Patents Assigned to Centripetal Networks
-
Patent number: 10284522Abstract: In some variations, first and second rule sets may be received by a network protection device. The first and second rule sets may be preprocessed. The network protection device may be configured to process packets in accordance with the first rule set. Packets may be received by the network protection device. A first portion of the packets may be processed in accordance with the first rule set. The network protection device may be reconfigured to process packets in accordance with the second rule set. A second portion of the packets may be processed in accordance with the second rule set.Type: GrantFiled: June 1, 2017Date of Patent: May 7, 2019Assignee: Centripetal Networks, Inc.Inventors: David K. Ahn, Steven Rogers, Sean Moore
-
Patent number: 10284526Abstract: Systems, devices, and methods are disclosed for selectively decrypting SSL/TLS communications. Contents of the decrypted communications that may result in some action; for example, to terminate the communications, or to log and store the plaintext packets of the communications for subsequent content inspection and analysis. A SSL/TLS proxy may examine the information contained in the TLS handshake protocol and/or examine other information associated with the connection. Based on the examination, a proxy may determine whether or not to decrypt the encrypted communications. The proxy may take additional actions based on content inspection.Type: GrantFiled: July 19, 2018Date of Patent: May 7, 2019Assignee: Centripetal Networks, Inc.Inventor: Sean Moore
-
Patent number: 10193917Abstract: A packet-filtering device may receive packet-filtering rules configured to cause the packet-filtering device to identify packets corresponding to network-threat indicators. The packet-filtering device may receive packets and, for each packet, may determine that the packet corresponds to criteria specified by a packet-filtering rule. The criteria may correspond to one or more of the network-threat indicators. The packet-filtering device may apply an operator specified by the packet-filtering rule. The operator may be configured to cause the packet-filtering device to either prevent the packet from continuing toward its destination or allow the packet to continue toward its destination.Type: GrantFiled: November 30, 2017Date of Patent: January 29, 2019Assignee: Centripetal Networks, Inc.Inventors: David K. Ahn, Keith A. George, Peter P. Geremia, Pierre Mallett, III, Sean Moore, Robert T. Perry, Jonathan R. Rogers
-
Patent number: 10142372Abstract: Methods and systems for protecting a secured network are presented. For example, one or more packet security gateways may be associated with a security policy management server. At each packet security gateway, a dynamic security policy may be received from the security policy management server, packets associated with a network protected by the packet security gateway may be received, and at least one of multiple packet transformation functions specified by the dynamic security policy may be performed on the packets.Type: GrantFiled: January 24, 2017Date of Patent: November 27, 2018Assignee: Centripetal Networks, Inc.Inventors: Steven Rogers, Sean Moore, David K. Ahn, Peter P. Geremia
-
Patent number: 10091246Abstract: Methods and systems for protecting a secured network are presented. For example, one or more packet security gateways may be associated with a security policy management server. At each packet security gateway, a dynamic security policy may be received from the security policy management server, packets associated with a network protected by the packet security gateway may be received, and at least one of multiple packet transformation functions specified by the dynamic security policy may be performed on the packets. Performing the at least one of multiple packet transformation functions specified by the dynamic security policy on the packets may include performing at least one packet transformation function other than forwarding or dropping the packets.Type: GrantFiled: January 24, 2017Date of Patent: October 2, 2018Assignee: Centripetal Networks, Inc.Inventors: Steven Rogers, Sean Moore
-
Patent number: 9917856Abstract: A packet-filtering system configured to filter packets in accordance with packet-filtering rules may receive data indicating network-threat indicators and may configure the packet-filtering rules to cause the packet-filtering system to identify packets comprising unencrypted data, and packets comprising encrypted data. A portion of the unencrypted data may correspond to one or more of the network-threat indicators, and the packet-filtering rules may be configured to cause the packet-filtering system to determine, based on the portion of the unencrypted data, that the packets comprising encrypted data correspond to the one or more network-threat indicators.Type: GrantFiled: December 23, 2015Date of Patent: March 13, 2018Assignee: Centripetal Networks, Inc.Inventors: David K. Ahn, Sean Moore, Douglas M. DiSabello
-
Patent number: 9866576Abstract: A packet-filtering device may receive packet-filtering rules configured to cause the packet-filtering device to identify packets corresponding to network-threat indicators. The packet-filtering device may receive packets and, for each packet, may determine that the packet corresponds to criteria specified by a packet-filtering rule. The criteria may correspond to one or more of the network-threat indicators. The packet-filtering device may apply an operator specified by the packet-filtering rule. The operator may be configured to cause the packet-filtering device to either prevent the packet from continuing toward its destination or allow the packet to continue toward its destination.Type: GrantFiled: April 17, 2015Date of Patent: January 9, 2018Assignee: Centripetal Networks, Inc.Inventors: David K. Ahn, Keith A. George, Peter P. Geremia, Pierre Mallett, III, Sean Moore, Robert T. Perry, Jonathan R. Rogers
