Patent application number | Description | Published |
20080263665 | NETWORK ATTACK DETECTION USING PARTIAL DETERMINISTIC FINITE AUTOMATON PATTERN MATCHING - This disclosure describes techniques for determining whether network traffic contains one or more computer security threats. In order to determine whether a symbol stream conforms to the symbol pattern, a security device stores a full deterministic finite automaton (fDFA) that accepts streams of symbols that conform to the symbol pattern. The security device also creates a partial deterministic finite automaton (pDFA) that includes nodes that correspond to the nodes in the fDFA that have the highest visitation levels. The security device processes each symbol in the symbol stream using the pDFA until a symbol causes the pDFA to transition to a failure node or to an accepting node. If the symbol causes the pDFA to transition to the failure node, the security device processes the symbol and subsequent symbols in the symbol stream using the fDFA. | 10-23-2008 |
20090328219 | DYNAMIC POLICY PROVISIONING WITHIN NETWORK SECURITY DEVICES - The invention is directed to techniques for dynamic policy provisioning. A network security device may comprise a memory that stores a first policy that identifies a first set of patterns that correspond to a first set of network attacks and a second policy, and a control unit that applies the first policy to the network traffic to detect the first set of network attacks. The control unit, while applying the first policy, monitors parameters corresponding to one or more resources and dynamically determines whether to apply a second policy to the network traffic based on the parameters. The control unit, based on the dynamic determination, applies the second policy to the network traffic to detect a second set of network attacks and forwards the network traffic based on the application of the second policy. In this manner, the network security device may implement the dynamic policy provisioning techniques. | 12-31-2009 |
20100095367 | DYNAMIC ACCESS CONTROL POLICY WITH PORT RESTRICTIONS FOR A NETWORK SECURITY APPLIANCE - A network security appliance supports definition of a security policy to control access to a network. The security policy is defined by match criteria including a layer seven network application, a static port list of layer four ports for a transport-layer protocol, and actions to be applied to packet flows that match the match criteria. A rules engine dynamically identifies a type of layer seven network application associated with the received packet flow based on inspection of application-layer data within payloads of packets of the packet flow without basing the identification solely on a layer four port specified by headers within the packets. The rules engine is configured to apply the security policy to determine whether the packet flow matches the static port lists specified by the match criteria. The network security appliance applies the actions specified by the security policy to the packet flow. | 04-15-2010 |
20100281539 | DETECTING MALICIOUS NETWORK SOFTWARE AGENTS - This disclosure describes techniques for determining whether a network session originates from an automated software agent. In one example, a network device, such as a router, includes a network interface to receive packets of a network session, a bot detection module to calculate a plurality of scores for network session data based on a plurality of metrics, wherein each of the metrics corresponds to a characteristic of a network session originated by an automated software agent, to produce an aggregate score from an aggregate of the plurality of scores, and to determine that the network session is originated by an automated software agent when the aggregate score exceeds a threshold, and an attack detection module to perform a programmed response when the network session is determined to be originated by an automated software agent. Each score represents a likelihood that the network session is originated by an automated software agent. | 11-04-2010 |
20110055921 | PROTECTING AGAINST DISTRIBUTED NETWORK FLOOD ATTACKS - A network security device performs a three-stage analysis of traffic to identify malicious clients. In one example, a device includes an attack detection module to, during a first stage, monitor network connections to a protected network device, during a second stage, to monitor a plurality of types of transactions for the plurality of network sessions when a parameter for the connections exceeds a connection threshold, and during a third stage, to monitor communications associated with network addresses from which transactions of the at least one of type of transactions originate when a parameter associated with the at least one type of transactions exceeds a transaction-type threshold. The device executes a programmed action with respect to at least one of the network addresses when the transactions of the at least one of the plurality of types of transactions originating from the at least one network address exceeds a client-transaction threshold. | 03-03-2011 |
20110173490 | HIGH AVAILABILITY FOR NETWORK SECURITY DEVICES - In one example, a backup intrusion detection and prevention (IDP) device includes one or more network interfaces to receive a state update message from a primary IDP device, wherein the state update message indicates a network session being inspected by the primary IDP device and an identified application-layer protocol for the device, to receive an indication that the primary device has switched over or failed over to the backup device, and to receive a plurality of packets of the network session after receiving the indication, each of the plurality of packets comprising a respective payload including application-layer data, a protocol decoder to detect a beginning of a new transaction from the application-layer data of one of the plurality of packets, and a control unit to statefully process only the application-layer data of the network session that include and follow the beginning of the new transaction. | 07-14-2011 |
