Abstract: Systems and devices, and methods operable therein, to provide lossless broadband communications, via the Internet, between a Customer Premises Equipment (CPE) device and a Provider Edge (PE) Router associated with a Virtual Private Network.

Abstract: The present disclosure generally provides systems and methods of network security and threat management. An exemplary system includes detection and prevention modules (DPM) designed specifically to collect and transmit suspicious binary network packet data. The collected network packets are sent to a behavioral correlation module to perform automatic behavioral correlation: (1) within each DPM, (2) across all DPMs installed on a network, and (3) across all DPMs installed on all networks. The results of the behavioral correlation are sent to a security dashboard module (SDM), which generally acts as a fully integrated Security Event Management system and collects, correlates, and prioritizes global network alerts, local network alerts, posted vendor alerts, and detected network vulnerabilities with enterprise assets. The SDM could display the results in a user-friendly graphical user interface and has the ability to perform geographic mapping of externally generated threats.

Abstract: The disclosed embodiments include a method for receiving data packets at a host system. In one embodiment, the method includes the steps of: intercepting a data packet, at a data link layer, that is being sent to an input/output (I/O) port of the host system using a hardware device that is located between a hardware network interface and the input/output port of the host system; reading, using the hardware device, at least one parameter from the data packet; determining, by the hardware device using instructions written in memory of the hardware device, whether the at least one parameter meets an authentication criteria, wherein the host system is unable to write to the memory of the hardware device; and in response to determining that the at least one parameter meets an authentication criteria, forwarding, by the hardware device, the data packet to the input/output port of the host system.

Abstract: Systems and methods for keyed communication tokens. A method may include receiving a key and a seed at a computing device, calculating a pseudo-random value based, at least in part, upon the seed, creating a concatenated string using the key and the pseudo-random value, hashing the concatenated string into a token, and adding the token to a user agent issued by a web browser as part of a command transmitted by the computing device. A computer system may be configured to identify a key and a seed, generate a pseudo-random value using the seed, create a concatenated string using the key and the pseudo-random value, hash the concatenated string into a token, and allow a web command in response to the web command including a user agent having the token or block the web command in response to the web command not including a user agent having the token.

Abstract: Systems and methods of detecting emergent behaviors in communications networks are disclosed. In some embodiments, a method may include decomposing a plurality of data packets into a plurality of component data types associated with a candidate alert representing a potential security threat in a network. The method may also include retrieving, from a database, a count for each of a plurality of historical data types matching at least a subset of the component data types, each of the counts quantifying an amount of data of a corresponding historical data type previously detected in the network in a given time period. The method may further include calculating a score that indicates a discrepancy between an amount of data in each of the subset of the component data types and the counts for each corresponding historical data type in the same time period, and handling the candidate alert based upon the score.

Abstract: The present disclosure generally provides systems and methods of packet object database management. The database management system includes a database server designed specifically to process binary network packet data. The database server is associated with a parser, query engine, retrieval engine, virtual machine, data manger, and file processor. The database management system uses a proprietary query language to support all accesses to the database. The parser identifies whether the query is a data management query or if it is a data retrieval instruction. If the query is a data management query, the data manager manages the query request and attempts to satisfy the query request. Otherwise, query engine could further analyze or parse the query into a particular query structure or sub-structures to attempt to satisfy the query request.

Abstract: A method of evaluating the performance of a network at an edge device of a provider network includes receiving a plurality of packets associated with a plurality of customers and copying the header information for each of the plurality of packets. The method also includes identifying one of the plurality of customers for each of the plurality of packets and storing the header information for each of the plurality of packets in a database associated with the identified customer.

Abstract: The invention has a general objective of mapping applications that generate packets to a QoS policy on a packet routed network, such as an IP network, and automatically generating and/or changing the configuration of network elements, such as routers, to treat packets from the application according to the QoS policy. In accordance with a preferred embodiment of the present invention, high-level descriptions of applications and quality of service (QoS) treatment, for example, are automatically translated into low-level QoS configurations for routers. Application profiles specifying how traffic for those applications should be treated can be specified by those without detailed technical knowledge and QoS configurations automatically created for download onto customer premises equipment and, if necessary, also to access and backbone networks.

Abstract: The invention has a general objective of mapping applications that generate packets to a QoS policy on a packet routed network, such as an IP network, and automatically generating and/or changing the configuration of network elements, such as routers, to treat packets from the application according to the QoS policy. In accordance with a preferred embodiment of the present invention, high-level descriptions of applications and quality of service (QoS) treatment, for example, are automatically translated into low-level QoS configurations for routers. Application profiles specifying how traffic for those applications should be treated can be specified by those without detailed technical knowledge and QoS configurations automatically created for download onto customer premises equipment and, if necessary, also to access and backbone networks.