Systems and methods for generating soar playbooks
Granted: February 6, 2024
Patent Number:
11894981
Various approaches are discussed for generation of SOAR playbooks using a variety playbook sources.
Artificially intelligent WLAN uplink monitoring for steering wireless stations to selective access points on wireless data communication networks
Granted: January 23, 2024
Patent Number:
11882467
Specific clients are assigned to a second access point based balancing an Ethernet uplink load status of the specific access point relative to the uplink load status of access points across a WLAN system, wherein the RSSI strength of the specific client relative to a first access point is higher than the RSSI strength of the specific client relative to the second access point.
Machine-learning based approach for dynamically generating incident-specific playbooks for a security orchestration, automation and response (SOAR) platform
Granted: January 23, 2024
Patent Number:
11882135
Systems and methods for a machine-learning based approach for dynamically generating incident-specific playbooks for a security orchestration and automated response (SOAR) platform are provided. The SOAR platform captures information regarding execution of a sequence of actions performed by analysts responsive to a first incident of a first type. The captured information is fed into a machine-learning model. When a second incident, observed by the SOAR platform, is similar in nature to…
Improving incident classification and enrichment by leveraging context from multiple security agents
Granted: January 23, 2024
Patent Number:
11882128
Systems and methods are described for synergistically combining network security technologies to improve incident classification and enrichment. According to one embodiment, an endpoint protection platform running on an endpoint device receives a request via an event management agent of the endpoint protection platform from an event management service for process information relating to an incident detected by the event management service. The request is caused to be processed by an…
Systems and methods for hierarchical facial image clustering
Granted: January 23, 2024
Patent Number:
11881053
Various systems and methods for for clustering facial images in, for example, surveillance systems.
Centralized state database storing state information
Granted: January 16, 2024
Patent Number:
11874845
Systems and methods for a cloud state engine are provided. According to one embodiment, a query pertaining to state information associated with a packet to be processed by a first packet processing device of multiple packet processing devices associated with a distributed security environment is received by a centralized state engine running on a computing device associated with the distributed security environment. The state information associated with the packet influences how the…
Systems and methods for centrally managed host and network firewall services
Granted: January 9, 2024
Patent Number:
11870814
Systems and methods for a unified, cloud-managed platform for controlling enterprise network security are provided. According to one embodiment, a network of an enterprise is protected by a cloud-managed platform. An underlying architecture of the cloud-managed platform is abstracted by providing a portal through which modifications to security policies are expressed as business requirements of the enterprise. The security policies are automatically enforced regardless of location or…
Kernel space based capture using intelligent packet selection paradigm and event output storage determination methodology
Granted: January 9, 2024
Patent Number:
11870693
Systems and methods for efficient kernel space packet processing and IoT device classification are provided. According to an embodiment, a computer system receives a packet in kernel space, ascertains whether the packet is destined for the computer system, when the ascertaining is affirmative the packet is forwarded to user space; otherwise, it is determined whether the packet is associated with a protocol used by IoT devices. When the determination is affirmative, header information is…
Scalable physical loop detection in non-native virtual local area networks (VLANs)
Granted: January 9, 2024
Patent Number:
11870607
Systems and methods for detecting physical loops in both native and non-native VLANs are provided. According to one embodiment, a processing resource of a network switch detects a physical loop in a non-native Virtual Local Area Network (VLAN) by configuring a set of one or more network chips (e.g., an ASIC) associated with an interface associated with the non-native VLAN of multiple interfaces of the network switch to provide an indication (e.g., a Media Access Control (MAC) address or…
Enabling global quality of service for real-time selection of best data communications channels in autonomous driving vehicles
Granted: January 2, 2024
Patent Number:
11863344
An orchestrator ensures the best available vehicle communication technology is selected. In the computer architecture, the orchestrator is injected on the data bus line is also coupled to a plurality of independent silos of vehicle communication technologies for autonomous driving vehicle technologies. Real-time accurate strength signals associated with the plurality of independent silos are received. One of the independent silos of communication is selected for rerouting the data…
Detecting potential domain name system (DNS) hijacking by identifying anomalous changes to DNS records
Granted: December 26, 2023
Patent Number:
11856020