20110202672 | APPLICATION IDENTIFICATION - A method may include receiving a communication from a client device and identifying a port number, a protocol and a destination associated with the communication. The method may also include identifying a first application being executed by the first client device based on the port number, the protocol and the destination associated with the first communication. | 08-18-2011 |
20120113857 | DYNAMIC MONITORING OF NETWORK TRAFFIC - A device, connected to a monitoring appliance, may include a traffic analyzer to receive a data unit and identify a traffic flow associated with the data unit. The device may also include a traffic processor to receive the data unit and information regarding the identified traffic flow from the traffic analyzer, determine that the identified traffic flow is to be monitored by the monitoring appliance, change a port number, associated with the data unit, to a particular port number to create a modified data unit when the identified traffic flow is to be monitored by the monitoring appliance, and send the modified data unit to the monitoring appliance. | 05-10-2012 |
20120233261 | OPTIMIZED PREFETCHING FOR WIDE AREA NETWORKS - A data prefetching technique uses predefined prefetching criteria and prefetching models to identify and retrieve prefetched data. A prefetching model that defines data to be prefetched via a network may be stored. It may be determined whether prefetching initiation criteria have been satisfied. Data for prefetching may be identified based on the prefetching model when the prefetching initiation criteria have been satisfied. The identified data may be prefetched, via the network, based on the prefetching model. | 09-13-2012 |
20120287940 | REDUCING DATA TRANSFER FOR MATCHING PATTERNS - A device may receive a packet, obtain data from the packet, store the data in a memory, and send a request to match a portion of the data to a set of patterns, the request identifying the portion in the memory. In addition, the device may access the portion in the memory based on the request, compare the accessed portion to the set of patterns, generate a result by comparing the accessed portion to the set of patterns, and output the result. | 11-15-2012 |
20130042323 | HIGH AVAILABILITY FOR NETWORK SECURITY DEVICES - In one example, a backup intrusion detection and prevention (IDP) device includes one or more network interfaces to receive a state update message from a primary IDP device, wherein the state update message indicates a network session being inspected by the primary IDP device and an identified application-layer protocol for the device, to receive an indication that the primary device has switched over or failed over to the backup device, and to receive a plurality of packets of the network session after receiving the indication, each of the plurality of packets comprising a respective payload including application-layer data, a protocol decoder to detect a beginning of a new transaction from the application-layer data of one of the plurality of packets, and a control unit to statefully process only the application-layer data of the network session that include and follow the beginning of the new transaction. | 02-14-2013 |
20130074144 | APPLICATION IDENTIFICATION - A method may include receiving a communication from a client device and identifying a port number, a protocol and a destination associated with the communication. The method may also include identifying a first application being executed by the first client device based on the port number, the protocol and the destination associated with the first communication. | 03-21-2013 |
20140053239 | DYNAMIC ACCESS CONTROL POLICY WITH PORT RESTRICTIONS FOR A NETWORK SECURITY APPLIANCE - A network security appliance supports definition of a security policy to control access to a network. The security policy is defined by match criteria including a layer seven network application, a static port list of layer four ports for a transport-layer protocol, and actions to be applied to packet flows that match the match criteria. A rules engine dynamically identifies a type of layer seven network application associated with the received packet flow based on inspection of application-layer data within payloads of packets of the packet flow without basing the identification solely on a layer four port specified by headers within the packets. The rules engine is configured to apply the security policy to determine whether the packet flow matches the static port lists specified by the match criteria. The network security appliance applies the actions specified by the security policy to the packet flow. | 02-20-2014 |
20150106935 | DETECTING MALICIOUS NETWORK SOFTWARE AGENTS - This disclosure describes techniques for determining whether a network session originates from an automated software agent. In one example, a network device, such as a router, includes a network interface to receive packets of a network session, a bot detection module to calculate a plurality of scores for network session data based on a plurality of metrics, wherein each of the metrics corresponds to a characteristic of a network session originated by an automated software agent, to produce an aggregate score from an aggregate of the plurality of scores, and to determine that the network session is originated by an automated software agent when the aggregate score exceeds a threshold, and an attack detection module to perform a programmed response when the network session is determined to be originated by an automated software agent. Each score represents a likelihood that the network session is originated by an automated software agent. | 04-16-2015 |
Patent application number | Description | Published |
20110314155 | VIRTUAL MACHINE MOBILITY IN DATA CENTERS - A data center management device determines that a virtual machine should be moved from a first physical system to a second physical system. The data center management device instructs a first service appliance at the first physical system to perform state synchronization with a second service appliance at the second physical system in order to continue providing the services offered prior to the move. The data center management device instructs the virtual machine to be instantiated at the second physical system. | 12-22-2011 |
