Detecting potential domain name system (DNS) hijacking by identifying anomalous changes to DNS records
Granted: December 26, 2023
Patent Number:
11856020
Systems and methods are described for scanning or monitoring of Domain Name System (DNS) records of an entity for identifying anomalous changes to the DNS records that may be indicative of possible DNS hijacking. According to one embodiment, DNS monitoring engine running on a network security appliance protecting a private network, or implemented as a cloud-based service can be used for monitoring DNS records of the entity. Any modification in the monitored DNS record(s) can be detected…
Facilitating identification of compromised devices by network access control (NAC) or unified threat management (UTM) security services by leveraging context from an endpoint detection and response (EDR) agent
Granted: December 26, 2023
Patent Number:
11856008
Systems and methods are provided for synergistically combining network security technologies to detect compromised devices. According to one embodiment, an endpoint detection and response (EDR) agent of multiple endpoint security agents running on an endpoint device detects an incident. A security incident alert is generated by the EDR agent by proactively collecting data regarding the incident. Identification of a device coupled to a private network as potentially being compromised by a…
Framework for determining metrics of an automation platform
Granted: December 26, 2023
Patent Number:
11855854
Systems and methods for determining an efficiency score for an automation platform are provided. According to one embodiment, a first weight for each playbook of multiple playbooks of an automation framework and a second weight for each type of error of multiple types of errors that may cause execution of one of the multiple playbooks to fail are maintained. The first weight represents a relative importance of the playbook and the second weight represents an effort required to address…
Automated feature extraction and artificial intelligence (AI) based detection and classification of malware
Granted: December 12, 2023
Patent Number:
11842157
Systems and methods for detection and classification of malware using an AI-based approach are provided. In one embodiment, a T-node maintains a sample library including benign and malware samples. A classification model is generated by training a classifier based on features extracted from the samples. The classification model is distributed to D-nodes for use as a local malware detection model. Responsive to detection of malware in a sample processed by a D-node, the T-node receives…
Systems and methods for unpacking protected data from obfuscated code
Granted: December 12, 2023
Patent Number:
11841948
Systems, devices, and methods are discussed that provide for discovering protected data from a code. Such detection provides an ability to discover potentially malicious code and/or datasets obfuscated within a code prior to full execution of the code.
Hardware acceleration device for denial-of-service attack identification and mitigation
Granted: December 5, 2023
Patent Number:
11838319
Systems and methods for providing an integrated or Smart NIC-based hardware accelerator for a network security device to facilitate identification and mitigation of DoS attacks is provided. According to one embodiment, a processor of a network security device receives an application layer protocol request from a client, directed to a domain hosted by various servers and protected by the network security device. The application layer protocol request is parsed to extract a domain name and…
Detecting malicious behavior in a network using security analytics by analyzing process interaction ratios
Granted: December 5, 2023
Patent Number:
11836247
Systems and methods for detecting malicious behavior in a network by analyzing process interaction ratios (PIRs) are provided. According to one embodiment, information regarding historical process activity is maintained. The historical process activity includes information regarding various processes hosted by computing devices of a private network. Information regarding process activity within the private network is received for a current observation period. For each process, for each…
Systems and methods for enhanced key security in an SD-WAN network environment
Granted: November 21, 2023
Patent Number:
11824973
Systems, devices, and methods are discussed for leveraging SD-WAN's property of redundant independent paths to enable out of band key exchange using the collection of available paths, dynamically managing link failures to keep the separation whenever possible, and/or signaling availability of quantum-safe data transfer to SD-WAN to enable quantum-safety to be used in SD-WAN policy decisions.
Systems and methods for incorporating passive wireless monitoring with video surveillance
Granted: November 21, 2023
Patent Number:
11823538
Various systems and methods for surveillance using a combination of video image capture and passive wireless detection are described. In some cases, the methods include receiving a device identification information from a first wireless access point at a first location and corresponding to a first time, and receiving the device identification from a second wireless access point at a second location and corresponding to a second time. A video from a camera is received, and a travel path…
Systems and methods for application integrated malicious behavior mitigation
Granted: November 14, 2023
Patent Number:
11816207
Various embodiments discussed generally relate to securing applications that work across networks, and more particularly to systems and methods for mitigating malicious behavior integrated within an application that directly calls a separate cloud based malicious behavior mitigation system.
