Abstract: Systems and methods for a portable, hardware-based authentication client solution that enforces user-to-site network access control restrictions is provided. According to various embodiments of the present disclosure, the authentication client device maintains a list of pre-authorized client devices. The authentication client device is assigned to a particular user of an enterprise network and paired with a firewall appliance. A connection establishment request for establishing a connection with an enterprise network via the firewall appliance is received by the authentication client device via a network interface. The authentication client device confirms the connection establishment request was initiated by the particular user by authenticating the particular user. When the particular user is successfully authenticated, it is verified whether the client device is on the list of pre-authorized client devices.

Abstract: Systems and methods for detecting access points proximate to a mobile computing device to facilitate wireless network troubleshooting and management of the access points are provided. According to an embodiment, a mobile application, running on a mobile device that is operating within a physical environment, discovers a subset of wireless access points (APs) of various managed APs of a private network that are proximate to the mobile device by receiving short-range beacons originated by the subset of APs. The mobile application presents a list of the subset of APs within a user interface of the mobile application and bridges the physical environment and a network environment containing information regarding the private network. The mobile application facilitates management of a particular AP of the subset of APs by presenting configuration information or operating information for the particular AP within the user interface.

Abstract: Systems and methods for facilitating a mind map approach to a SOAR threat investigation are provided. A SOAR platform operatively coupled with a Security Operation Center (SOC) of a monitored network receives alert data pertaining to an incident. A mind map view is generated within a graphical user interface. The mind map view includes a primary node corresponding to the incident, one or more field nodes associated with the primary node, one or more action nodes based at least on one of the one or more field nodes. Each of the action nodes is associated with one or more dynamic actions selectable by an analyst. Responsive to selection of a dynamic action, at least one field node or a suggested actions associated with a corresponding action node is suggested by a machine-learning engine based on the selection. The mind map view is updated in real time to include the suggestion.

Abstract: A battery saving controller toggles between a normal mode and a battery saving mode which selectively processing location beacons using mobile inbuilt sensors. Bluetooth location beacons are periodically sent by nearby Bluetooth location devices for updating a current location of mobile devices. Battery power within the mobile devices is selectively used for processing the location beacon. The processing exposes the unique tag id from Bluetooth LE data packets, and determines the RSSI value of the data packets received from Bluetooth devices. The battery saving controller deactivates location beacon processing to save power usage from the battery, responsive to detecting identical packets over a time interval. Additionally, the battery saving controller reactivates location beacon responsive to at least one of the sensors inbuilt to the mobile device detecting movement of the mobile device.

Abstract: Systems and methods for adaptively provisioning a distributed event data store of a multi-tenant architecture are provided. According to one embodiment, a managed security service provider (MSSP) maintains a distributed event data store on behalf of each tenant of the MSSP. For each tenant, the MSSP periodically determines a provisioning status for a current active partition of the distributed event data store of the tenant. Further, when the determining indicates an under-provisioning condition exits, the MSSP dynamically increases number of resource provision units (RPUs) to be used for a new partition to be added to the partitions for the tenant by a first adjustment ratio. While, when the determining indicates an over-provisioning condition exists, the MSSP dynamically decreases the number of RPUs to be used for subsequent partitions added to the partitions for the tenant by a second adjustment ratio.

Abstract: Systems and methods for dynamically establishing network overlay tunnels between edges within different groups of a network architecture are provided. According to an embodiment, a Software-Defined Wide Area Network (SDWAN) controller associated with a private network, receives a request to initiate a dynamic Virtual Private Network (VPN) link for a network session between a source edge and a destination edge. The SDWAN controller determines configuration information for each of the source edge and the destination edge, which includes VPN and SDWAN configuration information determined based on pre-configured rules managed by the SDWAN controller for generating the dynamic VPN link between the source edge and the destination edge. The SDWAN controller directs the source edge and the destination edge to set up a VPN overlay tunnel in accordance with the determined configuration information by pushing the determined configuration information to each of the source edge and the destination edge.

Abstract: Systems, methods, and apparatuses enable a security orchestrator to detect a virtual machine deployed in a virtual environment. The virtual machine includes a tag storing information associated with the virtual machine. The security orchestrator determines that the tag contains one or more security elements, the security elements indicating information for determining security settings and policies to be applied to the virtual machine. The security orchestrator determines the security settings and policies associated with the one or more security elements. The security orchestrator then assigns or applies the security settings and policies for the virtual machine based on values of the one or more security elements.

Abstract: Systems and methods for implementing a secure communication channel between kernel and user mode components are provided. According to an embodiment, a shared memory is provided through which a kernel mode process and a user mode process communicate. The kernel mode process is assigned read-write access to the shared memory. The user mode process is assigned read-only access to the shared memory. An offset-based linked list is implemented within the shared memory. Kernel-to-user messages are communicated from the kernel mode process to the user mode process by adding corresponding nodes to the offset-based linked list. One or more kernel-to-user messages are read by the user mode process following the offset-based linked list in order. The kernel mode process is signaled by the user mode process that a kernel-to-user message has been consumed by the user mode process through an input output control (ioctl) system call or an event object.

Abstract: Methods and systems are provided for an improved cluster-based network architecture. According to one embodiment, an active connection is established between a first interface of a network device and an enabled interface of a first cluster unit of an HA cluster of network security devices. The HA cluster is configured to provide connectivity between network devices of an internal and external network. A backup connection is established between a second interface of the network device and a disabled interface of a second cluster unit. While the first cluster unit is operational and has connectivity, it receives and processes all network traffic from the network device that is destined for the external network. Upon determining the first cluster unit has failed or has lost connectivity, then all subsequent network traffic originated by the network device that is destined for the external network is directed to the second cluster unit.

