Abstract: A method and system for separation of traffic processing in a software defined network (SDN). The method comprises allocating a first group of computing resources of a computing farm to a trusted zone and a second group of computing resources to an un-trusted zone; assigning the computing resources in the first group to a first ADC and the computing resources in the second group with a second ADC; triggering a zoning mode in the computing frame to mitigate a potential cyber-attack; and causing at least one network element in the SDN to divert traffic from a trusted client to the first group of computing resources and traffic from an un-trusted client to the second group of computing resources based on a plurality of zoning rules implemented by the at least one network element.

Abstract: A mechanism for achieving resiliency and load balancing for SIP application services and, in particular, in geographic distributed sites. A method performs a distribution of SIP requests among SIP servers, where at least two sites with a load balancer in each site is configured. The method includes receiving a SIP request by a first load balancer in a first site; determining whether the SIP request should be redirected to a second site; and redirecting the SIP request to an address of a second load balancer in the second site. The invention also includes a SIP proxy including a receiving unit receiving SIP requests; a load balancing unit distributing SIP requests between SIP entities; and a health monitoring unit verifying availability of the SIP entities. The SIP proxy may further be configured with a proximity measuring unit determining a proximity to a SIP entity.

Abstract: A system and method for separation of traffic processing in a computing farm. The method comprises allocating a first group of computing resources of the computing farm to a trusted zone and a second group of computing resources to an un-trusted zone, wherein the computing resources in the first group are allocated to ensure at least service-level agreements (SLA) guaranteed to a group of trusted clients; determining, based on a plurality of security risk indication parameters, if a client associated with an incoming traffic is a trusted client or an un-trusted client; forwarding the incoming traffic to the second group of computing resources when the client is determined to be an un-trusted client; and diverting the incoming traffic to the first group of computing resources when the client is determined to be a trusted client, thereby ensuring at least the SLA guaranteed to the trusted client.

Abstract: A system, method and device for providing connection resiliency. The method including maintaining, by a first proxy, a TCP connection with a TCP client and a TCP connection with a TCP server through one or more TCP networks; maintaining information of both TCP connections by a forwarding component between the TCP networks and the first proxy; establishing, by the forwarding component, a new TCP connection with a second proxy for each of the TCP connections maintained by the first proxy; and forwarding data, to and from both the client and the server, to and from the second proxy without disconnection of the TCP connections of the TCP client and TCP server.

Abstract: A method for mitigating of denial of service (DoS) attacks in a software defined network (SDN). The method comprises receiving a DoS attack indication performed against at least one destination server; programming each network element in the SDN to forward a packet based on a diversion value designated in a packet diversion field, upon reception of the DoS attack indication; instructing at least one peer network element in the SDN to mark a diversion field in each packet in the incoming traffic addressed to the destination server to allow diversion of the packet to a security server; and instructing edge network elements in the SDN to unmark the diversion field of each packet output by the security server, wherein each network element in the SDN is programmed to forward the unmarked packets processed by the security server to the at least one destination server.

Abstract: A method and system for configuring a behavioral network intelligence system using a network monitoring programming language are provided. The method includes defining at least one target of a traffic segment to be monitored using at least one application path attribute of an application, wherein the application is accessed via at least one user device connected to a network, wherein the at least one application path attribute is defined respective of an application path keyword and an application path assessment keyword; and defining at least one condition representing the behavior of the at least one application path attribute of the application, the at least one target and the at least one condition can be interpreted by a monitoring system to allow for determining a behavioral impact of the application on the network.

Abstract: A method and system for determining the behavioral impact of applications and their respective users on a network carrier are provided. The method includes receiving data collected by at least one deep packet inspection (DPI) engine; classifying the received data at least per an application path respective of each of the applications; generating an application path profile data structure using the collected data; and generating, responsive to at least one behavioral rule, at least one degree of fulfillment (DoF) for the application path based on contents of the application path profile data structure, wherein the at least DoF defines an association of the application path with at least one behavior group, wherein the behavior group determines the behavioral impact of an application represented by the application path.

Abstract: A method and system for an assisted live migration of virtual machines are provided. The method monitoring, by an advisory server, at least a workload of physical machines in a datacenter; determining if at least one physical machine is overloaded based on the monitored workload; for each of the at least one physical machine determined to be overloaded, selecting at least one virtual machine resides in the respective physical machine, wherein the selection is based at least on a current load of the virtual machine; and initiating a live migration of the selected virtual machine when the current load is lower than a comfort load level.

Abstract: A method for performing an escalation security policy in a software defined network (SDN) includes receiving at least one attack indication performed against at least one destination server; upon determination that an attack is being performed against the at least one destination server, for each client sending traffic to the at least one destination server: determining a risk state for a user of the each client; obtaining an escalation security policy respective of the determined risk state of the user, wherein the escalation security policy defines a sequence of at least one challenge action for challenging the each client, an order and at least one condition for execution of the sequence of at least one challenge action; and causing network elements of the SDN to divert incoming traffic from the each client to security servers connected to the SDN and configured to perform the at least one challenge action.

Abstract: A method for an assisted live migration of virtual machines is disclosed. The method comprises receiving an assist request for assisting in a migration of a virtual machine, wherein the assist request includes at least a comfort load level; determining a current load of the virtual machine to be migrated; comparing the current load to the comfort load level; reducing a load on the virtual machine to be migrated until the current load is lower than the comfort load level; and initiating a live migration of the virtual machine to be migrated when the current load is lower than the comfort load level.