Systems and methods are described for scanning or monitoring of Domain Name System (DNS) records of an entity for identifying anomalous changes to the DNS records that may be indicative of possible DNS hijacking. According to one embodiment, DNS monitoring engine running on a network security appliance protecting a private network, or implemented as a cloud-based service can be used for monitoring DNS records of the entity. Any modification in the monitored DNS record(s) can be detected…
Facilitating identification of compromised devices by network access control (NAC) or unified threat management (UTM) security services by leveraging context from an endpoint detection and response (EDR) agent
Granted: December 26, 2023
Patent Number:
11856008
Systems and methods are provided for synergistically combining network security technologies to detect compromised devices. According to one embodiment, an endpoint detection and response (EDR) agent of multiple endpoint security agents running on an endpoint device detects an incident. A security incident alert is generated by the EDR agent by proactively collecting data regarding the incident. Identification of a device coupled to a private network as potentially being compromised by a…
Framework for determining metrics of an automation platform
Granted: December 26, 2023
Patent Number:
11855854
Systems and methods for determining an efficiency score for an automation platform are provided. According to one embodiment, a first weight for each playbook of multiple playbooks of an automation framework and a second weight for each type of error of multiple types of errors that may cause execution of one of the multiple playbooks to fail are maintained. The first weight represents a relative importance of the playbook and the second weight represents an effort required to address…
Automated feature extraction and artificial intelligence (AI) based detection and classification of malware
Granted: December 12, 2023
Patent Number:
11842157
Systems and methods for detection and classification of malware using an AI-based approach are provided. In one embodiment, a T-node maintains a sample library including benign and malware samples. A classification model is generated by training a classifier based on features extracted from the samples. The classification model is distributed to D-nodes for use as a local malware detection model. Responsive to detection of malware in a sample processed by a D-node, the T-node receives…
Systems and methods for unpacking protected data from obfuscated code
Granted: December 12, 2023
Patent Number:
11841948
Systems, devices, and methods are discussed that provide for discovering protected data from a code. Such detection provides an ability to discover potentially malicious code and/or datasets obfuscated within a code prior to full execution of the code.
Hardware acceleration device for denial-of-service attack identification and mitigation
Granted: December 5, 2023
Patent Number:
11838319
Systems and methods for providing an integrated or Smart NIC-based hardware accelerator for a network security device to facilitate identification and mitigation of DoS attacks is provided. According to one embodiment, a processor of a network security device receives an application layer protocol request from a client, directed to a domain hosted by various servers and protected by the network security device. The application layer protocol request is parsed to extract a domain name and…
Detecting malicious behavior in a network using security analytics by analyzing process interaction ratios
Granted: December 5, 2023
Patent Number:
11836247
Systems and methods for detecting malicious behavior in a network by analyzing process interaction ratios (PIRs) are provided. According to one embodiment, information regarding historical process activity is maintained. The historical process activity includes information regarding various processes hosted by computing devices of a private network. Information regarding process activity within the private network is received for a current observation period. For each process, for each…
Systems and methods for enhanced key security in an SD-WAN network environment
Granted: November 21, 2023
Patent Number:
11824973
Systems, devices, and methods are discussed for leveraging SD-WAN's property of redundant independent paths to enable out of band key exchange using the collection of available paths, dynamically managing link failures to keep the separation whenever possible, and/or signaling availability of quantum-safe data transfer to SD-WAN to enable quantum-safety to be used in SD-WAN policy decisions.
Systems and methods for incorporating passive wireless monitoring with video surveillance
Granted: November 21, 2023
Patent Number:
11823538
Various systems and methods for surveillance using a combination of video image capture and passive wireless detection are described. In some cases, the methods include receiving a device identification information from a first wireless access point at a first location and corresponding to a first time, and receiving the device identification from a second wireless access point at a second location and corresponding to a second time. A video from a camera is received, and a travel path…
Systems and methods for application integrated malicious behavior mitigation
Granted: November 14, 2023
Patent Number:
11816207
Various embodiments discussed generally relate to securing applications that work across networks, and more particularly to systems and methods for mitigating malicious behavior integrated within an application that directly calls a separate cloud based malicious behavior mitigation system.
