Elimination of old IPV6 addresses from WLAN stations in DHCPV6 stateful mode after transitioning between VLANs
Granted: June 20, 2023
Patent Number:
11683680
A Wi-Fi controller identifies a mismatch between a first prefix of a first IPv6 address for a data packet corresponding to a first VLAN on which the data packet was sent from the station to the access point, and a prefix of a second IPv6 address for a second VLAN from which the data packet was transmitted from the access point to the Wi-Fi controller. Responsive to the VLAN mismatch identification, the Wi-Fi controller transmits a DHCP reconfiguration packet to the station using the…
Malware identification using multiple artificial neural networks
Granted: June 20, 2023
Patent Number:
11681803
Systems and methods for malware detection using multiple neural networks are provided. According to one embodiment, for each training sample, a supervised learning process is performed, including: (i) generating multiple code blocks of assembly language instructions by disassembling machine language instructions contained within the training sample; (ii) extracting dynamic features corresponding to each of the code blocks by executing each of the code blocks within a virtual environment;…
Ethernet key
Granted: June 13, 2023
Patent Number:
11677743
A Compact computing device with peer-to-peer communication through an Ethernet interface is provided. According to one embodiment, a compact computing device includes an Ethernet interface, an Ethernet discovery agent, a memory and a micro-controller. The Ethernet interface is capable of connecting to a host though an Ethernet link. One side wall of the compact shielding case accommodates only the Ethernet interface. The Ethernet discovery agent is capable of discovering the host to…
Systems and methods for incorporating automated remediation into information technology incident solutions
Granted: June 13, 2023
Patent Number:
11677615
Various approaches for providing network maintenance and health monitoring. In some cases, some approaches include systems, methods, and/or devices that provide for receiving and cataloging network incidents and invoking automated remediation in relation to network incidents.
Intelligent selection of physical layer transmission types in 802.11AX based Wi-Fi networks
Granted: May 23, 2023
Patent Number:
11658707
A transmission type is determined for a specific station on a Wi-Fi network. A transmission type of OFDMA is selected responsive to the mobility value for the specific station meeting a mobility threshold. A transmission type of MU-MIMO is selected responsive to the similarity value for the specific station meeting a similarity threshold. A transmission type of SU-MIMO is selected responsive to the specific station not meeting the similarity threshold. The network interface transmits…
RU (resource unit)—based medium access control for suppressing airtime of quarantined stations on Wi-Fi communication networks
Granted: March 28, 2023
Patent Number:
11617123
Airtime network policies for quarantined station network policies are stored in a database for application to quarantined stations. Quarantined stations are moved from a first VLAN to a quarantine VLAN with a dedicated BSSID on the Wi-Fi communication network. An RU airtime allocation module of the access point allocates airtime RUs for suppression of some or all transmissions from the quarantined stations. The airtime RU allocation module determines an amount of RUs for access to…
Systems and methods for indicating connection relevance in a network environment
Granted: March 28, 2023
Patent Number:
11616693
Systems, devices, and methods are discussed for memory efficient network use modeling.
Managing station connectivity in microcell Wi-Fi environment on a data communication network
Granted: March 21, 2023
Patent Number:
11611933
In a microcell environment, access points with a probe-if-assigned setting configured to delay probe responses to probe requests is registered and managed by a Wi-Fi controller. Probe requests are received and forwarded from at least two of the plurality of access points from a specific station attempting to connect to the Wi-Fi communication network. A Wi-Fi assignment module receives RSSI measurements from the at least two access points with respect to the specific access point, during…
Adjusting behavior of an endpoint security agent based on network location
Granted: March 7, 2023
Patent Number:
11601438
Systems and methods for adjusting the behavior of an endpoint security agent based on a network location are provided. According to an embodiment, an agent of an endpoint device identifies whether a security service of a cloud-based security service is not reachable or is unresponsive. The security service is associated with a particular security function implemented by the agent. When the security service is not reachable or is unresponsive, the agent further determines whether the…
Preventing wireless connections to an unauthorized access point on a data communication network using NAV values
Granted: March 7, 2023
Patent Number:
11601813
Broadcasts of a probe request are detected from a wireless station with the MAC address for an unauthorized access point in order to begin association between the wireless station and the unauthorized access point. Responsive to the probe request detection, a spoofed probe response is transmitted including a MAC address of the unauthorized access point to the station to appear as if sent by the unauthorized access point. The probe response includes a NAV element and the MAC address of…
Deploying idle transceivers for rapid connection of Wi-Fi clients
Granted: February 28, 2023
Patent Number:
11595868
Responsive to receiving a probe request at an idle transceiver over a first channel from a Wi-Fi client and a determination that the Wi-Fi client is not currently associated with the access point for service, a second channel being used for client service is identified. A probe response frame is generated including a CSA (channel switch announcement) indicating the second channel and transmitted to the Wi-Fi client causing authentication over the second channel. The Wi-Fi client is then…
