Patents by Inventor John Richard Guzik
John Richard Guzik has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11356413Abstract: The present disclosure combines Software Defined Networks (SDN) concepts with Security concepts. The coordination between SDN and Security provides a myriad of advantageous use cases. One exemplary use case involves providing a fast path at network speeds using SDN by routing network traffic to bypass a security appliance once the security appliance determines that the security appliance no longer needs to inspect the network traffic. Another exemplary use case involves remote provisioning of security zones.Type: GrantFiled: February 21, 2020Date of Patent: June 7, 2022Assignee: McAfee, LLCInventors: Geoffrey Howard Cooper, John Richard Guzik
-
Patent number: 10826916Abstract: Systems, methods, and apparatuses enable agent-less network traffic interception using an overlay network. The system creates an inspection namespace on a server computer and clones namespace properties of a default namespace on the server computer to the inspection namespace. The system creates an overlay network in the inspection namespace connecting the server computer to a security service. The system creates a namespace bridge between the default namespace and the inspection namespace to pass server traffic between the namespaces. The system then transmits server traffic to the security service using the overlay network and an encapsulation protocol.Type: GrantFiled: September 17, 2018Date of Patent: November 3, 2020Assignee: SHIELDX NETWORKS, INC.Inventors: Manuel Nedbal, Ratinder Paul Singh Ahuja, John Richard Guzik
-
Publication number: 20200195610Abstract: The present disclosure combines Software Defined Networks (SDN) concepts with Security concepts. The coordination between SDN and Security provides a myriad of advantageous use cases. One exemplary use case involves providing a fast path at network speeds using SDN by routing network traffic to bypass a security appliance once the security appliance determines that the security appliance no longer needs to inspect the network traffic. Another exemplary use case involves remote provisioning of security zones.Type: ApplicationFiled: February 21, 2020Publication date: June 18, 2020Applicant: McAfee, LLCInventors: Geoffrey Howard Cooper, John Richard Guzik
-
Patent number: 10652210Abstract: A method is provided in one example embodiment that includes receiving metadata from a host over a metadata channel. The metadata may be correlated with a network flow and a network policy may be applied to the connection. In other embodiments, a network flow may be received from a host without metadata associated with the flow, and a discovery redirect may be sent to the host. Metadata may then be received and correlated with the flow to identify a network policy action to apply to the flow.Type: GrantFiled: August 24, 2017Date of Patent: May 12, 2020Assignee: McAfee, LLCInventors: Geoffrey Cooper, Michael W. Green, John Richard Guzik
-
Patent number: 10642982Abstract: Systems and methods are disclosed that relate to network security within a virtual network, and how to add microservices in a scalable virtual network. For example, one embodiment discloses a method of receiving a deployment request to deploy a security microservice in a security service, the deployment request including a deployment specification. The method further includes determining whether an interface microservice is available on one or more hosts by accessing one or more host records for the one or more hosts, and selecting a host on which to deploy the security microservice utilizing the deployment specification. When the interface microservice does not exist on the selected host, the method further includes initializing the interface microservice on the selected host, attaching the interface microservice to a hypervisor of the selected host, connecting the security microservice to the interface microservice of the selected host, and deploying the security microservice on the selected host.Type: GrantFiled: July 2, 2018Date of Patent: May 5, 2020Assignee: SHIELDX NETWORKS, INC.Inventors: Ratinder Paul Singh Ahuja, Manuel Nedbal, Meni Hillel, John Richard Guzik
-
Publication number: 20200092307Abstract: Systems, methods, and apparatuses enable agent-less network traffic interception using an overlay network. The system creates an inspection namespace on a server computer and clones namespace properties of a default namespace on the server computer to the inspection namespace. The system creates an overlay network in the inspection namespace connecting the server computer to a security service. The system creates a namespace bridge between the default namespace and the inspection namespace to pass server traffic between the namespaces. The system then transmits server traffic to the security service using the overlay network and an encapsulation protocol.Type: ApplicationFiled: September 17, 2018Publication date: March 19, 2020Inventors: Manuel Nedbal, Ratinder Paul Singh Ahuja, John Richard Guzik
-
Patent number: 10587576Abstract: The present disclosure combines Software Defined Networks (SDN) concepts with Security concepts. The coordination between SDN and Security provides a myriad of advantageous use cases. One exemplary use case involves providing a fast path at network speeds using SDN by routing network traffic to bypass a security appliance once the security appliance determines that the security appliance no longer needs to inspect the network traffic. Another exemplary use case involves remote provisioning of security zones.Type: GrantFiled: December 10, 2013Date of Patent: March 10, 2020Assignee: McAfee, LLCInventors: Geoffrey Howard Cooper, John Richard Guzik
