Abstract: A flow processing facility, which uses a set of artificial neurons for pattern recognition, such as a self-organizing map, in order to provide security and protection to a computer or computer system supports unified threat management based at least in part on patterns relevant to a variety of types of threats that relate to computer systems, including computer networks. Flow processing for switching, security, and other network applications, including a facility that processes a data flow to address patterns relevant to a variety of conditions are directed at internal network security, virtualization, and web connection security. A flow processing facility for inspecting payloads of network traffic packets detects security threats and intrusions across accessible layers of the IP-stack by applying content matching and behavioral anomaly detection techniques based on regular expression matching and self-organizing maps.

Abstract: A flow processing facility, which uses a set of artificial neurons for pattern recognition, such as a self-organizing map, in order to provide security and protection to a computer or computer system supports unified threat management based at least in part on patterns relevant to a variety of types of threats that relate to computer systems, including computer networks. Flow processing for switching, security, and other network applications, including a facility that processes a data flow to address patterns relevant to a variety of conditions are directed at internal network security, virtualization, and web connection security. A flow processing facility for inspecting payloads of network traffic packets detects security threats and intrusions across accessible layers of the IP-stack by applying content matching and behavioral anomaly detection techniques based on regular expression matching and self-organizing maps.

Abstract: A process for opening and reading a file over a network, including a WAN. An edge file gateway receives a request from an application to open a file cached with the edge file gateway at one point on a network and stored on a file server connected to a central server at another point on the network. The edge file gateway forwards the request to open the file to the central server, along with any offsets and lengths stored from any previous requests to read the file. The central server responds by sending any file data described in the offsets and lengths to the edge file gateway. When the edge file gateway receives a read request, the edge file gateway stores the offset and length for the request, if a predefined storage limit is not exceeded, and attempts to satisfy the request from cached file data.

Abstract: A proxy apparatus includes a processor and a memory storing instructions executed by the processor to determine whether a received packet has a corresponding application proxy and, if so, apply application proxy processing optimizations to the packet plus overlay network optimizations to the packet. Wherein the application proxy processing optimizations include header reduction for header fields that remain static from transmission to transmission.

Abstract: Methods, apparatuses, and systems directed to reducing network traffic and processing overhead associated with directory refresh operations in wide area network file systems. In a particular implementation, the frequency of synchronization of certain directory contents information, such as security attribute information, that changes less frequently is reduced relative to other types of directory contents information that changes more frequently, such as file and folder names, last modified times, and the like. Other implementations reduce garbage collection overhead for a cached file system by deferring deletion of invalidated objects in a directory until a client application specifically identified the directory.

Abstract: A non-transitory computer readable storage medium includes executable instructions to identify specified network interactions initiated by a client machine. The specified network interactions are compared to normative values to produce a promiscuity score indicative of the risk of the client machine contracting malicious software. Depending upon the promiscuity score, prophylactic actions are optionally applied to the client machine.

Abstract: A data and control plane architecture for network devices. An example system architecture includes a network processing unit implementing one or more data plane operations, and a network device operably coupled to the network processing unit that implements a control plane. In a particular implementation, the network processing unit is configured to process network traffic according to a data plane configuration, and sample selected packets to the network device. The network device processes the sampled packets and adjusts the data plane configuration responsive to the sampled packets.

Abstract: A method and apparatus for using an application layer demarcation point are described. In one embodiment, the method comprises monitoring end-to-end performance of a network application at an application demarcation point in a network, and mediating between provider infrastructure and customer infrastructure based on results of monitoring.

Abstract: A network access point secures a WiFi network, and acts as a picocell, by identifying applications running on computer-based devices, such as mobile phones, tablet computers, and the like, that seek to access the Internet (or another network) via the access point and applying network access policies to data communications by those applications according to application, location, context, device and/or user characteristics.

Abstract: Methods and systems for blocking unwanted software downloads within a network. Such methods may thereby prevent (i) downloads of spyware from one or more identified locations, and/or (ii) certain outbound communications from the network and/or may also permit software downloads only from specified locations. In general, the policies are defined by rules specified by a network administrator or other user.