20120240182 | SECURITY ENFORCEMENT IN VIRTUALIZED SYSTEMS - A system includes a virtual machine (VM) server and a policy engine server. The VM server includes two or more guest operating systems and an agent. The agent is configured to collect information from the two or more guest operating systems. The policy engine server is configured to: receive the information from the agent; generate access control information for a first guest OS, of the two or more guest operating systems, based on the information; and configure an enforcer based on the access control information. | 09-20-2012 |
20130205361 | DYNAMIC THREAT PROTECTION IN MOBILE NETWORKS - In general, techniques are described for dynamic threat protection in mobile networks. A network system comprising a network security device and a management system may implement the techniques. The management system includes a network server having a shared database. A mobile device manager (MDM) of the management system receives a report message from a mobile device, specifying a threat to a mobile network. The MDM publishes the threat to the shared database. A network management system (NMS) of the management system receives data from the shared database identifying the threat and generates a security policy that specifies actions to address the threat. The NMS then installs the security policy in the network security device so that the network security device performs the actions of the security policy to address the threat. | 08-08-2013 |
20140003433 | METHODS AND APPARATUS FOR PROVIDING SERVICES IN DISTRIBUTED SWITCH | 01-02-2014 |
20140006549 | METHODS AND APPARATUS FOR PROVIDING SERVICES IN DISTRIBUTED SWITCH | 01-02-2014 |
20140259093 | SECURITY FOR NETWORK DELIVERED SERVICES - A computer-implemented method for accessing a hosted service on client devices is described. The client devices include client software that uses a remotely delivered policy to redirect network requests for hosted services to a server to enforce visibility, policy and data security for network delivered services. The method can be used in conjunction with existing VPN and proxy solutions, but provides distinct additional functionality, particularly suited to corporate needs. Policies allow entities to centralize enforcement of service-specific restrictions across networks and communication channels, e.g. only certain users can download client records from a service—irrespective of the network used to access the service. | 09-11-2014 |
20140259094 | SECURITY FOR NETWORK DELIVERED SERVICES - A computer-implemented method for accessing a hosted service on client devices is described. The client devices include client software that uses a remotely delivered policy to redirect network requests for hosted services to a server to enforce visibility, policy and data security for network delivered services. The method can be used in conjunction with existing VPN and proxy solutions, but provides distinct additional functionality, particularly suited to corporate needs. Policies allow entities to centralize enforcement of service-specific restrictions across networks and communication channels, e.g. only certain users can download client records from a service—irrespective of the network used to access the service. | 09-11-2014 |
20150156219 | SECURITY ENFORCEMENT IN VIRTUALIZED SYSTEMS - A system includes a virtual machine (VM) server and a policy engine server. The VM server includes two or more guest operating systems and an agent. The agent is configured to collect information from the two or more guest operating systems. The policy engine server is configured to: receive the information from the agent; generate access control information for a first guest OS, of the two or more guest operating systems, based on the information; and configure an enforcer based on the access control information. | 06-04-2015 |
Patent application number | Description | Published |
20100130169 | MOBILE DEVICE COMMUNICATIONS ROUTING - A variety of methods, systems, devices and arrangements are implemented for communications using a mobile communications device. In connection with various embodiments, one such method relates to routing calls specifying an endpoint device, from a mobile communications device to the endpoint device, using a call forwarding/routing service provider that establishes a connection with the endpoint device. The established connection may include, for example, a Voice-over-Internet Protocol (VoIP) connection. In some implementations, the authentication server is contacted (e.g., via the Internet) to authenticate the call to be made via the call forwarding/routing service provider. | 05-27-2010 |
20110149809 | Web-Enabled Conferencing and Meeting Implementations with Flexible User Calling and Content Sharing Features - A plurality of embodiments is presented in relation to conferencing solutions. Consistent with an embodiment of the present disclosure, a method is implemented by a computer processing arrangement. The method provides conferencing services between participants. A web-accessible virtual meeting interface is provided. Meeting scheduling data is received from the virtual meeting interface. The meeting scheduling data includes participant identifying information and meeting time information. At least one telephone call is initiated. The telephone call is responsive to the meeting time information and the participant identifying information and for the at least one participant identified by the identifying information. In response to the at least one participant answering the telephone call, audio from the telephone call is merged with audio from other participants. The merged audio is provided to the at least one participant and the other participants. | 06-23-2011 |
