Abstract: The present disclosure relates to securely setting up mesh networks in a manner that does not require a physical network cable being attached to a wireless mesh device and that does not require transmitting unencrypted information wirelessly when a mesh network is setup. Methods and apparatus consistent with the present disclosure may allow a user to choose which mesh nodes can join a network and that user may specificity a custom profile that may include rules that may identify how mesh network identifiers are used, that identify passcodes/passphrases assigned to a particular network, may identify types of traffic that may be passed through particular 802.11 radio channels, or other parameters that may control how traffic is switched between devices in a particular wireless mesh network. This combined with dual factor verification and the use of different types of communication channels make wireless mesh networks easy to deploy and expand.

Abstract: The present disclosure distributes processing capabilities throughout different nodes in a wireless network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless network because they help minimize the need to forward communications to other nodes in the network. Apparatus and methods consistent with the present disclosure perform a function of elastic content filtering because rating information may be stored in different memories of different mesh nodes according to rules or profiles associated with a wireless mesh network as responses to requests are sent back along a route in a wireless mesh network in a manner that may not increase an amount of network traffic. When, however, network traffic dips below a threshold level, additional messages may be sent to certain mesh nodes that update rating information stored at those certain mesh nodes.

Abstract: Methods and apparatus consistent with the present disclosure may be used in environments where multiple different virtual sets of program instructions are executed by shared computing resources when different processes are performed in a virtual computing environment. Methods consistent with the present disclosure may be used to provide a form of redundancy that does not require two physically distinct computers. Such methods may use a set of physical hardware components and two or more sets of synchronized virtual gateway software. Architectural features of physical hardware components included in an apparatus consistent with the present disclosure may be abstracted from sets of virtual program code when one virtual software process backs up another virtual software process at the apparatus.

Abstract: The present disclosure is directed to analyzing received sets of computer data. Methods and apparatus consistent with the present disclosure may forecast that a received set of computer data does not include malware after allowing instructions included in that set of computer data to execute for an amount of time that does not exceed an allocated amount of time. Methods consistent with the present disclosure may instrument a set of received program code and allow instructions in that received set of program code to execute as instrumentation code collects information about the set of program code. This collected information may be compared with sets of known good data when determining whether a received set of program code is likely not to include malware. This collected information may be associated with “behaviors” performed by the received set of program code that may be identified using sets of contextual data.

Abstract: The present disclosure is directed to distributing processing capabilities throughout different nodes in a wireless mesh network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless mesh network because they help minimize the need to forward communications to other nodes in the wireless mesh network such that an evaluation can be performed. Apparatus and methods consistent with the present disclosure may distribute ratings or verdicts associated with previous requests to access data to different nodes in a wireless mesh network without generating additional wireless communications through the wireless mesh network. Apparatus and methods consistent with the present disclosure distribute content ratings to different nodes in a wireless network such that different wireless nodes may block redundant requests to undesired content without increasing messaging traffic.

Abstract: The present disclosure is directed to monitoring internal process memory of a computer at a time with program code executes. Methods and apparatus consistent with the present disclosure monitor the operation of program code with the intent of detecting whether received program inputs may exploit vulnerabilities that may exist in the program code at runtime. By detecting suspicious activity or malicious code that may affect internal process memory at run-time, methods and apparatus described herein identify suspected malware based on suspicious actions performed as program code executes. Runtime exploit detection may detect certain anomalous activities or chain of events in a potentially vulnerable application during execution. These events may be detected using instrumentation code when a regular code execution path of an application is deviated from.

Abstract: The present disclosure relates to a system, a method, and a non-transitory computer readable storage medium for deep packet inspection scanning at an application layer of a computer. A method of the presently claimed invention may scan pieces of data received out of order without reassembly at an application layer from a first input state generating one or more output states for each piece of data. The method may then identify that the first input state includes one or more characters that are associated with malicious content. The method may then identify that the data set may include malicious content when the first input state combined with one or more output states matches a known piece of malicious content.

Abstract: Methods and apparatus consistent with the present disclosure may be performed by a Cloud computing device may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into, may perform deep packet inspection (DPI) on computer data, or identify a content rating associated with computer data. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows one or more processors executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware can be detected using exception handling to track memory allocations of the program code included in the received data set. Furthermore, access to content associated with malware, potential malware, or with inappropriate content ratings may be blocked.

Abstract: Securely setting up mesh networks in a secure manner that does not require a physical network cable being attached to a wireless device and that do not require transmitting unencrypted information wirelessly when a mesh network is setup. Methods and apparatus may use different communication interfaces and different types of channels to ensure that devices included in or being added to a wireless mesh network always communicate securely. Methods and apparatus may use a combination of conventional secure communication methods, such as secure hypertext transfer protocol (HTTPS) communications, low power signals that travel over short distances, and other types of communications to create a system that only uses secure communications when setting up or expanding a wireless mesh network.

Abstract: Methods and apparatus consistent with the present disclosure may prevent a computer process from failing when a firewall located between a client device and a server identifies that a process at the firewall should be bypassed using fingerprint information associated with a connection attempt. When fingerprint information stored at a firewall matches previously received fingerprint information, the firewall may allow processes typically performed at the firewall to be bypassed, thereby, allowing communications to pass between the client device and the server without inspection. When that fingerprint information does not match previously received fingerprint information, the firewall may perform a process that causes the client device to fail the first connection attempt. Because of this, methods consistent with the present disclosure may allow communications from an application program to be passed through a firewall without relying on an ever growing list of trusted application programs.

