Patents Assigned to Check Point Software Technologies LTD
  • Publication number: 20090292719
    Abstract: Methods, for automatically generating natural-language news items from log files, including the steps of: gathering at least one data record; filtering at least one data record according to at least one rule to produce at least one filtered data set; aggregating at least one filtered data set; analyzing at least one filtered data set for at least one statistical trend; and automatically generating a news item based on at least one statistical trend. Preferably, the method further includes the step of: customizing the news item based on a relative importance of at least one statistical trend. Preferably, the method further includes the step of: performing a drill-down analysis on at least one statistical trend. Most preferably, the method further includes the step of: enriching the news item based on the drill-down analysis. Preferably, the method further includes the step of: embedding at least one graphical element into the news item.
    Type: Application
    Filed: May 20, 2008
    Publication date: November 26, 2009
    Applicant: Check Point Software Technologies Ltd.
    Inventors: Marina LACHTARNIK, Gil RAVIV
  • Publication number: 20090276538
    Abstract: Disclosed are devices and methods for providing network access control utilizing traffic-regulation hardware, the device including: at least one client-side port for operationally connecting to a client system; at least one network-side port for operationally connecting to a network; a logic module for regulating network traffic, based on device-related data, between the ports, the logic module including: a memory unit for storing and loading the device-related data; and a CPU for processing the device-related data; and at least one relay, between at least one respective client-side port and at least one respective network-side port, configured to open upon receiving a respective network-access-denial command from the logic module. Preferably, the logic module is configured to maintain an open-relay line-rate when at least one relay is open, and to maintain a closed-relay line-rate when at least one relay is closed.
    Type: Application
    Filed: May 4, 2008
    Publication date: November 5, 2009
    Applicant: Check Point Software Technologies Ltd.
    Inventors: Oded Gonda, Yaron Sheffer
  • Publication number: 20090249466
    Abstract: Disclosed are methods, devices, and media for enforcing network access control, the method including the steps of: extracting a packet signature from a packet (or packet fragment) received from a network; storing the packet signature and the packet in a buffer; computing a buffer signature using a per-endpoint secret key; determining whether the packet signature and the buffer signature are identical; and upon determining the packet signature and the buffer signature are identical, transmitting the packet to a protocol stack. Preferably, the step of extracting includes extracting the packet signature from a field (e.g. identification field) of a header of the packet. Preferably, the method further includes the step of: upon determining the packet signature and the buffer signature are not identical, discarding the packet. Methods for receiving a packet from a protocol stack, and transmitting the packet to a network are disclosed as well.
    Type: Application
    Filed: March 27, 2008
    Publication date: October 1, 2009
    Applicant: Check Point Software Technologies Ltd.
    Inventors: Kirill MOTIL, Almog Cohen, Yaron Sheffer
  • Publication number: 20090119307
    Abstract: A computerized method performed in a computer operatively connected to storage. Parsing rules are determined for parsing logs output as text and/or symbols from multiple devices in a computer network. The logs are stored in the storage. Multiple log samples are sampled from the logs. The log samples are input into an application running on the computer. The log samples are each sectioned into multiple sections which include variable information separated by static structural text. Each of the log samples is processed by: comparing the sections to a list of regular expressions. The list is maintained in the storage, and upon matching a matched section of the sections to a matched regular expression from the list of the regular expressions, the matched section is tagged with a tag associated with the matched regular expression. The tag associated to the matched regular expression is stored and combined with any unmatched sections and with the static structural text to create a log pattern.
    Type: Application
    Filed: October 22, 2007
    Publication date: May 7, 2009
    Applicant: Check Point Software Technologies Ltd.
    Inventors: Uri Braun, Yuri Zaslavsky, Yosef Teitz
  • Publication number: 20030236887
    Abstract: A method to manage the bandwidth of a link that is available to a cluster of servers. The method includes establishing a localized bandwidth management policy for at least one of the servers from a centralized management policy of the cluster. The localized policy and the centralized policy are based on a hierarchical policy having a plurality of rules associated with classes of connections that are routed through the link. Each of the rules has an associated rate. The plurality of rules includes a plurality of terminal rules. Establishing the localized policy is performed by prorating the rate of at least one of the terminal rules under the centralized policy according to a first measurement of a usage of the link by the at least one server for the at least one terminal rule. The method also includes operating the at least one server according to the localized policy.
    Type: Application
    Filed: June 21, 2002
    Publication date: December 25, 2003
    Applicant: Check Point Software Technologies Ltd.
    Inventors: Alex Kesselman, Amos Peleg
  • Patent number: 6496935
    Abstract: A system, a device and a method for accelerating packet filtration by supplementing a firewall with a pre-filtering module. The pre-filtering module performs a limited set of actions with regard to the packets, according to whether the packets are received from a connection which has been previously permitted by the firewall. If the packets are received from such a permitted connection, then the pre-filtering module forwards the packets to their destination, optionally performing one or more actions on the packets. Otherwise, the packets are forwarded to the firewall for handling. Preferably, once the firewall has transferred responsibility for the connection to the pre-filtering module, or “off-loaded” the connection, the firewall does not receive further packets from this connection until a timeout occurs for the connection, or a packet is received with particular session-control field values, such that the connection is closed.
    Type: Grant
    Filed: March 2, 2000
    Date of Patent: December 17, 2002
    Assignee: Check Point Software Technologies LTD
    Inventors: Gonen Fink, Amir Harush
  • Patent number: 5835726
    Abstract: The present invention discloses a novel system for controlling the inbound and outbound data packet flow in a computer network. By controlling the packet flow in a computer network, private networks can be secured from outside attacks in addition to controlling the flow of packets from within the private network to the outside world. A user generates a rule base which is then converted into a set of filter language instruction. Each rule in the rule base includes a source, destination, service, whether to accept or reject the packet and whether to log the event. The set of filter language instructions are installed and execute on inspection engines which are placed on computers acting as firewalls. The firewalls are positioned in the computer network such that all traffic to and from the network to be protected is forced to pass through the firewall. Thus, packets are filtered as they flow into and out of the network in accordance with the rules comprising the rule base.
    Type: Grant
    Filed: June 17, 1996
    Date of Patent: November 10, 1998
    Assignee: Check Point Software Technologies Ltd.
    Inventors: Gil Shwed, Shlomo Kramer, Nir Zuk, Gil Dogon, Ehud Ben-Reuven