Abstract: A system and method for real-time tuning of inference systems based on quality of incoming data. The method comprises: periodically receiving traffic data collected by a plurality of collectors deployed in a network; determining at least a normalized variance of a current sample of the received traffic data; estimating, based in part on the normalized variance, a standard deviation of the received traffic data and a fading coefficient of a baseline filter; determining a current baseline value based on a previous baseline value, the fading coefficient, and the current sample of the traffic data; and dynamically setting at least one membership function of the inference system based in part on the current baseline value and the standard deviation.

Abstract: A crowdsourcing log analysis system and methods for protecting computers and networks from malware attacks by analyzing data log information obtained from a plurality of client network. The client networks are associated with a set of network entities representing a plurality of business units or customers. The system may further comprise a plurality of server machines, each operable to execute a security product associated with a security product vendor and log associated information of at the network entities into at least one log file. The log files may be uploaded onto a breach detection platform for analysis based upon crowdsourcing principles and is operable to generate a risk factor attribute for at least one suspect entity.

Abstract: A method and system for configuring a behavioral network intelligence system using a network monitoring programming language are provided. The method includes defining at least one target of a traffic segment to be monitored using at least one application path attribute of an application, wherein the application is accessed via at least one user device connected to a network, wherein the at least one application path attribute is defined respective of an application path keyword and an application path assessment keyword; and defining at least one condition representing the behavior of the at least one application path attribute of the application, the at least one target and the at least one condition can be interpreted by a monitoring system to allow for determining a behavioral impact of the application on the network.

Abstract: In a client/server environment, rendering of web-based content is separated into two phases, so as to improve the applicability of HTML response caching. Static portion(s) of a web page are cached and delivered immediately in response to an HTTP request, concurrently with sending a request for a full page and extracting dynamic portion(s) therefrom. Dynamic portion(s) are filled in at the client as they become available. The system and method of the present invention enable optimization of the user experience to occur without requiring any recoding of the original page content.

Abstract: A method, host machine, and a virtual network for distributing application delivery controller services in a virtual network are presented. The method includes activating a first application delivery controller (ADC) agent on at least a first host machine of a plurality of host machines included in the virtual network, wherein the first host machine is configured to host at least one client; intercepting, by the first ADC agent, a request from the at least one client, wherein the request is for a service provided by one server of a plurality of servers hosted by the plurality of host machines; selecting, by the first ADC agent, a server of the plurality of servers to serve the request; forwarding, by the first ADC agent, the intercepted request to the selected server; and relaying a response to the intercepted request received from the selected server to the at least one client.

Abstract: A method and system for controlling multi-tiered mitigation of cyber-attacks.

Abstract: A method and system for mitigating of cyber-attacks in a software defined network (SDN) are presented. The method comprises operating a central controller and the SDN in a peace mode; monitoring traffic addressed to at least one destination server to detect at least an attack performed against the at least one destination server; switching an operation of the central controller to an attack mode, upon detection of an attack against the at least one destination server; and instructing, by the central controller, network elements of the SDN to divert all suspicious incoming traffic addressed to the at least one destination server to a security server, thereby mitigating the detected attack.

Abstract: A method and system for operating protection services to provide defense against cyber-attacks. The comprises generating a workflow scheme assigned to at least one protected entity, wherein the workflow scheme includes at least one operation regimen and triggering criteria associated with the at least one operation regimen; monitoring at least a plurality of protection resources to detect at least one trigger event; determining if the at least one detected trigger event satisfies the triggering criteria associated with the at least one operation regimen; and changing a state of the at least one operation regimen when the at least one detected trigger event satisfies the at least one triggering criterion, thereby causing provisioning and operating of at least one protection resource of the plurality of protection resources, wherein the provisioning is based on contents defined in the at least one operation regimen.

Abstract: An optimizer for messaging systems learns the purpose and context of each message and combines that information with knowledge of the specific client that will be rendering the response, such as a specific HTML browser. Any of a number of optimization factors can be applied, singly or in any combination. Messages are analyzed offline until a configurable threshold is reached, indicating that enough data has been sampled to develop a valid instruction set, to be applied to the responses that a server generates for a particular request. Responses are parsed into tokens and instructions for each type of token are compiled into instruction sets that are stored. These instructions sets continue to be iteratively improved as more data is collected, until the configurable sampling threshold is reached.

Abstract: A method and system for optimizing segregation between human-operated clients and machine-operated clients accessing computing resources are provided. The method comprises receiving, from a client, an authentication request, wherein the authentication request is received in response to a redirect request sent from a remote server to the client; dynamically selecting at least one authentication challenge from a plurality of different authentication challenges; sending the at least one generated authentication challenge to the client; determining whether a notification call is received from the client during a predefined time interval; and upon receiving the notification call during the predefined time interval, confirming that the client passes the authentication challenge, wherein a client that passes the authentication challenge is a human-operated client.

