Abstract: Systems, devices, and methods are discussed for receiving a first packet type and outputting a second packet type based upon knowledge of a source device and a recipient device.

Abstract: Systems and methods are for securing link aggregation are provided. According to an embodiment, a network device in a secure domain discovers device information associated with a peer network device in an untrusted domain that is connected through a first link directly connecting a first interface of the network device to a first interface of the peer network device, and authenticates the peer while allowing at least some network traffic to continue to be transmitted through the first interface. The network device establishes a secure session between the network device and the peer over the first link when the peer network device is successfully authenticated. The network device then allows the first link to operate as part of a single aggregated logical link, including a second link coupling a second interface of the network device to a second interface of the peer network device.

Abstract: Systems, devices, and methods are discussed for memory efficient network use modeling.

Abstract: Airtime network policies for quarantined station network policies are stored in a database for application to quarantined stations. Quarantined stations are moved from a first VLAN to a quarantine VLAN with a dedicated BSSID on the Wi-Fi communication network. An RU airtime allocation module of the access point allocates airtime RUs for suppression of some or all transmissions from the quarantined stations. The airtime RU allocation module determines an amount of RUs for access to airtime on a Wi-Fi communications network, based on a network policy that limits an amount of airtime allowed by quarantined stations.

Abstract: Various embodiments provide systems and methods for surveillance using a combination of video image capture and passive wireless detection.

Abstract: In a microcell environment, access points with a probe-if-assigned setting configured to delay probe responses to probe requests is registered and managed by a Wi-Fi controller. Probe requests are received and forwarded from at least two of the plurality of access points from a specific station attempting to connect to the Wi-Fi communication network. A Wi-Fi assignment module receives RSSI measurements from the at least two access points with respect to the specific access point, during a delay from the probe-if-assigned setting. A specific access point is assigned to the specific station for sending a probe response once a delay period expires.

Abstract: Broadcasts of a probe request are detected from a wireless station with the MAC address for an unauthorized access point in order to begin association between the wireless station and the unauthorized access point. Responsive to the probe request detection, a spoofed probe response is transmitted including a MAC address of the unauthorized access point to the station to appear as if sent by the unauthorized access point. The probe response includes a NAV element and the MAC address of the unauthorized access point, the NAV element set at a value high enough to prevent the station from transmitting to the unauthorized access point during a period.

Abstract: Systems and methods for adjusting the behavior of an endpoint security agent based on a network location are provided. According to an embodiment, an agent of an endpoint device identifies whether a security service of a cloud-based security service is not reachable or is unresponsive. The security service is associated with a particular security function implemented by the agent. When the security service is not reachable or is unresponsive, the agent further determines whether the endpoint device is within a trusted network of multiple trusted networks that have been previously registered with the cloud-based security service by querying a trusted network determination service associated with the cloud-based security service. When the determination is affirmative, the particular security feature is configured for operating inside a trusted network. When the determination is negative, the particular security feature is configured for operating outside a trusted network.

Abstract: Systems, devices, and methods are discussed for automatically determining a risk-based focus in determining zero trust network access policy on one or more network elements.

Abstract: Systems, devices, and methods are discussed for limiting exposure of internal network operations beyond the boundary of a secure network.

Abstract: Systems, devices, and methods are disclosed in relation to a system for natural language based message categorization designed to identify text from a particular topic from a potentially inexhaustible set of potential topics. In one of many possible implementations, a vector space model is first used to translate text into a vector representation. This vector is used to determine if the text can be recreated by swapping words and phrases from a training corpus of documents. This is done by determining if the vector is within the conical span of the vector representations of the text in the training corpus of documents. Span composition is evaluated by a two vector boolean comparison, enabling great computational complexity and short-circuiting enabling fast real-time topic determination.

Abstract: Responsive to receiving a probe request at an idle transceiver over a first channel from a Wi-Fi client and a determination that the Wi-Fi client is not currently associated with the access point for service, a second channel being used for client service is identified. A probe response frame is generated including a CSA (channel switch announcement) indicating the second channel and transmitted to the Wi-Fi client causing authentication over the second channel. The Wi-Fi client is then serviced over the at least one non-idle transceiver over the second channel.

Abstract: Systems, devices, and methods are disclosed that may be used for identifying potential insider attacks on a computer network.

Abstract: Systems, methods, devices, and apparatus are discussed for generating data that appears to be an insider attack.

Abstract: Systems, devices, and methods are discussed for identifying possible improper file accesses by an endpoint device. In some cases an agent is placed on each system to be surveilled that records the absolute paths for each file accessed for each user. This information may be accumulated and sent to a central server or computer for analysis of all such file accesses on a user basis. In some cases, a file access tree is created, and in some implementations be pruned of branches and leaves if deemed to be duplicates or very similar to other branched and leaves via a Levenshtein distance threshold. The resulting tree's edges may be scaled in particular implementations based on the deviation of a user's file accesses from their sphere of permissions. A variance metric may be computed from the final tree's form to capture the user's access patterns.

Abstract: Systems, devices, and methods are disclosed for encoding behavioral information into an image format to facilitate image based behavioral identification.

Abstract: Systems, devices, and methods are disclosed for encoding behavioral information into an image format to facilitate image based behavioral identification.

Abstract: Systems, devices, and methods are disclosed in relation to a vector space model that may be used to characterize a category of messages. In one of many possible implementations, the frequency of words found within a piece of text is determined. These frequencies are compared against the frequencies of words within a given corpus like the Oxford English Corpus by first converting the frequencies to probabilities via the inverse cumulative distribution function assuming a normal distribution of frequencies then via taking the absolute difference in frequencies. A small difference reduces the weight of the given word whereas a large weight increases the weight of the word, leading to excellent word ranking for automated feature selection filtering without the need for a negative corpus.

Abstract: Systems and methods for detecting access points proximate to a mobile computing device to facilitate wireless network troubleshooting and management of the access points are provided. According to an embodiment, a mobile application, running on a mobile device that is operating within a physical environment, discovers a subset of wireless access points (APs) of various managed APs of a private network that are proximate to the mobile device by receiving short-range beacons originated by the subset of APs. The mobile application presents a list of the subset of APs within a user interface of the mobile application and bridges the physical environment and a network environment containing information regarding the private network. The mobile application facilitates management of a particular AP of the subset of APs by presenting configuration information or operating information for the particular AP within the user interface.

Abstract: Systems and methods for improving security event classification by leveraging user-behavior analytics are provided. According to an embodiment, a UEBA-based security event classification service of a cloud-based security platform maintains information regarding historical user behavior of various users of an enterprise network. An endpoint protection platform running on an endpoint device that is part of the enterprise network performs an initial classification of the event, based on which the endpoint protection platform blocks activity by the process. The endpoint production platform requests input from the cloud-based security platform which causes the cloud-based security platform performs a reclassification of the event based on contextual information, multiple data feeds and the UEBA-based security event classification service.