Abstract: Application programming interface (API) hooks are injected into an application program executing at a client during run-time. Responsive to these hooks, data intended for encryption prior to transmission from the client is diverted, for example for content filtering, compression, etc., prior to being encrypted. In the case of encrypted data received at the client, the data is decrypted but before being passed to the application it is diverted, under control of the API hooks, for content filtering, decompression, etc.

Abstract: According to one aspect, a method for categorizing at least one image includes obtaining the at least one image and mapping the at least one image to at least a first grid. The first grid is a two-dimensional grid that includes a plurality of cells. The method also includes characterizing the first grid, wherein categorizing the first grid includes determining whether the first grid is indicative of an offensive characteristic, and identifying the at least one image as offensive when it is determined that the first grid is indicative of the offensive characteristic. When it is determined that the first grid is not indicative of the offensive characteristic, the at least one image is identified as not offensive.

Abstract: A method and system for distributing flows between a multiple processors. The flows can be received from an external source such as a network, by a front-end processor that recognizes the flow and the associated request, and identifies at least one internal applications processor to process the request/flow. The front-end processor utilizes a flow scheduling vector related to the identified applications processor(s), and the flow scheduling vector can be based on intrinsic data from the applications processor(s) that can include CPU utilization, memory utilization, packet loss, and queue length or buffer occupation. In some embodiments, applications processors can be understood to belong to a group, wherein applications processors within a group can be configured identically. A flow schedule vector can be computed for the different applications processor groups.

Abstract: A policy distribution server provides, on a subscription basis, policy updates to effect desired behaviors of network intermediary devices. The policy updates may specify caching policies, and may in some instances, include instructions for data collection by the network intermediary devices. Data collected in accordance with such instructions may be used to inform future policy updates distributed to the network intermediary devices.

Abstract: Provided are a method and system for tracking access to application data and preventing data exploitation by malicious programs. In one example, the method includes shimming into a running process of the system to create at least one monitoring hook to monitor a program, building an execution path of the monitored program, and monitoring a behavior of the execution path for malicious behavior using the monitoring hook.

Abstract: Data useful in analyzing the effectiveness of policies for handling transactions involving client communications is automatically collected at network intermediary devices and delivered to an analysis server as part of feedback communications from the network intermediary devices. The data may be collected according to data collection directives distributed to the network intermediary devices along with updates to policies for handling transactions, those updates being configured to alter actions of the network intermediary devices, for example to accommodate changes in behaviors of content servers from which the network intermediary devices obtain content in connection with the client communications.

Abstract: Methods, apparatuses, and systems directed to improving shared file access in wide area network file systems. In a particular implementation, one or more elements of a wide area file system cooperate to keep an original file intact on a remote file server until a new copy of the same file is flushed to the remote file server. In a particular implementation, rename operations identifying a source and a target in connection with application-level save operations are executed as two composite operations including creation of the target, and a delayed deletion of the source. The delay after which the source is deleted can be configured to be just large enough so that the application save operation on a local cache can be completed.

Abstract: A caching device is configured to determine whether an object received or currently stored at the caching device should be (or continue to be) cached at the caching device, even if the object is otherwise cacheable. If so, the object is cached (or retained) at the caching device, otherwise, it is not. The determination as to whether or not the object should be cached or, if already cached, retained at the caching device may be made on the basis of a worthiness determination which evaluates the object on the basis of one or more parameters or attributes of the object, which worthiness may be one part of an overall value determination for the object.

Abstract: In one embodiment, an intermediary device situated along a communication path between two endpoint devices may receive communication packets sent along the communication path. If the intermediary device receives a connection-initiating packet having a customization indicator and a connection-acknowledgement packet having a customization indicator, then the intermediary device may install a bypass rule.

Abstract: In a system for delivering notifications to a network administrator's web browser during normal web browsing, a transaction state management module disposed between the web browser and the Internet tracks and manages various states of communications, a notification module stores notification messages, and an authentication module is configured to authenticate web page requests. Upon identifying the administrator through the authentication module, a client-side proxy temporarily stores the original HTTP request. A notification generator module constructs a notification data, and a special link to acknowledge the notice, which are returned to the web browser. Once the administrator selects the link, the original HTTP request is extracted from storage and forwarded by a server-side proxy to the original destination server.