20110149811 | Web-Enabled Conferencing and Meeting Implementations with Flexible User Calling Features - Meeting and conferencing systems and methods are implemented in a variety of manners. Consistent with an embodiment of the present disclosure, a meeting system is implemented that includes a computer server arrangement that is configured to provide a web-accessible virtual-meeting interface. Meeting scheduling data is received from the virtual meeting interface. The meeting scheduling data includes participant identifying information and meeting time information for a primary meeting. In response to the meeting time information and the participant identifying information, audio connections are established for participants of the primary meeting. Merged audio from the established audio connections is provided to the participants. The participants of the primary meeting are provided with an option to establish a secondary meeting for which a subset of audio connections is established for the subset of the participants. Merged audio from the subset audio connections is provided to the subset of participants. | 06-23-2011 |
20110150194 | Web-Enabled Conferencing and Meeting Implementations with Flexible User Calling Features - Meeting and conferencing systems and methods are implemented in a variety of manners. Consistent with an embodiment of the present disclosure, a meeting system is implemented that includes a computer server arrangement with at least one processor. The computer server arrangement is configured to provide a web-accessible virtual meeting interface. The arrangement can receive meeting scheduling data from the virtual meeting interface, the meeting scheduling data including participant identifying information and meeting time information. The arrangement initiates a telephone call, in response to the meeting time information and the participant identifying information, with the at least one participant identified by the identifying information. In response to the at least one participant answering the telephone call, audio from the telephone call is merged with audio from other participants. The merged audio is provided to the at least one participant and the other participants. | 06-23-2011 |
20110154204 | Web-Enabled Conferencing and Meeting Implementations with a Subscription-Based Model - Meeting and conferencing systems and methods are implemented in a variety of manners. Consistent with an embodiment of the present disclosure, a meeting system is implemented that includes a computer server arrangement with at least one processor. The computer server arrangement is configured to provide a web-based meeting-group subscription option to potential meeting participants. A meeting scheduling data is received over a web-accessible virtual meeting interface. The meeting scheduling data includes group identification information and meeting time information. In response to the group identification information, participant identification information is retrieved for participants that subscribe to a meeting group identified by the group identification information. In response to the meeting time information and the participant identifying information, audio connections are established for participants of the meeting. Merged audio from the established audio connections is provided to the participants over the established audio connections. | 06-23-2011 |
Patent application number | Description | Published |
20100058362 | DEVICE, SYSTEM, AND METHOD OF EXECUTING A CALL TO A ROUTINE WITHIN A TRANSACTION - Device, system, and method of executing a call to a routine within a transaction. In some embodiments an apparatus may include a memory having stored thereon compiled code corresponding to a transaction, wherein the transaction includes at least one call to a first routine of a pair of first and second mutually inverse routines, and wherein the compiled code includes a call to a first wrapped routine replacing the call to the first routine; and a runtime library including wrapper code, wherein the wrapper code, when executed in response to the call to the first wrapped routine, results in executing the call to the first routine within the transaction and undoing the call to the first routine responsive to abort of the transaction. Other embodiments are described and claimed. | 03-04-2010 |
20100122073 | HANDLING EXCEPTIONS IN SOFTWARE TRANSACTIONAL MEMORY SYSTEMS - A method and apparatus for handling exceptions during execution of a transaction is herein described. A compiler associates a transaction exception handler (TEH) with a transaction in program code, such as through insertion of a call to the TEH. The TEH is also associated with an exception data structure, such as an unwind table, that is utilized during runtime to call an appropriate handler in response to an exception. Additionally, the TEH code is generated by the compiler and inserted into the program code. Upon encountering an exception during execution of the transaction, the TEH is capable of dynamically resizing the transaction to the point of the exception through an attempted commit. | 05-13-2010 |
20130061240 | TWO WAY COMMUNICATION SUPPORT FOR HETEROGENOUS PROCESSORS OF A COMPUTER PLATFORM - A computer system may comprise a computer platform and input-output devices. The computer platform may include a plurality of heterogeneous processors comprising a central processing unit (CPU) and a graphics processing unit) GPU, for example. The GPU may be coupled to a GPU compiler and a GPU linker/loader and the CPU may be coupled to a CPU compiler and a CPU linker/loader. The user may create a shared object in an object oriented language and the shared object may include virtual functions. The shared object may be fine grain partitioned between the heterogeneous processors. The GPU compiler may allocate the shared object to the CPU and may create a first and a second enabling path to allow the GPU to invoke virtual functions of the shared object. Thus, the shared object that may include virtual functions may be shared seamlessly between the CPU and the GPU. | 03-07-2013 |