Systems and methods for governing VPN access using a remote device in proximity to a VPN endpoint
Granted: October 17, 2023
Patent Number:
11792043
Various embodiments provide for governing VPN access using a device remote from a VPN endpoint.
Restricting control of an output resource advertising services openly over a wireless network for playing media
Granted: October 17, 2023
Patent Number:
11792033
Restrictions to control of wireless resources shared openly on a wireless network for playing media are described. At a high-level, advertisement are broadcast for an openly shared resource service are restricted with respect to who, when and where control is permitted. A resource controller app can be implemented on a Wi-Fi controller, on an SDN controller, or as a separate server to intercept advertisements (e.g., service advertisements) being sent for broadcast by an openly shared…
SD-WAN communication network forward error correction systems and methods
Granted: October 17, 2023
Patent Number:
11791932
Systems and methods are provided for error correction in network data transfers. In some cases, such systems and methods include selection of a ratio of error correction to user data based upon determined communication channel health.
Access point with modular internal/external antenna support
Granted: October 17, 2023
Patent Number:
11791550
An access point has a housing with at least one connector for at least one external antenna and at least one connector for at least one internal antenna. An RF controller detects whether the at least one external antenna is connected to the at least one connector for the at least one external antenna when an open circuit is closed. Responsive to detecting that the at least one external antenna is connected, a first mode in which the at least one internal antenna supports RF capabilities…
Selectively applying dynamic malware analysis to software files based on compression type in a software security system
Granted: October 17, 2023
Patent Number:
11790086
A file is received from external to the gateway device and, prior to runtime, the received file is detected as being compressed. Also before runtime, a compression type of the received file is differentiated as packed, protected, and/or archived. Identification of a specific packer, a specific protector or a specific archiver corresponding to the compression type is attempted. Responsive to successful identification, the received file is decompressed and a static type of malware analysis…
Determination of a security rating of a network element
Granted: September 26, 2023
Patent Number:
11770403
Systems and methods for a security rating framework that translates compliance requirements to corresponding desired technical configurations to facilitate generation of security ratings for network elements is provided. According to one embodiment, a host network element executes a collection of security checks on at least a first network element. The execution is performed by receiving configuration data of the first network element pertaining to each security check of the collection…
Systems and methods for network device discovery and vulnerability assessment
Granted: September 26, 2023
Patent Number:
11770402
Various embodiments are discussed that provide systems and methods for identifying possible unsecured devices on a network. In some cases, embodiments discussed relate to systems and methods for identifying possible unsecured devices; clustering the identified devices with other similar devices, and/or determining default or simplified access processes for a given cluster of the identified devices.
Dynamic service-based load balancing in a software-defined wide area network (SD-WAN)
Granted: September 19, 2023
Patent Number:
11765089
Systems and methods for dynamic service-based load balancing in an SD-WAN are provided. According to one embodiment, a subnet assigned to a client device by a hub network of the SD-WAN and one or more attributes of a path or a route to a group of clients within the subnet are received by a first process of an SD-WAN controller via a dynamic routing protocol. A tagged subnet is generated by the first process by tagging the subnet with a route tag corresponding to the one or more…
Leveraging operation, administration and maintenance protocols (OAM) to add ethernet level intelligence to software-defined wide area network (SD-WAN) functionality
Granted: September 19, 2023
Patent Number:
11765059
System and methods for enabling SD-WAN functionality to respond to Ethernet level OAM-related events are provided. According to an embodiment, a Software-Defined Network Wide Area Network (SD-WAN) module of a network device operating as both an SD-WAN node and a Maintenance Entity Group Endpoint (MEP) receives Operation, Administration and Maintenance (OAM) information via one of multiple OAM-enabled links of the network device. The SD-WAN module determines based on the OAM information,…
Joint facial feature extraction and facial image quality estimation using a deep neural network (DNN) trained with a custom-labeled training dataset and having a common DNN backbone
Granted: June 27, 2023
Patent Number:
11688200
Systems and methods for joint feature extraction and quality prediction using a shared machine learning model backbone and a customized training dataset are provided. According to an embodiment, a computer system receives a training dataset including example images each labeled with a particular category of a set of categories, and trains a deep neural network (DNN) based on the training dataset to jointly perform for an input image (i) facial feature extraction in accordance with the…