Abstract: The present invention relates to a method for managing IoT devices by a security fabric. A method is provided for managing IoT devices includes collecting, by analyzing tier, data of Internet of Things (IoT) devices from a plurality of data sources, abstracting, by analyzing tier, profiled element baselines (PEBs) of IoT devices from the data, wherein each PEB includes characteristics of IoT devices; retrieving, by executing tier, the PEBs from the analyzing tier, wherein the executing tier is configured to control network traffic of IoT devices of a private network; generating, by the executing tier, security policies for IoT devices from PEBs of the IoT devices; and controlling, by the executing tier, network traffic of the IoT devices of the private network to comply with the security policies.

Abstract: Systems and methods for detecting Internet services by a network policy controller are provided. According to one embodiment, a network controller maintains an Internet service database (ISDB) in which multiple Internet services and corresponding protocols, port numbers, Internet Protocol (IP) address ranges and singularity levels of the IP ranges are stored. The network policy controller intercepts network traffic and detects the Internet service of the network traffic. If an IP address of the network traffic falls in an IP range with highest singularity level and the protocol type, port number of the network traffic are matched in the ISDB, the corresponding Internet service is identified as the Internet service of the network traffic. The network policy controller further controls transmission of the network traffic based on the Internet service.

Abstract: A sender of the RTS frame is decoded based on the symbol error sequence and a station database within the access point, even if there is a CRC (cyclical redundancy checking) failure. The access point seizes the transmit opportunity during RTS reception failure, as collision results in higher back off window before stations can transmit. To minimize the impact of collision on voice clients, some embodiments prioritize transmission of voice packets within the new transmit opportunity.

Abstract: The present invention relates to a methods, systems and non-transitory computer-readable storage medium for managing IoT devices by a security fabric. According to one embodiment, an analyzing tier collects data of Internet of Things (IoT) devices from a plurality of data sources and abstracts profiled element baselines (PEBs) of IoT devices of the same type from the data. An executing tier retrieves the PEBs from the analyzing tier and generates security policies for IoT devices of the same type from PEBs. The executing tier controls network traffic of the IoT devices of the private network to comply with the security policies.

Abstract: Systems and methods for an improved HA cluster architecture that provides for seamless failover while also maintaining full processing capacity are provided. According to one embodiment, each member of a hybrid HA cluster of reverse proxy network security devices is configured to operate in an active mode or in a backup mode. A primary member of a set of active members of the cluster receives and processes network traffic. The cluster detects existence of a failure scenario of multiple potential failure scenarios involving an active member, including (i) failure of the primary member; and (ii) failure of a non-primary member. Responsive to detecting the existence of the failure scenario, seamlessly failing over from the failed active member to a backup member of a set of backup members of the cluster by causing the backup member to join the set of active members by placing it in the active mode.

Abstract: An access point switches between an access point mode and a cryptomining mode. In the access point mode, the access point provides network access for end stations using a BSSID (Basic Service Set Identifier) while in the access point mode. In surveillance mode, the access point activates a mining co-processor and collectively works on problems coordinated by a stratum mining server. Artificial intelligence can be used to determine which access points to switch modes and for how long.

Abstract: A WLAN driver of the TCP proxy device transmits network packets transmitted from a sender device over the data communication network to a wireless station. TCP network packets are diverted to a TCP proxy pipeline. First, the wireless receiver device is emulated to a wireless sender device by providing an ACK packet to the sender device in order to close the TCP session on the sender side by responding to a TCP handshake with the sender device. Second, the sender device is emulated to a wireless station over the wireless network connection by initiating a TCP handshake with a wireless station including receiving an ACK packet from the wireless station and suppressing the ACK packet from an initial destination associated with the sender device.

Abstract: Poisoning attacks by spoofing location beacons in a WLAN are detected using silence periods. A location beacon identifier is received from a mobile device allegedly within range of a location device transmitting location beacons, along with a timestamp of transmission for each of the location beacons. Also silence periods associated with the location device, during which transmissions of location beacons are temporarily discontinued, and which are unknown to the public, are determined or retrieved. The location beacon transmission time is compared to the silence periods. Responsive to the location beacon transmission time corresponding to at least one of the silence periods, the location device flagged as poisoned.

Abstract: The present invention relates to a method for managing IoT devices by a security fabric. According to one embodiment, an analyzing tier collects data of Internet of Things (IoT) devices from a plurality of data sources and abstracts profiled element baselines (PEBs) of IoT devices of the same type from the data. An executing tier retrieves the PEBs from the analyzing tier and generates security policies for IoT devices of the same type from PEBs. The executing tier controls network traffic of the IoT devices of the private network to comply with the security policies.

Abstract: Applications associated with the network data packet are identified by parsing the network data packet of the received network data packets to identify a second-level domain from a destination IP address and searching the second-level domain database to identify the application associated with the second-level domain. It is determined whether the network data packet comprises a DNS packet or a non-DNS packet. Responsive to the network data packet comprising a DNS packet, a second-level domain database in real-time is updated by storing the destination IP address in association with the second-level domain, the second-level domain associated with the application. Responsive to the network data packet comprising a non-DNS packet, a network policy for enforcement on the identified application and routing the network data packet in accordance with the network policy for the application is identified.

Abstract: The present invention relates to methods, systems and non-transitory computer-readable storage medium for managing IoT devices by a security fabric. According to one embodiment, an analyzing tier collects data of Internet of Things (IoT) devices from a plurality of data sources and abstracts profiled element baselines (PEBs) of IoT devices of the same type from the data. An executing tier retrieves the PEBs from the analyzing tier and generates security policies for IoT devices of the same type from PEBs. The executing tier controls network traffic of the IoT devices of the private network to comply with the security policies.