Abstract: A method and system for controlling multi-tiered mitigation of cyber-attacks.

Abstract: A method and system for load balancing over a cluster of authentication, authorization and accounting (AAA) servers. The method performs a distribution of AAA requests among AAA servers having an active AAA connection with an AAA client. The method includes establishing TCP connections with a plurality of AAA servers, using a TCP connection request received from at least one AAA client; opening AAA connections with a plurality of AAA servers, using an AAA connection request received from at least one AAA client, and distributing AAA requests to AAA servers with an active AAA connection according to a predefined load balancing algorithm. The invention is further capable of multiplexing outbound messages and requests received from a plurality of AAA servers. The AAA protocol supported by the invention includes, but is not limited to, a Diameter protocol, a lightweight directory access protocol (LDAP), and the likes.

Abstract: A method and system for an assisted live migration of virtual machines are provided. The method monitoring, by an advisory server, at least a workload of physical machines in a datacenter; determining if at least one physical machine is overloaded based on the monitored workload; for each of the at least one physical machine determined to be overloaded, selecting at least one virtual machine resides in the respective physical machine, wherein the selection is based at least on a current load of the virtual machine; and initiating a live migration of the selected virtual machine when the current load is lower than a comfort load level.

Abstract: A method and system for detecting attacks performed using a cryptographic protocol are presented. The method includes upon receiving an indication about a potential attack, establishing an encrypted connection with a client device using the cryptographic protocol; receiving an inbound traffic from the client device, wherein the inbound traffic is originally directed to a protected entity; analyzing the inbound traffic received on the encrypted connection to detect at least one encrypted attack; and causing to establish a new encrypted connection between the client device and the protected entity, when the at least one encrypted attack at the application layer has not been detected.

Abstract: A method for providing value added services (VAS) in a software defined network (SDN). The method comprises determining which value added services and their order should be assigned to an incoming traffic; determining for each of the one or more value added services their respective servers providing the value added services and assigning a unique diversion value to each server; instructing at least one peer network element to set a diversion field in each packet in the incoming traffic with a diversion value corresponding to a server providing a first value added service of the one or more value added services; and instructing each edge network element to set the diversion field of each packet output by the server to designate a destination node for the packet, wherein the destination node is any one of the destination server and a server providing a subsequent value added service.

Abstract: Systems and methods for protecting at least one client from becoming part of at least one botnet by monitoring and analyzing botnet communications to and from criminal servers and identifying at least one botnet attack on at least one client. The system may comprise virtual machines deliberately infected with malicious content and operable to record botnet communications to and from criminal servers. The virtual machines are in communication with a processing unit configured to index data collected. Data related to the prevalence of cyber threats may be presented to users in response to queries.

Abstract: A method for spooling diameter transactions is provided. The method comprises receiving from a Diameter client a Diameter request message; determining based in part on a type of the received request message if the received request message should be spooled; determining if a current transaction rate exceeds a predefined spooling threshold, if the received request message should be spooled; and queuing the received request message if the current transaction rate exceeds the spooling threshold.

Abstract: A method for predicative traffic steering over a software defined network (SDN). The method includes programming network elements in the SDN to forward an incoming traffic flow to an application-layer analysis device; receiving application-layer analysis results from the application-layer analysis device, wherein the application-layer analysis results provide association between at least one network-layer parameter, at least one application-layer parameter, and at least one application-layer service associated with the at least one application-layer parameter; and steering subsequent incoming traffic flows to at least one server configured to provide the at least one application-layer service based on the application-layer analysis results.

Abstract: HTTP responses are accelerated to optimize performance and response time when presenting content in a client/server environment. An optimization technique allows a client to begin requesting additional resources and/or rendering content before the entire response is completed on the server. When a request is received at a proxy device, the proxy device transmits, to the client, links to external resources that will be needed to render the page. This allows the client to begin obtaining external resources before the remaining content is sent to the client, and even before the content has been fully composed by the server, thus improving response time and overall performance.

Abstract: Viewing of web pages is improved by prioritizing image rendering based on positioning of images within a web page. For example, for images that are likely to be initially viewable upon presentation of the web page (i.e., prior to scrolling), compressed proxy versions are made available so that the images can be transferred and rendered more quickly. These compressed proxy images are later replaced with better quality renderings of the same images. Fetching of images that are not initially visible can be deferred until after other, more important page resources are loaded. Prioritization of page loading in this manner helps to ensure that the page becomes operational earlier, resulting in improved perceived speed and responsiveness, and greater ease of navigation.