Patents Assigned to Radware Ltd.
-
Publication number: 20140068073Abstract: A system for computing an optimal deployment of at least one web application in a multi-datacenter system comprising a collector for collecting performance measurements with regard to a web application executed in the multi-datacenter system and grouping the performance measurements according to locations of a plurality of clients accessing the web application; a data repository for maintaining at least a performance table including at least the performance measurements grouped according to the plurality of client locations and a service level agreement (SLA) guaranteed to clients in the plurality of client locations; and an analyzer for processing at least information stored in the performance table for generating a recommendation on an optimal deployment of the web application in at least one combination of datacenters in the multi-datacenter system by computing an expected SLA that can be guaranteed to the clients in each combination of datacenters.Type: ApplicationFiled: November 13, 2013Publication date: March 6, 2014Applicant: RADWARE, LTD.Inventors: Amir Peles, Shy Marom
-
In-line network device for storing application-layer data, processing instructions, and/or rule sets
Patent number: 8612585Abstract: A network device located in the data path between a user computer and a server stores application data, processing instructions, and/or rule sets. By storing user computer-specific application data, processing instructions, and/or rule sets in the data path between the user computer and the server, the invention reduces the complexity of the web server, improves the handling of server failure, and increases the overall scalability and performance of the system.Type: GrantFiled: September 6, 2011Date of Patent: December 17, 2013Assignee: Radware, Ltd.Inventor: Kent Alstad -
Patent number: 8589558Abstract: A system for computing an optimal deployment of at least one web application in a multi-datacenter system comprising a collector for collecting performance measurements with regard to a web application executed in the multi-datacenter system and grouping the performance measurements according to locations of a plurality of clients accessing the web application; a data repository for maintaining at least a performance table including at least the performance measurements grouped according to the plurality of client locations and a service level agreement (SLA) guaranteed to clients in the plurality of client locations; and an analyzer for processing at least information stored in the performance table for generating a recommendation on an optimal deployment of the web application in at least one combination of datacenters in the multi-datacenter system by computing an expected SLA that can be guaranteed to the clients in each combination of datacenters.Type: GrantFiled: May 9, 2011Date of Patent: November 19, 2013Assignee: Radware, Ltd.Inventors: Amir Peles, Shy Marom
-
Publication number: 20130283374Abstract: A method and system for separation of traffic processing in a software defined network (SDN). The method comprises allocating a first group of computing resources of a computing farm to a trusted zone and a second group of computing resources to an un-trusted zone; assigning the computing resources in the first group to a first ADC and the computing resources in the second group with a second ADC; triggering a zoning mode in the computing frame to mitigate a potential cyber-attack; and causing at least one network element in the SDN to divert traffic from a trusted client to the first group of computing resources and traffic from an un-trusted client to the second group of computing resources based on a plurality of zoning rules implemented by the at least one network element.Type: ApplicationFiled: January 17, 2013Publication date: October 24, 2013Applicant: RADWARE, LTD.Inventors: Yehuda ZISAPEL, Avi CHESLA, Shay NAEH, David AVIV, Ehud DORON
-
Publication number: 20130283373Abstract: A system and method for separation of traffic processing in a computing farm. The method comprises allocating a first group of computing resources of the computing farm to a trusted zone and a second group of computing resources to an un-trusted zone, wherein the computing resources in the first group are allocated to ensure at least service-level agreements (SLA) guaranteed to a group of trusted clients; determining, based on a plurality of security risk indication parameters, if a client associated with an incoming traffic is a trusted client or an un-trusted client; forwarding the incoming traffic to the second group of computing resources when the client is determined to be an un-trusted client; and diverting the incoming traffic to the first group of computing resources when the client is determined to be a trusted client, thereby ensuring at least the SLA guaranteed to the trusted client.Type: ApplicationFiled: January 17, 2013Publication date: October 24, 2013Applicant: RADWARE, LTD.Inventors: Yehuda ZISAPEL, Avi CHESLA, Shay NAEH, David AVIV
-
Patent number: 8566936Abstract: A method and system for protecting a protected entity using a multi-dimensional protection surface are provided. According to various embodiments, the multi-dimensional protection surface is generated by correlating multiple inputs related to the at least one detected attack. The inputs include at least one input identifying the detected attack and another input identifying each attack tool that performs the detected attack. The generated protection multi-dimensional surface includes protection points, where each such point defines at least one attack mitigation action to mitigate the detected attack.Type: GrantFiled: November 29, 2011Date of Patent: October 22, 2013Assignee: Radware, Ltd.Inventor: Avi Chesla
-