-
Patent number: 9686193Abstract: Aspects of this disclosure relate to filtering network data transfers. In some variations, multiple packets may be received. A determination may be made that a portion of the packets have packet header field values corresponding to a packet filtering rule. Responsive to such a determination, an operator specified by the packet filtering rule may be applied to the portion of packets having the packet header field values corresponding to the packet filtering rule. A further determination may be made that one or more of the portion of the packets have one or more application header field values corresponding to one or more application header field criteria specified by the operator. Responsive to such a determination, at least one packet transformation function specified by the operator may be applied to the one or more of the portion of the packets.Type: GrantFiled: February 18, 2015Date of Patent: June 20, 2017Assignee: Centripetal Networks, Inc.Inventor: Sean Moore
-
Patent number: 9674148Abstract: In some variations, first and second rule sets may be received by a network protection device. The first and second rule sets may be preprocessed. The network protection device may be configured to process packets in accordance with the first rule set. Packets may be received by the network protection device. A first portion of the packets may be processed in accordance with the first rule set. The network protection device may be reconfigured to process packets in accordance with the second rule set. A second portion of the packets may be processed in accordance with the second rule set.Type: GrantFiled: October 23, 2015Date of Patent: June 6, 2017Assignee: Centripetal Networks, Inc.Inventors: David K. Ahn, Steven Rogers, Sean Moore
-
Patent number: 9565213Abstract: Methods and systems for protecting a secured network are presented. For example, one or more packet security gateways may be associated with a security policy management server. At each packet security gateway, a dynamic security policy may be received from the security policy management server, packets associated with a network protected by the packet security gateway may be received, and at least one of multiple packet transformation functions specified by the dynamic security policy may be performed on the packets.Type: GrantFiled: April 16, 2014Date of Patent: February 7, 2017Assignee: Centripetal Networks, Inc.Inventors: Steven Rogers, Sean Moore, David K. Ahn, Peter P. Geremia
-
Patent number: 9560077Abstract: Methods and systems for protecting a secured network are presented. For example, one or more packet security gateways may be associated with a security policy management server. At each packet security gateway, a dynamic security policy may be received from the security policy management server, packets associated with a network protected by the packet security gateway may be received, and at least one of multiple packet transformation functions specified by the dynamic security policy may be performed on the packets. Performing the at least one of multiple packet transformation functions specified by the dynamic security policy on the packets may include performing at least one packet transformation function other than forwarding or dropping the packets.Type: GrantFiled: April 28, 2015Date of Patent: January 31, 2017Assignee: Centripetal Networks, Inc.Inventors: Steven Rogers, Sean Moore
-
Patent number: 9560176Abstract: A computing system may identify packets received by a network device from a host located in a first network and may generate log entries corresponding to the packets received by the network device. The computing system may identify packets transmitted by the network device to a host located in a second network and may generate log entries corresponding to the packets transmitted by the network device. Utilizing the log entries corresponding to the packets received by the network device and the log entries corresponding to the packets transmitted by the network device, the computing system may correlate the packets transmitted by the network device with the packets received by the network device.Type: GrantFiled: May 15, 2015Date of Patent: January 31, 2017Assignee: Centripetal Networks, Inc.Inventors: David K. Ahn, Peter P. Geremia, Pierre Mallett, III, Sean Moore, Robert T. Perry
-
Patent number: 9413722Abstract: A packet-filtering device may receive packet-filtering rules configured to cause the packet-filtering device to identify packets corresponding to network-threat indicators. The packet-filtering device may receive packets and, for each packet, may determine that the packet corresponds to criteria specified by a packet-filtering rule. The criteria may correspond to one or more of the network-threat indicators. The packet-filtering device may apply an operator specified by the packet-filtering rule. The operator may be configured to cause the packet-filtering device to either prevent the packet from continuing toward its destination or allow the packet to continue toward its destination.Type: GrantFiled: September 15, 2015Date of Patent: August 9, 2016Assignee: Centripetal Networks, Inc.Inventors: David K. Ahn, Keith A. George, Peter P. Geremia, Pierre Mallett, III, Sean Moore, Robert T. Perry, Jonathan R. Rogers
-