Abstract: The present disclosure distributes processing capabilities throughout different nodes in a wireless network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless network because they help minimize the need to forward communications to other nodes in the network by allowing different wireless nodes to receive and store content ratings regarding requested content in caches associated with respective wireless nodes. Apparatus and methods consistent with the present disclosure perform a load balancing function because they distribute content ratings to different nodes in a wireless network without increasing messaging traffic. As response messages regarding access requests are passed back to a requestor, cache memories at nodes along a communication path are updated to include information that cross-references data identifiers with received content ratings.

Abstract: Policy enforcement previously available for web proxy access methods is extended and applied to layer 3 packets flowing through VPN channels. With these extensions, a common security policy is possible that is enforceable between VPN proxied access and VPN tunneled access. Equivalent security policy to tunnel based VPN access without comprising the inherent performance, scalability and application compatibility advantages tunne based VPNs have over their proxy based VPN counterparts.

Abstract: The present disclosure relates to methods and apparatus that collect data regarding malware threats, that organizes this collected malware threat data, and that provides this data to computers or people such that damage associated with these software threats can be quantified and reduced. The present disclosure is also directed to preventing the spread of malware before that malware can damage computers or steal computer data. Methods consistent with the present disclosure may optimize tests performed at different levels of a multi-level threat detection and prevention system. As such, methods consistent with the present disclosure may collect data from various sources that may include endpoint computing devices, firewalls/gateways, or isolated (e.g. “sandbox”) computers. Once this information is collected, it may then be organized, displayed, and analyzed in ways that were not previously possible.

Abstract: This disclosure is related to methods and apparatus used to for preventing malicious content from reaching a destination via a dynamic analysis engine may operate in real-time when packetized data is received. Data packets sent from a source computer may be received and be forwarded to an analysis computer that may monitor actions performed by executable program code included within the set of data packets when making determinations regarding whether the data packet set should be classified as malware. In certain instances all but a last data packet of the data packet set may also be sent to the destination computer while the analysis computer executes and monitors the program code included in the data packet set. In instances when the analysis computer identifies that the data packet set does include malware, the malware may be blocked from reaching the destination computer by not sending the last data packet to the destination computer.

Abstract: Methods and apparatus consistent with the present disclosure may be used after a computer network has been successfully attacked by new malicious program code. Such methods may include collecting data from computers that have been affected by the new malicious program code and this data may be used to identify a type of damage performed by the new malicious code. The collected data may also include a copy of the new malicious program code. Methods consistent with the present disclosure may also include allowing the new malicious program code to execute at an isolated computer while actions and instructions that cause the damage are identified. Signatures may be generated from the identified instructions after which the signatures or data that describes the damaging actions are provided to computing resources such that those resources can detect the new malware program code.

Abstract: The present disclosure relates to methods and apparatus that registers and configures mesh node devices to operate as part of a wireless mesh network as part of a process that may be referred to as an onboarding process that streamlines. Such an onboarding process may store registration information and configuration information in a database at a computer in the cloud or that is accessible via the Internet. This stored information may be used to easily create or expand a wireless mesh network. This registration information may be cross-referenced with a profile associated with a network configuration, with a customer license, and with an identifier that identifies a wireless mesh network. Profiles consistent with the present disclosure may identify configuration preferences of a wireless mesh network and may identify software components that may be installed at particular mesh nodes when mesh node devices are added to a wireless mesh network.

Abstract: Methods and apparatus consistent with the present disclosure may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows a processor executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware may be detected by scanning suspect program code with a malware scanner, malware may be detected by identifying suspicious actions performed by a set of program code, or malware may be detected by a combination of such techniques.

Abstract: Methods and apparatus that registers a plurality of mesh node devices to operate as part of a wireless mesh network after a user device scans encoded information that is unique to each mesh node of a plurality of different mesh nodes. After codes associated with different respective mesh nodes are scanned by a user device, that user device may communicate with these different mesh nodes via a low power communication interface and the user device may send registration information to a registration computer via a secure communication channel. Apparatus may also receive a validation code from the registration computer via a communication channel that is different from the secure communication channel and these apparatus may then send the validation code to the registration computer via the secure communication channel when the user device is validated by the registration computer.

Abstract: Methods and apparatus consistent with the present disclosure may be used in environments where multiple different virtual sets of program instructions are executed by shared computing resources. These methods may allow actions associated with a first set of virtual software to be paused to allow a second set of virtual software to be executed by the shared computing resources. In certain instances, methods and apparatus consistent with the present disclosure may manage the operation of one or more sets of virtual software at a point in time. Apparatus consistent with the present disclosure may include a memory and one or more processors that execute instructions out of the memory. At certain points in time, a processors of a computing system may pause a virtual process while allowing instructions associated with another virtual process to be executed.

Abstract: The present disclosure is directed to distributing processing capabilities throughout different nodes in a wireless mesh network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless mesh network because they help minimize the need to forward communications to other nodes in the wireless mesh network such that an evaluation can be performed. Apparatus and methods consistent with the present disclosure may distribute ratings or verdicts associated with previous requests to access data to different nodes in a wireless mesh network without generating additional wireless communications through the wireless mesh network. Apparatus and methods consistent with the present disclosure distribute content ratings to different nodes in a wireless network such that different wireless nodes may block redundant requests to undesired content without increasing messaging traffic.