Publication number: 20130268646Abstract: A method for managing an application delivery controller (ADC) cluster operable in a software defined networking (SDN)-based network and including a plurality of ADC virtual appliances (VAs). The method comprises creating, by a central controller, a hash table including a plurality of buckets allocated to active VAs out of the plurality of VAs, each bucket is assigned to a range of a source internet protocol (IP) addresses of a client; and programming by the central controller at least one ingress network element connected to the ADC cluster and receive incoming traffic from clients to perform a balanced incoming traffic distribution among the plurality of VAs, wherein the traffic distribution is based in part on the allocation of the buckets to the plurality of VAs and the SIP addresses of the clients originating the incoming traffic. The plurality of VAs are virtual ADC instances operable i the plurality of physical devices.Type: ApplicationFiled: April 4, 2013Publication date: October 10, 2013Applicant: Radware, Ltd.Inventors: Ehud DORON, Masato Sekiguchi
-
Publication number: 20130254879Abstract: A method and security system for detecting and mitigating encrypted denial-of-service (DoS) attacks. The system includes a DoS defense (DoSD) module configured to detect an encrypted DoS attack in an inbound traffic by analyzing attributes only in the inbound traffic that relate to at least one of a network layer and an application layer, wherein the DoSD module is further configured to mitigate a detected encrypted attack, the inbound traffic originates at a client and is addressed to a protected server; and a cryptographic protocol engine (CPE) configured to establish a new encrypted session between the client and the security system, decrypt requests included in the inbound traffic, and send encrypted responses to the client over the new encrypted session between the client and the security system.Type: ApplicationFiled: March 21, 2012Publication date: September 26, 2013Applicant: RADWARE, LTD.Inventors: Avi Chesla, Yosefa Shulman, Ziv Ichilov, Iko Azoulay
-
Patent number: 8510834Abstract: A distributed security system wherein intelligent security agents (i.e., agent devices) share security incident information between themselves via a controller. An adaptive security decision making involving network worms (non-SMTP worms) and DoS floods attacks is also described; wherein the Worms and DoS flood digital signatures are generated to assist in intrusion prevention process.Type: GrantFiled: October 9, 2007Date of Patent: August 13, 2013Assignee: Radware, Ltd.Inventor: Avi Chesla
-
Patent number: 8510400Abstract: An acceleration engine that stores context data is operatively disposed between a network and at least one web server. Incoming requests from the network are inspected by the acceleration engine and passed on to the web server. If the inspection reveals a reference to context data, the acceleration engine retrieves the context data and asynchronously sends the context data to the web server. The web server synchronizes that request and context data and generates a response message accordingly. The response message is forwarded back to the initiator of the request with or without interception by the acceleration engine. Should context data be generated during processing of the request, such context data is sent to the acceleration engine for updating purposes.Type: GrantFiled: January 30, 2012Date of Patent: August 13, 2013Assignee: Radware Ltd.Inventor: Kent Alstad
-
Patent number: 8484374Abstract: A network management system, device and method for managing a computer network. The device is connected to the Internet through a plurality of routes, wherein the plurality of routes are assigned with respective IP addresses. The device includes a controller receiving a DNS resolution query from a remote computer for a domain name within the computer network, selecting one of the plurality of routes connecting the device to the Internet, and responding to the DNS resolution query with an IP address associated with the selected route. The IP address is used for resolution of the domain name.Type: GrantFiled: August 3, 2012Date of Patent: July 9, 2013Assignee: Radware, Ltd.Inventors: Roy Zisapel, Amir Peles, Smadar Fuks
-
Publication number: 20130139214Abstract: A method and system for protecting a protected entity using a multi-dimensional protection surface. The method comprises detecting at least one potential attack against the protected entity in incoming data traffic directed to the protected entity; detecting a type of each attack tool committing the at least one potential attack; generating a multi-dimensional protection surface by correlating a plurality of inputs related to the at least one detected attack, wherein the plurality of inputs include at least a first input identifying the at least one detected attack and a second input identifying each attack tool that performs the at least one detected attack, wherein the protection multi-dimensional surface includes at least one protection point that defines at least one attack mitigation action to mitigate the at least one detected attack; and executing the at least one attack mitigation action defined in the multi-dimensional protection surface.Type: ApplicationFiled: November 29, 2011Publication date: May 30, 2013Applicant: RADWARE, LTD.Inventor: Avi CHESLA
-
Patent number: 8447855Abstract: A method for preventing session initiation protocol (SIP) attacks is provided. The method includes receiving a plurality of SIP response messages comprising at least one pre-defined SIP response code, and extracting at least one user identifier from the plurality of SIP response messages. The method further includes computing at least one of a frequency of the plurality of SIP response messages and a count of the plurality of SIP response messages corresponding to each user identifier of the at least one user identifier. The method further includes calculating a degree of attack corresponding to each user identifier using at least one of the frequency and the count. The method further includes determining a monitoring interval for each user identifier based upon the degree of attack for monitoring the plurality of SIP response messages. An apparatus and a computer program product for preventing SIP attacks are also provided.Type: GrantFiled: August 8, 2007Date of Patent: May 21, 2013Assignee: Radware, Ltd.Inventor: Avi Chesla
-