Patent number: 9264370Abstract: A computing system may identify packets received by a network device from a host located in a first network and may generate log entries corresponding to the packets received by the network device. The computing system may identify packets transmitted by the network device to a host located in a second network and may generate log entries corresponding to the packets transmitted by the network device. Utilizing the log entries corresponding to the packets received by the network device and the log entries corresponding to the packets transmitted by the network device, the computing system may correlate the packets transmitted by the network device with the packets received by the network device.Type: GrantFiled: February 10, 2015Date of Patent: February 16, 2016Assignee: Centripetal Networks, Inc.Inventors: David K. Ahn, Peter P. Geremia, Pierre Mallett, III, Sean Moore, Robert T. Perry
-
Patent number: 9203806Abstract: In some variations, first and second rule sets may be received by a network protection device. The first and second rule sets may be preprocessed. The network protection device may be configured to process packets in accordance with the first rule set. Packets may be received by the network protection device. A first portion of the packets may be processed in accordance with the first rule set. The network protection device may be reconfigured to process packets in accordance with the second rule set. A second portion of the packets may be processed in accordance with the second rule set.Type: GrantFiled: January 11, 2013Date of Patent: December 1, 2015Assignee: Centripetal Networks, Inc.Inventors: David K. Ahn, Steven Rogers, Sean Moore
-
Publication number: 20150304354Abstract: Methods and systems for protecting a secured network are presented. For example, one or more packet security gateways may be associated with a security policy management server. At each packet security gateway, a dynamic security policy may be received from the security policy management server, packets associated with a network protected by the packet security gateway may be received, and at least one of multiple packet transformation functions specified by the dynamic security policy may be performed on the packets.Type: ApplicationFiled: April 16, 2014Publication date: October 22, 2015Applicant: Centripetal Networks, Inc.Inventors: Steven Rogers, Sean Moore, David K. Ahn, Peter P. Geremia
-
Patent number: 9160713Abstract: Aspects of this disclosure relate to filtering network data transfers. In some variations, multiple packets may be received. A determination may be made that a portion of the packets have packet header field values corresponding to a packet filtering rule. Responsive to such a determination, an operator specified by the packet filtering rule may be applied to the portion of packets having the packet header field values corresponding to the packet filtering rule. A further determination may be made that one or more of the portion of the packets have one or more application header field values corresponding to one or more application header field criteria specified by the operator. Responsive to such a determination, at least one packet transformation function specified by the operator may be applied to the one or more of the portion of the packets.Type: GrantFiled: May 3, 2015Date of Patent: October 13, 2015Assignee: Centripetal Networks, Inc.Inventor: Sean Moore
-
Patent number: 9137205Abstract: Methods and systems for protecting a secured network are presented. For example, one or more packet security gateways may be associated with a security policy management server. At each packet security gateway, a dynamic security policy may be received from the security policy management server, packets associated with a network protected by the packet security gateway may be received, and at least one of multiple packet transformation functions specified by the dynamic security policy may be performed on the packets. Performing the at least one of multiple packet transformation functions specified by the dynamic security policy on the packets may include performing at least one packet transformation function other than forwarding or dropping the packets.Type: GrantFiled: October 22, 2012Date of Patent: September 15, 2015Assignee: Centripetal Networks, Inc.Inventors: Steven Rogers, Sean Moore
-
Patent number: 9124552Abstract: Aspects of this disclosure relate to filtering network data transfers. In some variations, multiple packets may be received. A determination may be made that a portion of the packets have packet header field values corresponding to a packet filtering rule. Responsive to such a determination, an operator specified by the packet filtering rule may be applied to the portion of packets having the packet header field values corresponding to the packet filtering rule. A further determination may be made that one or more of the portion of the packets have one or more application header field values corresponding to one or more application header field criteria specified by the operator. Responsive to such a determination, at least one packet transformation function specified by the operator may be applied to the one or more of the portion of the packets.Type: GrantFiled: March 12, 2013Date of Patent: September 1, 2015Assignee: Centripetal Networks, Inc.Inventor: Sean Moore
-
Patent number: 9094445Abstract: Packets may be received by a packet security gateway. Responsive to a determination that an overload condition has occurred in one or more networks associated with the packet security gateway, a first group of packet filtering rules may be applied to at least some of the packets. Applying the first group of packet filtering rules may include allowing at least a first portion of the packets to continue toward their respective destinations. Responsive to a determination that the overload condition has been mitigated, a second group of packet filtering rules may be applied to at least some of the packets. Applying the second group of packet filtering rules may include allowing at least a second portion of the packets to continue toward their respective destinations.Type: GrantFiled: March 15, 2013Date of Patent: July 28, 2015Assignee: Centripetal Networks, Inc.Inventors: Sean Moore, Steven Rogers, John Daniel Scoggins, Sr.