Abstract: The present disclosure describes systems and methods for use of a distributed ledger system to securely store data. Encrypted data files of one or more computing devices may be distributed to processing nodes of the distributed ledger system. The data may be subsequently retrieved and decrypted by the computing device or another device. Because the distributed ledger system creates a chain of hashes of prior blocks, the data may be immune to modification or corruption, as any changes to blocks storing the encrypted data may be immediately apparent.

Abstract: The present disclosure describes systems and methods for geoprocessing-based packet processing and network security. Filter parameters, such as Internet Protocol (IP) addresses or other such information, may be used to define one or more minimum bounding rectangles (MBR). Parameters of an incoming packet may be compared to the MBR data using spatial algorithms, such as a coordinate search within an R-tree data structure. The identified MBRs within the tree may be used to apply corresponding filtering and/or forwarding rules to the packet. This may significantly accelerate rule searching and matching algorithms, reducing delays and computing resource requirements and accelerating network security processing.

Abstract: The present disclosure describes systems and methods for verification of data, including updates to applications, firmware, operating system libraries or other such data. This may be done through the use of a distributed ledger system to provide a secure anti-tamper mechanism for software and firmware updates that may be independently accessed and verified by any device. Distributed ledger systems, sometimes referred to as block chains, are online data storage systems with cryptography-based architecture providing links between records stored in “blocks”. Each block contains a hash of a previous block, providing a chain of linked blocks that are immutable: any alteration of a record changes the hash of the subsequent block, which changes the hash of the next subsequent block, etc. Accordingly, any modification of data is easily detectable.

Abstract: A security appliance may incorporate a touch screen or similar input/output interface, providing command and control over network functionality and configuration, without requiring log in via a network from another computing device. During denial of service attacks, commands from the local interface may be given priority access to processing resources and memory, allowing mitigating actions to be taken, such as shutting down ports, blacklisting packet sources, or modifying filter rules. This may allow the security device to address attacks without having to be manually rebooted or disconnected from the network.

Abstract: A security appliance may incorporate a touch screen or similar input/output interface, providing command and control over network functionality and configuration, without requiring log in via a network from another computing device. During denial of service attacks, commands from the local interface may be given priority access to processing resources and memory, allowing mitigating actions to be taken, such as shutting down ports, blacklisting packet sources, or modifying filter rules. This may allow the security device to address attacks without having to be manually rebooted or disconnected from the network.

Abstract: The present disclosure describes a combined network and physical security appliance. The appliance may be wired to or communicate with automation systems, IoT devices, physical sensors, computing devices and servers on an internal or local network, and other computing devices on an external network. By combining network security and physical security into a single device, a combination security appliance may correlate physical sensor signals with packet inspection results, providing enhanced protection against network threats to physical security systems, and physical protection against network threats.

Abstract: The present disclosure describes systems and methods for reducing rule set sizes via statistical redistribution throughout a plurality of network security appliances. A rule set may be generated for each security appliance that includes (i) a first set of rules based on known attacks, identified as rules for mandatory inclusion in the rule set; and (ii) a subset of the second set of rules, identified as rules for potential inclusion in the rule set, selected randomly according to a distribution percentage, score, or weight for each potentially included rule. Higher scored rules, which may be more likely vectors for potential attack, may be distributed to a greater number of appliances; while lower scored rules that may be less likely or represent more speculative attacks may be distributed to fewer appliances.

Abstract: The present disclosure describes systems and methods for reducing rule set sizes via statistical redistribution throughout a plurality of network security appliances. A rule set may be generated for each security appliance that includes (i) a first set of rules based on known attacks, identified as rules for mandatory inclusion in the rule set; and (ii) a subset of the second set of rules, identified as rules for potential inclusion in the rule set, selected randomly according to a distribution percentage, score, or weight for each potentially included rule. Higher scored rules, which may be more likely vectors for potential attack, may be distributed to a greater number of appliances; while lower scored rules that may be less likely or represent more speculative attacks may be distributed to fewer appliances.

Abstract: The present disclosure describes a combined network and physical security appliance. The appliance may be wired to or communicate with automation systems, IoT devices, physical sensors, computing devices and servers on an internal or local network, and other computing devices on an external network. By combining network security and physical security into a single device, a combination security appliance may correlate physical sensor signals with packet inspection results, providing enhanced protection against network threats to physical security systems, and physical protection against network threats.

Abstract: A security appliance may incorporate a touch screen or similar input/output interface, providing command and control over network functionality and configuration, without requiring log in via a network from another computing device. During denial of service attacks, commands from the local interface may be given priority access to processing resources and memory, allowing mitigating actions to be taken, such as shutting down ports, blacklisting packet sources, or modifying filter rules. This may allow the security device to address attacks without having to be manually rebooted or disconnected from the network.