Abstract: A method and system is provided for a scalable clustered system. The method and system may handle asynchronous traffic as well as session backup. In the method and system, a home cluster member having ownership of a local session predicts designation of a an other cluster member to receive a packet associated with the local session and sends appropriate state information or forwarding instruction to the other network member.

Abstract: A method and system is provided for a scalable clustered system. The method and system may handle asynchronous traffic as well as session backup. In the method and system, a home cluster member having ownership of a local session predicts designation of a an other cluster member to receive a packet associated with the local session and sends appropriate state information or forwarding instruction to the other network member.

Abstract: A data leak prevention application that categorizes documents by data type is provided, a data type being a sensitivity classification of a document based on what data the document contains. A scripting language processing engine is embedded into the data leak prevention application, the scripting language forming part of the application as hard code. A user configures interaction of the scripting language processing engine with the application. The configuring may include modifying or adding code or setting criteria for when code portions of the scripting language processing engine activates. The scripting language processing engine is activated to enhance an accuracy of an existing data type or so as to detect a new data type. Upon enhancing the accuracy of the data type, documents may be re-categorized.

Abstract: A computer-readable storage medium has embedded thereon non-transient computer-readable code for controlling access to a protected computer network, by intercepting packets that are being exchanged between a computer system and the protected network, and then, for each intercepted packet, identifying the associated application that is running on the computer system, determining whether the application is trusted, for example according to a white list or according to a black list, and disposing of the packet accordingly.

Abstract: Methods, devices, and media for intelligent NIC bonding and load-balancing including the steps of: providing a packet at an incoming-packet port of a gateway; attaching an incoming-port identification, associated with the incoming-packet port, to the packet; routing the packet to a processing core; passing the packet through a gateway processing; sending the packet, by the core, to the operating system of a host system; and routing the packet to an outgoing-packet port of the gateway based on the incoming-port identification. Preferably, the gateway processing includes security processing of the packets. Preferably, the step of routing the packet to the outgoing-packet port is based solely on the incoming-port identification. Preferably, an outgoing-port identification, associated with the outgoing-packet port, has an identical bond-index to the incoming-port identification.

Abstract: To validate data, a plurality of strings that match a predetermined regular expression is extracted from the data. A validated subset of the strings is identified. To determine whether the validated subset has been falsely validated, it is determined whether the validated subset satisfies each of one or more predetermined criteria relative to the plurality of strings. In one embodiment, the subset is determined to be falsely validated if at least one of the criteria is satisfied. In another embodiment, the subset is determined to be falsely validated if all of the criteria are satisfied. The data are released only if the subset is determined to be falsely validated.

Abstract: A method and system is provided for a scalable clustered system. The method and system may handle asynchronous traffic as well as session backup. In the method and system, a home cluster member having ownership of a local session predicts designation of a an other cluster member to receive a packet associated with the local session and sends appropriate state information or forwarding instruction to the other network member.

Abstract: A method and system is provided for a scalable clustered system. The method and system may handle asynchronous traffic as well as session backup. In the method and system, a home cluster member having ownership of a local session predicts designation of a an other cluster member to receive a packet associated with the local session and sends appropriate state information or forwarding instruction to the other network member.

Abstract: A data leak prevention application that categorizes documents by data type is provided, a data type being a sensitivity classification of a document based on what data the document contains. A scripting language processing engine is embedded into the data leak prevention application, the scripting language forming part of the application as hard code. A user configures interaction of the scripting language processing engine with the application. The configuring may include modifying or adding code or setting criteria for when code portions of the scripting language processing engine activates. The scripting language processing engine is activated to enhance an accuracy of an existing data type or so as to detect a new data type. Upon enhancing the accuracy of the data type, documents may be re-categorized.

Abstract: Methods, devices, and media for intelligent NIC bonding and load-balancing including the steps of: providing a packet at an incoming-packet port of a gateway; attaching an incoming-port identification, associated with the incoming-packet port, to the packet; routing the packet to a processing core; passing the packet through a gateway processing; sending the packet, by the core, to the operating system of a host system; and routing the packet to an outgoing-packet port of the gateway based on the incoming-port identification. Preferably, the gateway processing includes security processing of the packets. Preferably, the step of routing the packet to the outgoing-packet port is based solely on the incoming-port identification. Preferably, an outgoing-port identification, associated with the outgoing-packet port, has an identical bond-index to the incoming-port identification.

Abstract: The present invention discloses methods for effective network-security inspection in virtualized environments, the methods including the steps of: providing a data packet, embodied in machine-readable signals, being sent from a sending virtual machine to a receiving virtual machine via a virtual switch; intercepting the data packet by a sending security agent associated with the sending virtual machine; injecting the data packet into an inspecting security agent associated with a security virtual machine via a direct transmission channel which bypasses the virtual switch; forwarding the data packet to the security virtual machine by employing a packet-forwarding mechanism; determining, by the security virtual machine, whether the data packet is allowed for transmission; upon determining the data packet is allowed, injecting the data packet back into the sending security agent via the direct transmission channel; and forwarding the data packet to the receiving virtual machine via the virtual switch.

Abstract: Methods, devices, and media for intelligent NIC bonding and load-balancing including the steps of: providing a packet at an incoming-packet port of a gateway; attaching an incoming-port identification, associated with the incoming-packet port, to the packet; routing the packet to a processing core; passing the packet through a gateway processing; sending the packet, by the core, to the operating system of a host system; and routing the packet to an outgoing-packet port of the gateway based on the incoming-port identification. Preferably, the gateway processing includes security processing of the packets. Preferably, the step of routing the packet to the outgoing-packet port is based solely on the incoming-port identification. Preferably, an outgoing-port identification, associated with the outgoing-packet port, has an identical bond-index to the incoming-port identification.