-
Patent number: 10404838Abstract: Systems and methods are described herein generally relating to network security, and in particular, embodiments described generally relate to systems and methods for selecting microservices to process protocol data streams. For example, a method is disclosed, which calls for receiving a protocol packet, the protocol packet comprising a sequence number, generating a difference by subtracting a protocol message base from the sequence number, generating a first quotient by dividing the difference by a protocol common message length, generating a second value using the first quotient, determining a Transmission Control Protocol (TCP) reassembly resource using the generated second value, and transmitting the protocol packet to the determined TCP reassembly resource.Type: GrantFiled: October 21, 2016Date of Patent: September 3, 2019Assignee: ShieldX Networks, Inc.Inventors: Ratinder Paul Singh Ahuja, Manuel Nedbal, Elanthiraiyan Ammoor Anbalagan, Lee Chik Cheung, Sumanth Gangashanaiah, John Richard Guzik
-
Publication number: 20190138728Abstract: Systems and methods are disclosed that relate to network security within a virtual network, and how to add microservices in a scalable virtual network. For example, one embodiment discloses a method of receiving a deployment request to deploy a security microservice in a security service, the deployment request including a deployment specification. The method further includes determining whether an interface microservice is available on one or more hosts by accessing one or more host records for the one or more hosts, and selecting a host on which to deploy the security microservice utilizing the deployment specification. When the interface microservice does not exist on the selected host, the method further includes initializing the interface microservice on the selected host, attaching the interface microservice to a hypervisor of the selected host, connecting the security microservice to the interface microservice of the selected host, and deploying the security microservice on the selected host.Type: ApplicationFiled: July 2, 2018Publication date: May 9, 2019Inventors: Ratinder Paul Singh Ahuja, Manuel Nedbal, Meni Hillel, John Richard Guzik
-
Publication number: 20180189494Abstract: Systems and methods are disclosed that relate to network security within a virtual network, and how to add microservices in a scalable virtual network. For example, one embodiment discloses a method of receiving a deployment request to deploy a security microservice in a security service, the deployment request including a deployment specification. The method further includes determining whether an interface microservice is available on one or more hosts by accessing one or more host records for the one or more hosts, and selecting a host on which to deploy the security microservice utilizing the deployment specification. When the interface microservice does not exist on the selected host, the method further includes initializing the interface microservice on the selected host, attaching the interface microservice to a hypervisor of the selected host, connecting the security microservice to the interface microservice of the selected host, and deploying the security microservice on the selected host.Type: ApplicationFiled: December 30, 2016Publication date: July 5, 2018Inventors: Ratinder Paul Singh Ahuja, Manuel Nedbal, Meni Hillel, John Richard Guzik
-
Patent number: 10013550Abstract: Systems and methods are disclosed that relate to network security within a virtual network, and how to add microservices in a scalable virtual network. For example, one embodiment discloses a method of receiving a deployment request to deploy a security microservice in a security service, the deployment request including a deployment specification. The method further includes determining whether an interface microservice is available on one or more hosts by accessing one or more host records for the one or more hosts, and selecting a host on which to deploy the security microservice utilizing the deployment specification. When the interface microservice does not exist on the selected host, the method further includes initializing the interface microservice on the selected host, attaching the interface microservice to a hypervisor of the selected host, connecting the security microservice to the interface microservice of the selected host, and deploying the security microservice on the selected host.Type: GrantFiled: December 30, 2016Date of Patent: July 3, 2018Assignee: SHIELDX NETWORKS, INC.Inventors: Ratinder Paul Singh Ahuja, Manuel Nedbal, Meni Hillel, John Richard Guzik
-
Publication number: 20180115635Abstract: Systems and methods are described herein generally relating to network security, and in particular, embodiments described generally relate to systems and methods for selecting microservices to process protocol data streams. For example, a method is disclosed, which calls for receiving a protocol packet, the protocol packet comprising a sequence number, generating a difference by subtracting a protocol message base from the sequence number, generating a first quotient by dividing the difference by a protocol common message length, generating a second value using the first quotient, determining a Transmission Control Protocol (TCP) reassembly resource using the generated second value, and transmitting the protocol packet to the determined TCP reassembly resource.Type: ApplicationFiled: October 21, 2016Publication date: April 26, 2018Inventors: Ratinder Paul Singh Ahuja, Manuel Nedbal, Elanthiraiyan Ammoor Anbalagan, Lee Chik Cheung, Sumanth Gangashanaiah, John Richard Guzik
-
