module identifies a high-risk network access initiated by a device associated with a private network protected by the network security appliance. The human user…
Systems and methods for detecting undesirable network traffic content
Granted: October 4, 2016
Patent Number:
9461963
A method of detecting a content desired to be detected includes receiving electronic data at a first host, determining a checksum value using the received electronic data, sending the checksum value to a processing station, the processing station being a second host that is different from the first host, and receiving a result from the processing station, the result indicating whether the electronic data is associated with a content desired to be detected. A method of detecting a content…
Efficient data transfer in a virus co-processing system
Granted: October 4, 2016
Patent Number:
9460287
Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a processor maintains a page directory and a page table within a system memory that contain information for translating virtual addresses to physical addresses. Virus processing of a content object is offloaded to a hardware accelerator coupled to the processor by storing scanning parameters, including the content object and a type of the content object, to the…
Management of certificate authority (CA) certificates
Granted: September 27, 2016
Patent Number:
9455980
Systems and methods for automatically installing CA certificates received from a network security appliance by a client security manager to make the CA certificate become a trusted CA certificate to a client machine are provided. In one embodiment, a client security manager establishes a connection with a network security appliance through a network, wherein the client security manager is configured for managing security of a client at the client side and the network security appliance…
Dynamic generation of per-station realm lists for hot spot connections
Granted: September 27, 2016
Patent Number:
9456389
Per-station realm lists are dynamically generating per-station for hot spot connections to access points by roaming stations. A query for a list of realms is received from a roaming station when connecting to a hot spot. Using an MAC address or other station identity, a list of available realms narrowed to a subset of per-station realms sent to the station. Narrowing is performed on-the-fly with respect to at least one aspects. A last N realms are retrieved from a database record…
Load balancing in a network with session information
Granted: September 27, 2016
Patent Number:
9455956
Methods and systems for balancing load among firewall security devices (FSDs) are provided. According to one embodiment, session data, including session entries representing previously observed traffic sessions from a particular source to a particular destination and forming an association between the previously observed session and a particular FSD, is maintained by a switching device. When a TCP SYN packet is received, the switching device: (i) reduces its vulnerability to a TCP SYN…
Systems and methods for updating content detection devices and systems
Granted: September 20, 2016
Patent Number:
9450977
A method of updating a content detection module includes obtaining content detection data, and transmitting the content detection data to a content detection module, wherein the transmitting is performed not in response to a request from the content detection module. A method of sending content detection data includes obtaining content detection data, selecting an update station from a plurality of update stations, and sending the, content detection data to the selected update station. A…
Data leak protection in upper layer protocols
Granted: September 13, 2016
Patent Number:
9444788
Methods and systems for Data Leak Prevention (DLP) in a private network are provided. A data structure is maintained within a network security appliance identifying candidate upper layer protocols, corresponding commands of interest and a corresponding suspect field within each of the commands that is to be subjected to DLP scanning as a result of its potential for carrying sensitive information. A packet is received by the network security appliance. A protocol associated with the…
Calculating consecutive matches using parallel computing
Granted: September 6, 2016
Patent Number:
9438612
Methods and systems for determining consecutive matches are provided. According to one embodiment, a class definition and a data stream are received by a network security device. The data stream is partitioned into multiple data blocks each containing N data segments. Each data block is processed in parallel to compute: (i) a value (F) indicating whether every data segment value meets the class definition; (ii) a value (L) indicating a number of consecutive data segment values meeting…
Firewall policy management
Granted: September 6, 2016
Patent Number:
9438563
Methods and systems are provided for creation and implementation of firewall policies. Method of the present invention includes enabling a firewall device to maintain a log of network traffic flow observed by the device. The method further includes enabling firewall device to receive an administrator request for a customized report to be generated based on log of network traffic and generating the report by extracting information from the log based on report parameters, where the report…
Filtering hidden data embedded in media files
Granted: August 16, 2016
Patent Number:
9419998
Systems and methods for filtering unsafe content at a network security appliance are provided. According to one embodiment, a network security appliance captures network traffic and extracts a media file from the network traffic. The network security appliance then determines the presence of a hidden data item embedded in the media file in a machine-readable form. When such a hidden data item is identified, the network security appliance performs one or more actions on the media file…
Virus co-processor instructions and methods for using such
Granted: August 9, 2016
Patent Number:
9411960
Circuits and methods for detecting, identifying and/or removing undesired content are provided. According to one embodiment, a virus processing system includes a virus co-processor, a first memory, a general purpose processor (GPP) and a second memory. The first memory is communicably coupled to the co-processor via a first memory interface. The first memory includes a first signature compiled for execution on the co-processor. The GPP is communicably coupled to the co-processor. The…
Cloud-based security policy configuration
Granted: August 9, 2016
Patent Number:
9413724
Systems and methods for configuring security policies based on security parameters stored in a public or private cloud infrastructure are provided. According to one embodiment, a first network appliance logs into a cloud account. One or more security parameters of the first network appliance are synchronized, by the first network appliance, with corresponding security parameters shared by a second network appliance to the cloud account. A security policy that controls a connection…
Load balancing among a cluster of firewall security devices
Granted: August 9, 2016
Patent Number:
9413718
A method for balancing load among firewall security devices in a network is disclosed. According to one embodiment, a switch causes firewall security devices (FSDs) of a cluster to enter into a load balancing mode. Responsive to receiving a heartbeat signal from an FSD, information regarding the FSD and the port on which the heartbeat signal was received are added to a table maintained by the switch that maps outputs of a load balancing function to ports of the switch. A received packet…
Securing email communications
Granted: August 9, 2016
Patent Number:
9413716
Methods and systems are provided for securing email communications. According to one embodiment, a network device receives an outbound email originated by a computing device of an internal network and directed to a target recipient. It is determined whether a domain name of the target recipient is present in a global doppelganger database. When the domain name is determined to be present in the global doppelganger database, transmission of the outbound email to the target recipient is…
