Abstract: A system for computing an optimal deployment of at least one web application in a multi-datacenter system comprising a collector for collecting performance measurements with regard to a web application executed in the multi-datacenter system and grouping the performance measurements according to locations of a plurality of clients accessing the web application; a data repository for maintaining at least a performance table including at least the performance measurements grouped according to the plurality of client locations and a service level agreement (SLA) guaranteed to clients in the plurality of client locations; and an analyzer for processing at least information stored in the performance table for generating a recommendation on an optimal deployment of the web application in at least one combination of datacenters in the multi-datacenter system by computing an expected SLA that can be guaranteed to the clients in each combination of datacenters.

Abstract: A method and system for protecting a protected entity using a multi-dimensional protection surface are provided. According to various embodiments, the multi-dimensional protection surface is generated by correlating multiple inputs related to the at least one detected attack. The inputs include at least one input identifying the detected attack and another input identifying each attack tool that performs the detected attack. The generated protection multi-dimensional surface includes protection points, where each such point defines at least one attack mitigation action to mitigate the detected attack.

Abstract: A method for managing an application delivery controller (ADC) cluster operable in a software defined networking (SDN)-based network and including a plurality of ADC virtual appliances (VAs). The method comprises creating, by a central controller, a hash table including a plurality of buckets allocated to active VAs out of the plurality of VAs, each bucket is assigned to a range of a source internet protocol (IP) addresses of a client; and programming by the central controller at least one ingress network element connected to the ADC cluster and receive incoming traffic from clients to perform a balanced incoming traffic distribution among the plurality of VAs, wherein the traffic distribution is based in part on the allocation of the buckets to the plurality of VAs and the SIP addresses of the clients originating the incoming traffic. The plurality of VAs are virtual ADC instances operable i the plurality of physical devices.

Abstract: An acceleration engine that stores context data is operatively disposed between a network and at least one web server. Incoming requests from the network are inspected by the acceleration engine and passed on to the web server. If the inspection reveals a reference to context data, the acceleration engine retrieves the context data and asynchronously sends the context data to the web server. The web server synchronizes that request and context data and generates a response message accordingly. The response message is forwarded back to the initiator of the request with or without interception by the acceleration engine. Should context data be generated during processing of the request, such context data is sent to the acceleration engine for updating purposes.

Abstract: A distributed security system wherein intelligent security agents (i.e., agent devices) share security incident information between themselves via a controller. An adaptive security decision making involving network worms (non-SMTP worms) and DoS floods attacks is also described; wherein the Worms and DoS flood digital signatures are generated to assist in intrusion prevention process.

Abstract: A network management system, device and method for managing a computer network. The device is connected to the Internet through a plurality of routes, wherein the plurality of routes are assigned with respective IP addresses. The device includes a controller receiving a DNS resolution query from a remote computer for a domain name within the computer network, selecting one of the plurality of routes connecting the device to the Internet, and responding to the DNS resolution query with an IP address associated with the selected route. The IP address is used for resolution of the domain name.

Abstract: A method for preventing session initiation protocol (SIP) attacks is provided. The method includes receiving a plurality of SIP response messages comprising at least one pre-defined SIP response code, and extracting at least one user identifier from the plurality of SIP response messages. The method further includes computing at least one of a frequency of the plurality of SIP response messages and a count of the plurality of SIP response messages corresponding to each user identifier of the at least one user identifier. The method further includes calculating a degree of attack corresponding to each user identifier using at least one of the frequency and the count. The method further includes determining a monitoring interval for each user identifier based upon the degree of attack for monitoring the plurality of SIP response messages. An apparatus and a computer program product for preventing SIP attacks are also provided.

Abstract: A network management system, device and method for managing a computer network. The device is connected to the Internet through a plurality of routes, wherein the plurality of routes are assigned with respective IP addresses. The device includes a controller receiving a DNS resolution query from a remote computer for a domain name within the computer network, selecting one of the plurality of routes connecting the device to the Internet, and responding to the DNS resolution query with an IP address associated with the selected route. The IP address is used for resolution of the domain name.

Abstract: A system for computing an optimal deployment of at least one web application in a multi-datacenter system comprising a collector for collecting performance measurements with regard to a web application executed in the multi-datacenter system and grouping the performance measurements according to locations of a plurality of clients accessing the web application; a data repository for maintaining at least a performance table including at least the performance measurements grouped according to the plurality of client locations and a service level agreement (SLA) guaranteed to clients in the plurality of client locations; and an analyzer for processing at least information stored in the performance table for generating a recommendation on an optimal deployment of the web application in at least one combination of datacenters in the multi-datacenter system by computing an expected SLA that can be guaranteed to the clients in each combination of datacenters.