Leveraging user-behavior analytics for improved security event classification
Granted: February 21, 2023
Patent Number:
11588839
Systems and methods for improving security event classification by leveraging user-behavior analytics are provided. According to an embodiment, a UEBA-based security event classification service of a cloud-based security platform maintains information regarding historical user behavior of various users of an enterprise network. An endpoint protection platform running on an endpoint device that is part of the enterprise network performs an initial classification of the event, based on…
Detecting access points located within proximity of a computing device for troubleshooting of a network
Granted: February 21, 2023
Patent Number:
11588699
Systems and methods for detecting access points proximate to a mobile computing device to facilitate wireless network troubleshooting and management of the access points are provided. According to an embodiment, a mobile application, running on a mobile device that is operating within a physical environment, discovers a subset of wireless access points (APs) of various managed APs of a private network that are proximate to the mobile device by receiving short-range beacons originated by…
Malware identification using multiple artificial neural networks
Granted: February 7, 2023
Patent Number:
11574051
Systems and methods for malware detection using multiple neural networks are provided. According to one embodiment, for each training sample, a supervised learning process is performed, including: (i) generating multiple code blocks of assembly language instructions by disassembling machine language instructions contained within the training sample; (ii) extracting dynamic features corresponding to each of the code blocks by executing each of the code blocks within a virtual environment;…
Machine-learning based approach for dynamically generating incident-specific playbooks for a security orchestration, automation and response (SOAR) platform
Granted: January 24, 2023
Patent Number:
11563755
Systems and methods for a machine-learning based approach for dynamically generating incident-specific playbooks for a security orchestration and automated response (SOAR) platform are provided. The SOAR platform captures information regarding execution of a sequence of actions performed by analysts responsive to a first incident of a first type. The captured information is fed into a machine-learning model. When a second incident, observed by the SOAR platform, is similar in nature to…
Performing threat detection by synergistically combining results of static file analysis and behavior analysis
Granted: January 24, 2023
Patent Number:
11562068
Systems and methods are described for synergistically combining static file based detection and behavioral analysis to improve both threat detection time and accuracy. An endpoint security solution running on an endpoint device generates a static analysis score by performing a static file analysis on files associated with a process initiated on the endpoint device. When the static analysis score meets or exceeds a static analysis threshold, then a network security platform treats the…
Machine-learning based approach for dynamically generating incident-specific playbooks for a security orchestration, automation and response (SOAR) platform
Granted: January 24, 2023
Patent Number:
11563755
Systems and methods for a machine-learning based approach for dynamically generating incident-specific playbooks for a security orchestration and automated response (SOAR) platform are provided. The SOAR platform captures information regarding execution of a sequence of actions performed by analysts responsive to a first incident of a first type. The captured information is fed into a machine-learning model. When a second incident, observed by the SOAR platform, is similar in nature to…
Performing threat detection by synergistically combining results of static file analysis and behavior analysis
Granted: January 24, 2023
Patent Number:
11562068
Systems and methods are described for synergistically combining static file based detection and behavioral analysis to improve both threat detection time and accuracy. An endpoint security solution running on an endpoint device generates a static analysis score by performing a static file analysis on files associated with a process initiated on the endpoint device. When the static analysis score meets or exceeds a static analysis threshold, then a network security platform treats the…
Cooperative adaptive network security protection
Granted: January 10, 2023
Patent Number:
11552929
Systems and methods for improving the catch rate of attacks/malware by a cooperating group of network security devices are provided. According to one embodiment, a security management device configured in a protected network, maintains multiple dynamic IP address lists including an NGFW deep detection list, a DDoS deep detection list, a NGFW block list and a DDoS block list. The security management device, continuously updates the lists based on updates provided by a cooperating group of…
Automatic establishment of network tunnels by an SDWAN controller based on group and role assignments of network devices
Granted: January 3, 2023
Patent Number:
11546302
Systems and methods for automatically building up a VPN to facilitate full-mesh communication within an enterprise based on group and role settings of the participating network devices are provided. An SDWAN controller associated with a private network receives configuration information related to group setting and role setting for various network devices of the private network. The group setting indicates a group with which a network device is associated and the role setting specifies a…
