Abstract: A device and method for providing forensic data in network activity indicative of the presence of malware. A distributed set of network-based sensors operates within an enterprise network in cooperation with a centralized analytics and correlation engine that correlates detected events across the sensors to detect malicious activity on a monitored network which may include using a multi-tiered or Rete net rule set or engine. When malicious activity is detected upon the satisfaction of a predetermined set of conditions, the invention traces the activity to a host responsible for the activity for further action.

Abstract: A device and method for providing forensic data in network activity indicative of the presence of malware. A distributed set of network-based sensors operates within an enterprise network in cooperation with a centralized analytics and correlation engine that correlates detected events across the sensors to detect malicious activity on a monitored network which may include using a multi-tiered or Rete net rule set or engine. When malicious activity is detected upon the satisfaction of a predetermined set of conditions, the invention traces the activity to a host responsible for the activity for further action.

Abstract: A scalable cyber-security system, method and architecture for the identification of malware and malicious behavior in a computer network. Host flow, host port usage, host information and network data at the application, transport and network layers are aggregated from within the network and correlated to identify a network behavior such as the presence of malicious code.

Abstract: An apparatus and method are described that provide signaling mediation between different protocols, or different implementations of the same protocol, at network boundaries for voice over Internet Protocol telephony. The signaling mediation device translates control messages from one protocol, or implementation of a protocol, into another protocol, or implementation of a protocol based on the type of networks to which the signaling mediation device is connected. The signaling mediation device also includes profiles for the networks to which it is connected based on the type of equipment in those networks. The profiles provide additional mapping and translation based on implementation specific characteristics of the network equipment connected to the signaling mediation device.

Abstract: An apparatus and method for traversing a network address translation/firewall device to maintain a registration between first and second devices separated by the firewall device are provided. In one example, the method includes intercepting a registration message from the first device to the second device. A determination is made based on a first timeout period defined by the second device as to whether it is time to renew the first device's registration. If it is time to renew the first device's registration, the registration message is forwarded to the second device. A response message that includes the first timeout period is intercepted, and the first timeout period is replaced with a second timeout period based on a binding lifetime of the firewall device before forwarding the response message to the first device.

Abstract: A method and system are described for resolving problems created by implementing multiple networks using private IP addresses and layer two tunneling protocols is described. A network processing system is operable to map flows from private IP addresses and ports on layer two tunneling protocol networks to public IP addresses and ports using the private IP addresses and ports and identifiers for the layer two tunneling protocol network. The network processing system uses its own public IP addresses and ports to anchor the traffic from the private network and performs the required mapping to pass traffic between the public and private networks.

Abstract: A redundancy architecture is described for network processing systems which allows the network to recover from failure of a network processing system without interruption in service. The redundancy architecture allows network processing systems that use state information to associate network traffic into discrete flows, to provide system level redundancy to prevent service outages, or loss of network traffic resulting from a failure in any single network processing system. The redundancy architecture includes an out-of-band network link between the redundant network processing systems. The out-of-band network link allows the network processing systems to exchange state and other data as necessary.