Abstract: A method for load balancing requests on a network, the method including receiving a request from a requester having a requester network address at a first load balancer having a first load balancer network address, the request having a source address indicating the requestor network address and a destination address indicating the first load balancer network address, forwarding the request from the first load balancer to a second load balancer at a triangulation network address, the request source address indicating the requester network address and the destination address indicating the triangulation network address, the triangulation network address being associated with the first load balancer network address, and sending a response from the second load balancer to the requestor at the requestor network address, the response having a source address indicating the first load balancer network address associated with the triangulation network address and a destination address indicating the first requestor ne

Abstract: Methods, systems, and computer program products for passively routing secure socket layer (SSL) encoded network traffic are disclosed. According to one aspect, a method includes passively receiving a copy of SSL encoded network traffic. Further, the method includes passively parsing the received network traffic and generating an identical copy of the network traffic such that the network traffic is not decrypted and without interfering with the network traffic. A target output network device can be selected for transmission of the identical copy of the network traffic. The identical copy of the network traffic can be transmitted from the selected target output network device.

Abstract: A method for protecting a network from an attack includes measuring a property of traffic entering the network, and analyzing the property using at least one fuzzy logic algorithm in order to detect the attack.

Abstract: A secure access system is used to connect an internal network, such as a private LAN, to an external network, such as the Internet. The system is provided with internal and external gateways, for connecting to the respective networks, as well as an inspection evaluator, content inspector, internal certificate authority, internal SSL terminator and external SSL initiator. Packets routed through the access system are inspected before they are forwarded from one gateway to the other, except those packets of designated users of the internal network which are directly forwarded without inspection. Encrypted packets received by the access system are decrypted, inspected, and then re-encrypted before they are forwarded.

Abstract: In a communications network, a virtual rack having service modules for performing network services is provided. A pinhole that corresponds to a plurality of the service modules is created. Data packets are directed to a service processor in response to matching the data packets to the pinhole. For connection class offload, using the acceleration processor to match the connection class pinhole to the data packets and creating connection class sessions that are used for processing subsequent packets of the connection.

Abstract: A method for protecting a network from an attack includes measuring a property of traffic entering the network, and analyzing the property using at least one fuzzy logic algorithm in order to detect the attack.

Abstract: A system and method to detect and mitigate denial of service and distributed denial of service HTTP “page” flood attacks. Detection of attack/anomaly is made according to multiple traffic parameters including rate-based and rate-invariant parameters in both traffic directions. Prevention is done according to HTTP traffic parameters that are analyzed once a traffic anomaly is detected. This protection includes a differential adaptive mechanism that tunes the sensitivity of the anomaly detection engine. The decision engine is based on a combination between fuzzy logic inference systems and statistical thresholds. A “trap buffer” characterizes the attack to allow an accurate mitigation according to the source IP(s) and the HTTP request URL's that are used as part of the attack. Mitigation is controlled through a feedback mechanism that tunes the level of rate limit factors that are needed in order to mitigate the attack effectively while letting legitimate traffic to pass.

Abstract: A system and method to detect and mitigate denial of service and distributed denial of service HTTP “page” flood attacks. Detection of attack/anomaly is made according to multiple traffic parameters including rate-based and rate-invariant parameters in both traffic directions. Prevention is done according to HTTP traffic parameters that are analyzed once a traffic anomaly is detected. This protection includes a differential adaptive mechanism that tunes the sensitivity of the anomaly detection engine. The decision engine is based on a combination between fuzzy logic inference systems and statistical thresholds. A “trap buffer” characterizes the attack to allow an accurate mitigation according to the source IP(s) and the HTTP request URL's that are used as part of the attack. Mitigation is controlled through a feedback mechanism that tunes the level of rate limit factors that are needed in order to mitigate the attack effectively while letting legitimate traffic to pass.

Abstract: A method for detecting an attack in a computer network includes monitoring communication traffic transmitted over connections on the network that are associated with a stateful application protocol so as to detect respective states of the connections, and analyzing a distribution of the states so as to detect the attack.

Abstract: A system and method to detect and mitigate denial of service and distributed denial of service HTTP “page” flood attacks. Detection of attack/anomaly is made according to multiple traffic parameters including rate-based and rate-invariant parameters in both traffic directions. Prevention is done according to HTTP traffic parameters that are analyzed once a traffic anomaly is detected. This protection includes a differential adaptive mechanism that tunes the sensitivity of the anomaly detection engine. The decision engine is based on a combination between fuzzy logic inference systems and statistical thresholds. A “trap buffer” characterizes the attack to allow an accurate mitigation according to the source IP(s) and the HTTP request URL's that are used as part of the attack. Mitigation is controlled through a feedback mechanism that tunes the level of rate limit factors that are needed in order to mitigate the attack effectively while letting legitimate traffic to pass.

Abstract: The present invention provides for controlling incoming traffics on the links to an autonomous system. Incoming traffic usage for blocks of IP addresses within an autonomous system and load, congestion and capacity of the links for the incoming traffic is monitored to determine the optimal link for incoming traffic destined for a block of IP addresses. Incoming traffic for a block of IP addresses is biased towards the optimal link by configuring the border routers to announce the block of IP addresses via Border Gateway Protocol (BGP) across the non-optimal links with one or more local AS numbers pre-pended, causing the non-optimal links to look as if they are of a greater routing distance than the optimal link. In addition, outgoing traffic for a session is separately controlled by tagging the packets of the session for a specific link, causing the router to send the packet out the optimal link.