Abstract: A method and system for detecting and mitigating attacks performed using a cryptographic protocol are provided. The method comprises establishing an encrypted connection with the client using the cryptographic protocol, upon receiving an indication about a potential attack; receiving an inbound traffic from a client, wherein the inbound traffic is originally directed to a protected entity; analyzing application layer attributes of only the inbound traffic received on the encrypted connection to detect at least one encrypted attack; and causing to establish a new encrypted connection between the client and the protected entity, if the at least one encrypted attack at the application layer has not been detected.

Abstract: A method and network device for managing a multi-homed network are provided. The method comprises receiving a request from a client within a client computer network directed to a remote server computer within a remote computer network, wherein the client and the remote server computer are connected through a plurality of data routes, each of the plurality of data routes is connected to a router; selecting a data route from the plurality of data routes to route the received request, wherein the selection of the data route is based on a decision function; translating a source IP address of the client to an IP address corresponding to the selected data route; and routing the received request from the client to the remote server computer over the selected data route.

Abstract: A method for efficient mitigation of denial of service (DoS) attacks in a virtual network. The method maintains a security service level agreement (SLA) guaranteed to protected objects. The method comprises ascertaining that a denial of service (DoS) attack is performed in the virtual network; checking if the DoS attack affects at least one physical machine hosting at least one protected object, wherein the protected object is provisioned with at least a guaranteed security service level agreement (SLA); determining, by a central controller of the virtual network, an optimal mitigation action to ensure the at least one security SLA guaranteed to the least one protected object; and executing the determined optimal mitigation action to mitigate the DoS attack, wherein the optimal mitigation action is facilitated by means of resources of the virtual network.

Abstract: A method and security system for detecting and mitigating encrypted denial-of-service (DoS) attacks. The system includes a DoS defense (DoSD) module configured to detect an encrypted DoS attack in an inbound traffic by analyzing attributes only in the inbound traffic that relate to at least one of a network layer and an application layer, wherein the DoSD module is further configured to mitigate a detected encrypted attack, the inbound traffic originates at a client and is addressed to a protected server; and a cryptographic protocol engine (CPE) configured to establish a new encrypted session between the client and the security system, decrypt requests included in the inbound traffic, and send encrypted responses to the client over the new encrypted session between the client and the security system.

Abstract: A method for spooling diameter transactions is provided. The method comprises receiving from a Diameter client a Diameter request message; determining based in part on a type of the received request message if the received request message should be spooled; determining if a current transaction rate exceeds a predefined spooling threshold, if the received request message should be spooled; and queuing the received request message if the current transaction rate exceeds the spooling threshold.

Abstract: A system for computing an optimal deployment of at least one web application in a multi-datacenter system comprising a collector for collecting performance measurements with regard to a web application executed in the multi-datacenter system and grouping the performance measurements according to locations of a plurality of clients accessing the web application; a data repository for maintaining at least a performance table including at least the performance measurements grouped according to the plurality of client locations and a service level agreement (SLA) guaranteed to clients in the plurality of client locations; and an analyzer for processing at least information stored in the performance table for generating a recommendation on an optimal deployment of the web application in at least one combination of datacenters in the multi-datacenter system by computing an expected SLA that can be guaranteed to the clients in each combination of datacenters.

Abstract: A network device located in the data path between a user computer and a server stores application data, processing instructions, and/or rule sets. By storing user computer-specific application data, processing instructions, and/or rule sets in the data path between the user computer and the server, the invention reduces the complexity of the web server, improves the handling of server failure, and increases the overall scalability and performance of the system.

Abstract: A system for computing an optimal deployment of at least one web application in a multi-datacenter system comprising a collector for collecting performance measurements with regard to a web application executed in the multi-datacenter system and grouping the performance measurements according to locations of a plurality of clients accessing the web application; a data repository for maintaining at least a performance table including at least the performance measurements grouped according to the plurality of client locations and a service level agreement (SLA) guaranteed to clients in the plurality of client locations; and an analyzer for processing at least information stored in the performance table for generating a recommendation on an optimal deployment of the web application in at least one combination of datacenters in the multi-datacenter system by computing an expected SLA that can be guaranteed to the clients in each combination of datacenters.

Abstract: A method and system for separation of traffic processing in a software defined network (SDN). The method comprises allocating a first group of computing resources of a computing farm to a trusted zone and a second group of computing resources to an un-trusted zone; assigning the computing resources in the first group to a first ADC and the computing resources in the second group with a second ADC; triggering a zoning mode in the computing frame to mitigate a potential cyber-attack; and causing at least one network element in the SDN to divert traffic from a trusted client to the first group of computing resources and traffic from an un-trusted client to the second group of computing resources based on a plurality of zoning rules implemented by the at least one network element.

Abstract: A system and method for separation of traffic processing in a computing farm. The method comprises allocating a first group of computing resources of the computing farm to a trusted zone and a second group of computing resources to an un-trusted zone, wherein the computing resources in the first group are allocated to ensure at least service-level agreements (SLA) guaranteed to a group of trusted clients; determining, based on a plurality of security risk indication parameters, if a client associated with an incoming traffic is a trusted client or an un-trusted client; forwarding the incoming traffic to the second group of computing resources when the client is determined to be an un-trusted client; and diverting the incoming traffic to the first group of computing resources when the client is determined to be a trusted client, thereby ensuring at least the SLA guaranteed to the trusted client.