Abstract: Information concerning a plurality of identified threats provided by a plurality of preselected sources is stored in memory. An e-mail message may be received over a communication network. The received e-mail message is separated into a plurality of components. The stored information is searched to identify a reputation score associated with each of the plurality of components. It is then determined whether the e-mail is a threat based on the identified reputation score of each of the plurality of components. The determination is sent to a designated recipient.

Abstract: The present invention increases the efficiency of transmitting data from a plurality of fragmented internet protocol (IP) packets over a computer network. After receiving a plurality of fragmented packets over a computer network interface a computing device may reassemble data from the plurality of packets into an IP packet that includes data from each of the fragmented IP packets. The reassembled IP packet may then be compressed and encrypted before being transmitted to a computer identified in a destination address in each of the plurality of fragmented packets.

Abstract: Systems and techniques are provided for controlling requests for resources from remote computers. A remote computer's ability to access a resource is determined based upon the computer's operating environment. The computer or computers responsible for controlling access to a resource will interrogate the remote computer to ascertain its operating environment. The computer or computers responsible for controlling access to a resource may, for example, download one or more interrogator agents onto the remote computer to determine its operating environment. Based upon the interrogation results, the computer or computers responsible for controlling access to a resource will control the remote computer's access to the requested resource.

Abstract: Some embodiments of reassembly-free deep packet inspection (DPD on multicore hardware have been presented. In one embodiment, a set of packets of one or more files is received at a networked device from one or more connections. Each packet is scanned using one of a set of processing cores in the networked device without buffering the one or more files in the networked device. Furthermore, the set of processing cores may scan the packets substantially concurrently.

Abstract: The present disclosure relates to an apparatus, a method, and a non-transitory computer readable storage medium for managing bandwidth in a computer network. The method may identify that a first received packet belongs to a first traffic class and a second received packet belongs to a second traffic class where the first traffic class is associated with a higher priority than the second traffic class. The method may also identify that the first and the second traffic classes compete for shared bandwidth at the computer network. The method may monitor a number of bytes received that are associated with the first traffic class and second traffic class and perform a series of calculations used to adjust a window size according to the relative priorities of the first and the second traffic class.

Abstract: The present invention provides systems and methods for unified bandwidth management for network traffic. In particular, two or more network devices may be grouped into a single set, and bandwidth management is performed on the single set. The grouping of network devices into a single set facilitates dynamic adjustment of bandwidth management based on real-time variations in network traffic that may arise during standard operations of the network.

Abstract: Systems and methods for edge protection for internal identity providers are provided. A first claimed embodiment of the present disclosure involves a method for edge protection for internal identity providers. The method includes receiving a service authentication request at a virtual private networking (VPN) appliance on an edge of a secure network. A client device external to the secure network can send the service authentication request. The VPN appliance can then send a synthetic service authentication request to an identity provider in the secure network. This synthetic service authentication request can be based on the service authentication request. The VPN can then receive an authenticated credential from the identity provider. The authenticated credential is responsive to the synthetic service authentication request. The VPN appliance can then send the authenticated credential from the VPN appliance to the client device.

Abstract: A character class is detected in a regular expression and substituted with a pseudo character. A table is created with a bit vector for each pseudo character inserted into the regular expression. Each bit in the bit-vector represents one character of the alphabet from which the expression is generated. The status of the bits in a bit-vector indicates which characters of the alphabet are included in the character class. The pseudo character in the modified regular expression is used to construct a non-deterministic finite automaton (NFA). The NFA with the pseudo character is then used to construct a deterministic finite automaton (DFA). When constructing the DFA, the bit-vectors are used to determine if a certain transition should be constructed in the DFA.

Abstract: A firewall system determines whether a protocol used by an incoming data packet is a standard protocol compliant with Request For Comment (RFC) standards. In the event the protocol is RFC compliant, the firewall transmits the packet to the recipient according to firewall policies regarding the standard protocol. If the protocol is not that of an RFC standard, the firewall determines whether the protocol matches an RFC-exception protocol in a RFC-exception protocol database. If the protocol does match an RFC-exception, the firewall may transmit the packet to the recipient according to firewall policies regarding the RFC-exception protocol. If it does not match an RFC-exception, the firewall may transmit the packet or protocol to a support system where it may be quarantined until it is approved based on a decision that the protocol is safe and/or widely adopted.

Abstract: The present disclosure identifies topologies of a computer network where one network appliance may be configured as a master network appliance and where that master network appliance may communicate over a network communication interface with one or more slave network appliances. Computer networks of the present disclosure may include a switch and a firewall where the switch may be coupled to several network appliances via different network communication interfaces.

