Abstract: According to an aspect, there is provided a method for conditionally enabling access to endpoint devices of a microsegment within a private network from a management console which is external to the private network. A secure edge device discovers all of the endpoint devices within the microsegment and identifies which endpoint devices are connectable devices. A secure lobby node conveys to the management console information identifying all of the endpoint devices and which endpoint devices are connectable devices. Thus, a user of the management console can easily learn what endpoint devices are in the microsegment and which endpoint devices are connectable devices, such that the user can then choose to remotely connect to one or more of the connectable devices. Notably, the secure lobby node and the secure edge device enable one-hop traffic between the management console and any of the connectable devices of the microsegment.
Type:
Grant
Filed:
September 14, 2022
Date of Patent:
January 27, 2026
Assignee:
Byos Inc.
Inventors:
Matias Katz, Cristian Amicelli, Cristobal Del Pino, Ryan Bunker
Abstract: A network security device mediates communications between a client computing device and a network. The network security device includes a memory storing packet header verification rules defining parameters for structure and content of packet headers. The network security device further includes a communications interface to connect to the client computing device and the network. The network security device further includes a processor interconnected with the memory and the communications interface. The processor is configured to: in response to receiving an incoming packet from the network for transmission to the client computing device, extract an incoming header from the incoming packet. The processor is further configured to perform a verification of structure and content of the incoming header according to the packet header verification rules.