Direct cache access for network input/output devices
Granted: February 16, 2016
Patent Number:
9264509
Methods and systems for improving efficiency of direct cache access (DCA) are provided. According to one embodiment, a DCA control is defined by a network Input/Output (I/O) device for an I/O device queue corresponding to a central processing unit (CPU) of a host processor. A part of an incoming packet is configured by the DCA control to be copied to a cache of the CPU. The incoming packet is parsed by the network I/O device based on one or more of packet analysis, packet protocol,…
Tunnel interface for securing traffic over a network
Granted: February 9, 2016
Patent Number:
9258280
Methods and systems for a flexible, scalable hardware and software platform that allows a managed security service provider to easily provide security services to multiple customers are provided. According to one embodiment, a method is provided for delivering customized network services to subscribers of the service provider. A request is received, at a service management system (SMS) of the service provider, to establish an Internet Protocol (IP) connection between a first and second…
Computerized system and method for advanced network content processing
Granted: February 2, 2016
Patent Number:
9253155
A computerized system and method for processing network content in accordance with at least one content processing rule is provided. According to one embodiment, the network content is received at a first interface. A transmission protocol according to which the received network content is formatted is identified and used to intercept at least a portion of the received network content. The intercepted portion of the network content is redirected to a proxy, which buffers the redirected…
Data leak protection
Granted: January 26, 2016
Patent Number:
9246927
Methods and systems for Data Leak Prevention (DLP) in an enterprise network are provided. According to one embodiment a data leak protection method is provided. Information regarding a watermark filtering rule is received by a network device. The information includes a sensitivity level and an action to be applied to files observed by the network device that match the watermark filtering rule. A file attempted to be passed through the network device is received by the network device. A…
Computerized system and method for deployment of management tunnels
Granted: January 19, 2016
Patent Number:
9240890
Methods and systems for deploying management tunnels between managed and managing devices are provided. According to one embodiment, network devices, including a peer managed device, a management device and a trusted peer managed device are deployed within a network. The network devices are pre-configured to form a web of trust by storing within each network device (i) a digital certificate signed by a manufacturer or a distributor and (ii) a unique identifier. The peer managed device…
Systems and methods for categorizing network traffic content
Granted: January 12, 2016
Patent Number:
9237160
A method for categorizing network traffic content includes determining a first characterization of the network traffic content determining a first probability of accuracy associated with the first characterization, and categorizing the network traffic content based at least in part on the first characterization and the first probability of accuracy. A method for use in a process to categorize network traffic content includes obtaining a plurality of data, each of the plurality of data…
Load balancing in a network with session information
Granted: January 12, 2016
Patent Number:
9237132
Methods and systems for balancing load among firewall security devices (FSDs) are provided. According to one embodiment, a switch maintains session data the session entries of which represent established traffic sessions between a source and a destination and form an association between the traffic session and a particular FSD. A data packet of a traffic session from a client device directed to a target device is received at the switch. When none of the session entries are determined to…
Systems and methods for updating content detection devices and systems
Granted: January 5, 2016
Patent Number:
9231968
Systems, methods, and software for processing received network traffic content in view of content detection data and configuration data to either block, permit, or to further evaluate network traffic content when entering a network.