Abstract: A fingerprint of an image identified within a received message is generated following analysis of the message. A spam detection engine identifies an image within a message and converts the image into a grey scale image. The spam detection engine analyzes the grey scale image and assigns a score. A fingerprint of the grey scale image is generated based on the score. The fingerprint may also be based on other factors such as the message sender's status (e.g. blacklisted or whitelisted) and other scores and reports generated by the spam detection engine. The fingerprint is then used to filter future incoming messages.

Abstract: The present invention relates to a system, method, and non-transitory storage medium executable by one or more processors at a multi-processor system that improves load monitoring and processor-core assignments as compared to conventional approaches. A method consistent with the present invention includes a first data packet being received at a multi-processor system. After the first packet is received it may be sent to a first processor where the first processor identifies a first processing task associated with the first data packet. The first data packet may then be forwarded to a second processor that is optimized for processing the first processing task of the first data packet. The second processor may then process the first processing task of the first data packet. Program code associated with the first processing task may be stored in a level one (L1) cache at the first processor.

Abstract: A firewall may identify a uniform resource locator (URL) being transmitted to a user device, the URL link pointing to a host system. The firewall can then modify the URL link to point instead to a sandbox system. Once a user at the user device selects the URL link (e.g., by clicking or touching it in a browser), the firewall receives the user device's HTTP request and directs it to the sandbox system, which generates a new HTTP request that is then sent through the firewall to the host system. The host system then sends host content to the sandbox system instead of to the user device. The user device may then be presented with a representation of the host content as rendered at the sandbox system (e.g., through a remote desktop interface).

Abstract: Handling a message comprises: classifying an incoming message for a recipient, storing the classified message and providing a notification to the recipient, wherein the notification includes summary information about the classified message and an interface that allows the recipient to operate on the classified message.

Abstract: Innovative technologies for reducing network request response times over a server-signed connection are disclosed. The technologies may involve dynamically computing synchronized compression dictionaries using server responses to speculative or “read-ahead” client requests. The technologies operate even when the client is unable to accept the server responses due to server-signing constraints. A server proxy may receive a read-ahead request originating from a client proxy. After receiving a response to the read-ahead request from a server, the server proxy may populate a compression dictionary and forward the read-ahead request to the client proxy. The client proxy may populate its own synchronized compression dictionary using the forwarded read-ahead response. The server proxy and client proxy may use the compression dictionaries to respectively compress and decompress a response to an actual client request that matches or is highly similar to the earlier response to the read-ahead request.

Abstract: A client computer hosts a virtual private network tool to establish a virtual private network connection with a remote network. Upon startup, the virtual private network tool collects critical network information for the client computer, and sends this critical network information to an address assignment server in the remote network. The address assignment server compares the critical network information with a pool of available addresses in the remote network, and assigns addresses for use by the client computer that do not conflict with the addresses for local resources. The address assignment server also provides routing information for resources in the remote network to the virtual private network tool. The virtual private network tool will postpone loading this routing information into the routing tables of the client computer until the client computer requests access to a specific resource in the remote network.

Abstract: According to embodiments of the invention, a first wireless access point discovers a second wireless access point, the first wireless access point tunes its radio and privacy settings, without user input, based upon parameters automatically exchanged in response to the discovery of the second wireless access point, and a secure direct wireless connection is established between the first and second wireless access points using the radio and privacy settings. Adding the first wireless to an existing mesh network includes a determination of the best available direct wireless connection.

Abstract: A secure connection between a user mobile device and a “Internet-of-Things” network-connected device (e.g., a home appliance or a vehicle) may be provided using an internet gateway residing in the public internet and a local gateway residing in a private network behind a firewall. The user device may receive an input through a software application and may generate an electronic instruction based on the input. The user device may then encrypt the electronic instruction and send the encrypted electronic instruction to the internet gateway over a secure connection (e.g., SSH, TLS). The internet gateway then sends the encrypted electronic instruction to the local gateway, which decrypts the encrypted electronic instruction, interprets it, and generates and transmits a device instruction to communicate with the network-connected device, either directly or through an intermediary device such as a third-party bridge or hub. Only the user device and local gateway have encryption/decryption keys.

Abstract: The present invention relates to a method and system for performing deep packet inspection of messages transmitted through a network switch in a Software Defined Network (SDN). Embodiments of the invention include a network switch, a controller, and a firewall in a software defined networking environment. In the present invention, the network switch is a simple network switch that is physically separate from the controller and the firewall. The invention may include a plurality of physically distinct network switches communicating with one or more controllers and firewalls. In certain instances, communications between the network switch, the controller, and the firewall are performed using the Open Flow standard communication protocol.

Abstract: Methods are directed towards initializing a path maximum transmission unit value for two gateways in communication via a network tunnel (e.g., VPN environment). The initialized path maximum transmission unit value is used in establishing the network tunnel of the two gateways. Methods are also directed towards synchronizing path maximum transmission unit values for the two gateways after the network tunnel has been established. These methods minimize the occurrence of dropped data packets arising from mismatched path maximum transmission unit value between the gateways.