Patent number: 9882876Abstract: A method is provided in one example embodiment that includes receiving metadata from a host over a metadata channel. The metadata may be correlated with a network flow and a network policy may be applied to the connection. In other embodiments, a network flow may be received from a host without metadata associated with the flow, and a discovery redirect may be sent to the host. Metadata may then be received and correlated with the flow to identify a network policy action to apply to the flow.Type: GrantFiled: May 28, 2016Date of Patent: January 30, 2018Assignee: McAfee, LLCInventors: Geoffrey Cooper, Michael W. Green, John Richard Guzik
-
Publication number: 20170374030Abstract: A method is provided in one example embodiment that includes receiving metadata from a host over a metadata channel. The metadata may be correlated with a network flow and a network policy may be applied to the connection. In other embodiments, a network flow may be received from a host without metadata associated with the flow, and a discovery redirect may be sent to the host. Metadata may then be received and correlated with the flow to identify a network policy action to apply to the flow.Type: ApplicationFiled: August 24, 2017Publication date: December 28, 2017Applicant: McAfee, Inc.Inventors: Geoffrey Cooper, Michael W. Green, John Richard Guzik
-
Publication number: 20160352683Abstract: A method is provided in one example embodiment that includes receiving metadata from a host over a metadata channel. The metadata may be correlated with a network flow and a network policy may be applied to the connection. In other embodiments, a network flow may be received from a host without metadata associated with the flow, and a discovery redirect may be sent to the host. Metadata may then be received and correlated with the flow to identify a network policy action to apply to the flow.Type: ApplicationFiled: May 28, 2016Publication date: December 1, 2016Applicant: McAfee, Inc.Inventors: Geoffrey Cooper, Michael W. Green, John Richard Guzik
-
Publication number: 20160205071Abstract: The present disclosure combines Software Defined Networks (SDN) concepts with Security concepts. The coordination between SDN and Security provides a myriad of advantageous use cases. One exemplary use case involves providing a fast path at network speeds using SDN by routing network traffic to bypass a security appliance once the security appliance determines that the security appliance no longer needs to inspect the network traffic. Another exemplary use case involves remote provisioning of security zones.Type: ApplicationFiled: December 10, 2013Publication date: July 14, 2016Applicant: McAfee, Inc.Inventors: Geoffrey Howard COOPER, John Richard GUZIK
-
Patent number: 9356909Abstract: A method is provided in one example embodiment that includes receiving metadata from a host over a metadata channel. The metadata may be correlated with a network flow and a network policy may be applied to the connection. In other embodiments, a network flow may be received from a host without metadata associated with the flow, and a discovery redirect may be sent to the host. Metadata may then be received and correlated with the flow to identify a network policy action to apply to the flow.Type: GrantFiled: April 28, 2014Date of Patent: May 31, 2016Assignee: McAfee, Inc.Inventors: Geoffrey Cooper, Michael W. Green, John Richard Guzik
-
Publication number: 20140237584Abstract: A method is provided in one example embodiment that includes receiving metadata from a host over a metadata channel. The metadata may be correlated with a network flow and a network policy may be applied to the connection. In other embodiments, a network flow may be received from a host without metadata associated with the flow, and a discovery redirect may be sent to the host. Metadata may then be received and correlated with the flow to identify a network policy action to apply to the flow.Type: ApplicationFiled: April 28, 2014Publication date: August 21, 2014Inventors: Geoffrey Cooper, Michael W. Green, John Richard Guzik
-
Patent number: 8800024Abstract: A method is provided in one example embodiment that includes intercepting a network flow to a destination node having a network address and sending a discovery query based on a discovery action associated with the network address in a firewall cache. A discovery result may be received and metadata associated with the flow may be sent to a firewall before releasing the network flow. In other embodiments, a discovery query may be received from a source node and a discovery result sent to the source node, wherein the discovery result identifies a firewall for managing a route to a destination node. Metadata may be received from the source node over a metadata channel. A network flow from the source node to the destination node may be intercepted, and the metadata may be correlated with the network flow to apply a network policy to the network flow.Type: GrantFiled: October 17, 2011Date of Patent: August 5, 2014Assignee: McAfee, Inc.Inventors: Geoffrey Cooper, Michael W. Green, John Richard Guzik
-
Patent number: 8713668Abstract: A method is provided in one example embodiment that includes receiving metadata from a host over a metadata channel. The metadata may be correlated with a network flow and a network policy may be applied to the connection. In other embodiments, a network flow may be received from a host without metadata associated with the flow, and a discovery redirect may be sent to the host. Metadata may then be received and correlated with the flow to identify a network policy action to apply to the flow.Type: GrantFiled: October 17, 2011Date of Patent: April 29, 2014Assignee: McAfee, Inc.Inventors: Geoffrey Cooper, Michael W. Green, John Richard Guzik