Abstract: A network sniffer where the sniffer learns the structure of a web application, monitors the operation of the application, and optionally controls the processing of incoming requests to achieve optimal performance as defined in a service level agreement (SLA). The network sniffer is operative for example in enterprise web applications and in enterprise data centers that deploy web applications and optimally is adapted to maintain a consistent level of service of web applications.

Abstract: A method for controlling and maintaining a level of service of web applications is disclosed. The method includes generating a context for each request sent from a client to a web server and for each reply sent from a web server to a client. Then it is determined whether the context belongs to an identified transaction. Statistics respective of the identified transaction is then gathered. Further, a determination is made whether at least one policy predefined for the identified application is violated. A plurality of corrective actions are performed if at least one policy is determined to be violated.

Abstract: A service level management (SLM) system where the system learns the structure of a web application, monitors the operation of the application, and controls the processing of incoming requests to achieve optimal performance as defined in a service level agreement (SLA). The system is operative for example in enterprise web applications and in enterprise data centers that deploy web applications and optimally is capable of controlling and maintaining a level of service of web applications.

Abstract: A method and system for automatically learning and identifying web applications. The method discovers and identifies transactions, web applications, their modules, interfaces, and relationship between the modules. The method further includes dynamically creating application definers is provided.

Abstract: A system and method for correlating front-end and back-end transactions in a data center. The method includes gathering front-end and back-end transactions; analyzing pairs of transactions to detect correlated front-end and back-end transactions; saving correlated pairs in a database; and displaying the correlated pairs on a graphical user interface (GUI). In accordance with an embodiment of the invention the detection of correlated pairs may be performed using content matching analysis, time proximity analysis, and attributes analysis.

Abstract: Systems and methods for identification of network attacks are disclosed. An example system includes an adaptor module to route a received encrypted packet to a decryption module, receive a decrypted packet corresponding to the encrypted packet from the decryption module, and transmit the decrypted packet and the encrypted packet to a sensor module. The decryption module is to receive an encrypted packet, decrypt the encrypted packet to form the decrypted packet, and transmit the decrypted packet to the adaptor module. The sensor module is to inspect the decrypted packet and the encrypted packet received from the adaptor module to determine when an attack is detected.

Abstract: A method for monitoring performance of a data center that includes: (a) a performance monitor analyzing packets that flow between a client and a web or application server; (b) assigning packets to contexts where a context is a request-reply entity; (c) determining one or more of application, network, and back-end latency measures wherein: (i) the application latency measure is a time it takes for an application to respond to a request, (ii) the network latency measure is a time that it takes for packets to go through a network between the client and the web or application server, and (iii) the back-end latency is a time required for a back-end system to execute a request and respond to the application server.

Abstract: A system and method for detecting network attacks within encrypted network traffic received by a protected network includes a decryption module and an adaptor module. This system and method can be inserted and used with multiple types of operating systems.

Abstract: A system and method for protection of Web based applications are described. The techniques described provide an enterprise wide approach to preventing attacks of Web based applications. Individual computer networks within the enterprise monitor network traffic to identify anomalous traffic. The anomalous traffic can be identified by comparing the traffic to a profile of acceptable user traffic when interacting with the application. The anomalous traffic, or security events, identified at the individual computer networks are communicated to a central security manager. The central security manager correlates the security events at the individual computer networks to determine if there is an enterprise wide security threat. The central security manager can then communicate instructions to the individual computer networks so as to provide an enterprise wide solution to the threat.

Abstract: A system and method for detecting network attacks within encrypted network traffic received by a protected network includes a decryption module and an adaptor module. This system and method can be inserted and used with multiple types of operating systems.

Abstract: A method for controlling and maintaining a level of service of web applications is disclosed. The method includes generating a context for each request sent from a client to a web server and for each reply sent from a web server to a client. Then it is determined whether the context belongs to an identified transaction. Statistics respective of the identified transaction is then gathered. Further, a determination is made whether at least one policy predefined for the identified application is violated. A plurality of corrective actions are performed if at least one policy is determined to be violated.

Abstract: A service level management (SLM) system where the system learns the structure of a web application, monitors the operation of the application, and controls the processing of incoming requests to achieve optimal performance as defined in a service level agreement (SLA). The system is operative for example in enterprise web applications and in enterprise data centers that deploy web applications and optimally is capable of controlling and maintaining a level of service of web applications.

Abstract: A service level management (SLM) system where the system learns the structure of a web application, monitors the operation of the application, and controls the processing of incoming requests to achieve optimal performance as defined in a service level agreement (SLA). The system is operative for example in enterprise web applications and in enterprise data centers that deploy web applications and optimally is capable of controlling and maintaining a level of service of web applications.

Abstract: A system and method for correlating front-end and back-end transactions in a data center. The method includes gathering front-end and back-end transactions; analyzing pairs of transactions to detect correlated front-end and back-end transactions; saving correlated pairs in a database; and displaying the correlated pairs on a graphical user interface (GUI). In accordance with an embodiment of the invention the detection of correlated pairs may be performed using content matching analysis, time proximity analysis, and attributes analysis.

Abstract: A network device and method for learning and monitoring transactions executed by back-end systems in data servers. Specifically, it allows learning and monitoring at least standard query language (SQL) transactions sent from an application server hosting a web application to a database server and executed thereon. Monitoring of SQL transactions allows measuring performance parameters with regards to databases, databases' tables, operations and queries that are part of the transactions. Furthermore, the measurement of performance parameters with respect to HTTP requests of the respective SQL transactions is provided.

Abstract: A method for monitoring performance of a data center that includes: (a) a performance monitor analyzing packets that flow between a client and a web or application server; (b) assigning packets to contexts where a context is a request-reply entity; (c) determining one or more of application, network, and back-end latency measures wherein: (i) the application latency measure is a time it takes for an application to respond to a request, (ii) the network latency measure is a time that it takes for packets to go through a network between the client and the web or application server, and (iii) the back-end latency is a time required for a back-end system to execute a request and respond to the application server.

Abstract: A system and method for protection of Web based applications are described. A Web application security system is included within a computer network to monitor traffic received from a wide area network, such as the Internet, and determine if there is a threat to the Web application. The Web application security system monitors web traffic in a non-inline configuration and identifies any anomalous traffic against a profile that identifies acceptable behavior of a user of the application. Any anomalous traffic is analyzed and appropriate protective action is taken to secure the Web application against an attack.

Abstract: A system and method for protection of Web based applications are described. An agent is included in a web server such that traffic is routed through the agent. A security module is also in communication with the agent. The agent receives information about the application profile, and patterns of acceptable traffic behavior, from the security module. The agent acts as a gatekeeper, holding up suspicious traffic that does not match the pattern of acceptable traffic behavior until the suspicious traffic has been analyzed by the security module. Using the agent, malicious traffic can dropped before it can reach the application, or the user can be logged out, or both.

Abstract: A system and method for protection of Web based applications are described. The techniques described provide an enterprise wide approach to preventing attacks of Web based applications. Individual computer networks within the enterprise monitor network traffic to identify anomalous traffic. The anomalous traffic can be identified by comparing the traffic to a profile of acceptable user traffic when interacting with the application. The anomalous traffic, or security events, identified at the individual computer networks are communicated to a central security manager. The central security manager correlates the security events at the individual computer networks to determine if there is an enterprise wide security threat.

Abstract: A method and system for automatically learning and identifying web applications. The method discovers and identifies transactions, web applications, their modules, interfaces, and relationship between the modules. The method further includes dynamically creating application definers is provided.