Publication number: 20130054813Abstract: A method for an assisted live migration of virtual machines is disclosed. The method comprises receiving an assist request for assisting in a migration of a virtual machine, wherein the assist request includes at least a comfort load level; determining a current load of the virtual machine to be migrated; comparing the current load to the comfort load level; reducing a load on the virtual machine to be migrated until the current load is lower than the comfort load level; and initiating a live migration of the virtual machine to be migrated when the current load is lower than the comfort load level.Type: ApplicationFiled: August 21, 2012Publication date: February 28, 2013Applicant: RADWARE, LTD.Inventors: Samuel BERCOVICI, Gilad ZLOTKIN
-
Publication number: 20130055260Abstract: A method for workload balancing among a plurality of physical machines hosting a plurality of virtual machines (VMs) is disclosed. The method comprises periodically measuring a utilization of each hardware resource in each of the plurality of physical machines; computing a resource utilization score for each hardware resource based on its respective measured utilization; computing a total physical machine utilization score for each physical machine based on the computed resource utilization scores of its respective resources; and upon reception of a client request corresponding to a software application, selecting one physical machine of the plurality of physical machines to serve the client request, wherein the selection is based on the computed total physical machine utilization.Type: ApplicationFiled: August 21, 2012Publication date: February 28, 2013Applicant: RADWARE, LTD.Inventor: Gilad ZLOTKIN
-
Publication number: 20120303784Abstract: A network management system, device and method for managing a computer network. The device is connected to the Internet through a plurality of routes, wherein the plurality of routes are assigned with respective IP addresses. The device includes a controller receiving a DNS resolution query from a remote computer for a domain name within the computer network, selecting one of the plurality of routes connecting the device to the Internet, and responding to the DNS resolution query with an IP address associated with the selected route. The IP address is used for resolution of the domain name.Type: ApplicationFiled: August 3, 2012Publication date: November 29, 2012Applicant: RADWARE, LTD.Inventors: Roy ZISAPEL, Amir PELESS, Smadar FUKS
-
Patent number: 8266319Abstract: A network management system, device and method for managing a computer network. The device is connected to the Internet through a plurality of routes, wherein the plurality of routes are assigned with respective IP addresses. The device includes a controller receiving a DNS resolution query from a remote computer for a domain name within the computer network, selecting one of the plurality of routes connecting the device to the Internet, and responding to the DNS resolution query with an IP address associated with the selected route. The IP address is used for resolution of the domain name.Type: GrantFiled: June 2, 2003Date of Patent: September 11, 2012Assignee: Radware, Ltd.Inventors: Roy Zisapel, Amir Peles, Smadar Fuks
-
Publication number: 20120226810Abstract: A virtualized application delivery controller (ADC) device operable in a communication network comprises a hardware infrastructure including at least a memory, a plurality of core processors, and a network interface; a plurality of instances of virtual ADCs (vADCs), the plurality of vADCs are executed over the hardware infrastructure, each of the plurality of vADCs utilizes a portion of hardware resources of the hardware infrastructure, the portion of hardware resources are determined by at least one ADC capacity unit allocated for each of the plurality of the vADCs; a management module for at least creating the plurality of instances of the vADCs; and a traffic distributor for distributing incoming traffic to one of the plurality of vADCs and scheduling execution of the plurality of vADCs on the plurality of core processors, wherein each of the plurality of vADCs is independently executed on at least one of the plurality of core processors.Type: ApplicationFiled: February 27, 2012Publication date: September 6, 2012Applicant: RADWARE, LTD.Inventors: Ilia Ferdman, Amir Peles, Uri Bechar, Gil Shulman, Giora Tenne
-
Publication number: 20120227039Abstract: A method for executing virtual application delivery controllers (vADCs) having different application versions over a computing device. The method comprises installing a virtualization infrastructure in the computing device; creating by the virtualization infrastructure a plurality of vADCs having different application versions, wherein each vADC is created from a software image maintained in a hardware infrastructure of the computing device; gathering version information associated with each of the plurality of vADCs; independently executing the plurality of vADCs over an operating system of the computing device; and controlling the execution of the plurality of the vADCs over an operating system of the computing device using the virtualization infrastructure using in part the version information. In one embodiment, each of the plurality of vADCs does not execute its own guest operating system.Type: ApplicationFiled: February 27, 2012Publication date: September 6, 2012Applicant: RADWARE, LTD.Inventors: Ilia Ferdman, Gil Shulman, Uri Bechar, Giora Tenne, Nissim Nisimov, Orit Rotem
-
Publication number: 20120136697Abstract: A system for computing an optimal deployment of at least one web application in a multi-datacenter system comprising a collector for collecting performance measurements with regard to a web application executed in the multi-datacenter system and grouping the performance measurements according to locations of a plurality of clients accessing the web application; a data repository for maintaining at least a performance table including at least the performance measurements grouped according to the plurality of client locations and a service level agreement (SLA) guaranteed to clients in the plurality of client locations; and an analyzer for processing at least information stored in the performance table for generating a recommendation on an optimal deployment of the web application in at least one combination of datacenters in the multi-datacenter system by computing an expected SLA that can be guaranteed to the clients in each combination of datacenters.Type: ApplicationFiled: May 9, 2011Publication date: May 31, 2012Applicant: Radware, Ltd.Inventors: Amir Peles, Shy Marom