Human user verification of high-risk network access
Granted: January 5, 2016
Patent Number:
9231910
Systems and methods for performing a human user test when a high-risk network access is captured by an intermediary security device are provided. According to one embodiment, a request that is sent from a client to a server is captured by an intermediary security device logically interposed between the client and the server. A human user test message is sent by the intermediary security device to the client to verify that the request was initiated by a human user of the client. A…
Data leak protection in upper layer protocols
Granted: December 29, 2015
Patent Number:
9225734
Methods and systems for Data Leak Prevention (DLP) in a private network are provided. According to one embodiment, a data packet is received by a network security appliance. The data packet is originated by a first networking device within a network protected by the network security appliance and is directed to a second networking device that is outside the network. The data packet is decoded in accordance with an upper layer protocol through which the data packet is being transmitted. A…
Integrated security switch
Granted: December 29, 2015
Patent Number:
9225683
An integrated security switch and related method for managing connectivity and security among networks. The integrated security switch includes a security function connectable with a first network and at least one switching function connectable with a second network. A common management interface driven by both command line interface and graphic user interface protocols manages the switching function via a management path dedicated between the security function and the switching…
Virus co-processor instructions and methods for using such
Granted: December 22, 2015
Patent Number:
9219748
Circuits and methods for detecting, identifying and/or removing undesired content are provided. According to one embodiment, a method for virus processing is provided. A virus signature file that includes multiple virus signatures capable of detecting and identifying a variety of known viruses is downloaded by a general purpose processor. It is determined by the general purpose processor whether a virus co-processor is coupled to the general purpose processor. When the virus co-processor…
Data leak protection in upper layer protocols
Granted: November 24, 2015
Patent Number:
9197628
Methods and systems for Data Leak Prevention (DLP) in a private network are provided. According to one embodiment, information is received from an administrator (i) defining a DLP rule to be applied to packets associated with an upper layer protocol and (ii) defining an action to take when a condition associated with the rule is satisfied. The rule includes a regular expression and/or a string that is configured to detect existence of sensitive information. A packet originated by a host…
Cloud based logging service
Granted: November 24, 2015
Patent Number:
9197521
Methods and systems are provided for providing access to a cloud-based logging service to a user without requiring user registration. According to one embodiment, access to a cloud-based logging service is integrated within a network security gateway appliance by automatically configuring access settings for the logging service without registering the gateway appliance with the logging service. A traffic or event log is transparently created within the logging service by making use of…
Heterogeneous media packet bridging
Granted: November 10, 2015
Patent Number:
9185050
Methods and systems for bridging network packets transmitted over heterogeneous media channels are provided. According to one embodiment, a network device comprises network interfaces (netmods), including a first and second set operable to receive packets encapsulated within a first and second set of media transmissions, respectively, and each having a first and second framing media format, respectively. A single bridging domain is provided by a shared bridging application. A memory…
Scalable inline behavioral DDOS attack mitigation
Granted: October 27, 2015
Patent Number:
9172721
Methods and systems for a scalable solution to behavioral Distributed Denial of Service (DDoS) attacks targeting a network are provided. According to one embodiment, a method to determine the scaling treatment is provided for various granular layer parameters of the Open System Interconnection (OSI) model for communication systems. A hardware-based apparatus helps identify packet rates and determine packet rate thresholds through continuous and adaptive learning with multiple DDoS attack…
Firewall interface configuration to enable bi-directional VoIP traversal communications
Granted: October 27, 2015
Patent Number:
9172677
Methods and systems for an intelligent network protection gateway (NPG) and network architecture are provided. According to one embodiment, a firewall provides network-layer protection to internal hosts against unauthorized access by hosts of an external network by performing network address translation (NAT) processing of Internet Protocol (IP) addresses. The firewall changes data in headers of VoIP packets and corresponding data contents of the VoIP packets, to enable bi-directional…
Scalable IP-services enabled multicast forwarding with efficient resource utilization
Granted: October 20, 2015
Patent Number:
9167016
Methods, apparatus and data structures are provided for managing multicast IP flows. According to one embodiment, active multicast IP sessions are identified by a network device. A data structure is maintained by the network device and contains therein information regarding the multicast sessions, including a first value for each of the multicast sessions, at least one chain of one or more blocks of second values and one or more transmit control blocks (TCBs). Each first value is…
Scalable IP-services enabled multicast forwarding with efficient resource utilization
Granted: October 20, 2015
Patent Number:
9166805
Methods, apparatus and data structures are provided for managing multicast IP flows. According to one embodiment, a network switch module includes a memory and multiple processors partitioned among multiple virtual routers (VRs). Each VR maintains a data structure containing therein information regarding the multicast sessions, including a first value for each of the multicast sessions, at least one chain of one or more blocks of second values and one or more transmit control blocks…
Tunnel interface for securing traffic over a network
Granted: October 13, 2015
Patent Number:
9160716
Methods and systems for a flexible, scalable hardware and software platform that allows a managed security service provider to easily provide security services to multiple customers are provided. According to one embodiment, a method is provided for delivering customized network services to subscribers of the service provider. A request is received, at a service management system (SMS) of the service provider, to establish an Internet Protocol (IP) connection between a first and second…
