Abstract: Systems and methods for a passive wireless multi-factor authentication approach are provided. According to one embodiment, a user authentication request is received by a first computing device connected to a private network. The user authentication request is sent by an endpoint protection suite running on the first computing device to an authentication device associated with the private network. A proximity of a second computing device, which was previously registered with the authentication device to be used as a factor of a multi-factor authentication process involving the first computing device, is determined by the authentication device in relation to one or more wireless access points of a wireless network of the private network. The user authentication request is then processed by the authentication device based on the proximity.

Abstract: Systems and methods for automatic VPN establishment are provided.

Abstract: Systems and methods for automated testing of network security controls are provided. According to one embodiment, information regarding multiple desired security controls for a protected network are received by a network device. Network traffic configured to validate an extent of conformance by the protected network with the desired security controls is generated by the network device. The generated network traffic is transmitted by the network device onto the protected network. An assessment is performed by the network device regarding how network security policies configured within the protected network process the generated network traffic.

Abstract: Systems and methods for automatic VPN establishment are provided.

Abstract: Systems and methods for automatic VPN establishment are provided. According to one embodiment, a P1 message is received by a hub network device (ND) a remote device (RD) of a spoke. P1 specifies VPN connection attributes corresponding to a lowest ENC/AUTH suite supported by RD. A VPN tunnel entry is automatically created by ND based on the VPN connection attributes. A P2 message is transmitted by ND specifying ENC/AUTH attributes based on corresponding ENC/AUTH of the VPN connection attributes. A third message is received by ND from RD indicating a highest level ENC/AUTH suite supported by RD. ND determines its compatibility with the proposed ENC/AUTH suite. If compatible, ND transmits a random PSK to enable creation of a permanent tunnel and establishment of the VPN connection; otherwise, compatibility with a lower level ENC/AUTH suite is determined by RD iteratively reducing the proposed suite until a match is found.

Abstract: Systems and methods for automatic VPN establishment are provided. According to one embodiment, a P1 message is received by a hub network device (ND) a remote device (RD) of a spoke. P1 specifies VPN connection attributes corresponding to a lowest ENC/AUTH suite supported by RD. A VPN tunnel entry is automatically created by ND based on the VPN connection attributes. A P2 message is transmitted by ND specifying ENC/AUTH attributes based on corresponding ENC/AUTH of the VPN connection attributes. A third message is received by ND from RD indicating a highest level ENC/AUTH suite supported by RD. ND determines its compatibility with the proposed ENC/AUTH suite. If compatible, ND transmits a random PSK to enable creation of a permanent tunnel and establishment of the VPN connection; otherwise, compatibility with a lower level ENC/AUTH suite is determined by RD iteratively reducing the proposed suite until a match is found.

Abstract: Methods and systems for Data Leak Prevention (DLP) in a private network are provided. According to one embodiment, a packet is received by a network security device. An upper layer protocol associated with the packet is identified. It is determined whether the identified upper layer protocol is one of multiple candidate upper layer protocols having a potential to carry sensitive information with reference to a database identifying the candidate upper layer protocols, corresponding commands of interest and a corresponding suspect field within each of the commands that is to be subjected to DLP scanning. Responsive to an affirmative determination and when a command represented by the packet is one of the corresponding commands of interest for the identified upper layer protocol, then a DLP scan is performed on content contained within the corresponding suspect field of the packet. Otherwise, performance of the DLP scan for the received packet is skipped.

Abstract: Systems and methods for a passive wireless multi-factor authentication approach are provided. According to one embodiment, a user authentication request is received by a first computing device connected to a private network. The user authentication request is sent by an endpoint protection suite running on the first computing device to an authentication device associated with the private network. A proximity of a second computing device, which was previously registered with the authentication device to be used as a factor of a multi-factor authentication process involving the first computing device, is determined by the authentication device in relation to one or more wireless access points of a wireless network of the private network. The user authentication request is then processed by the authentication device based on the proximity.

Abstract: Systems and methods for automated testing of network security controls are provided. According to one embodiment, information regarding multiple desired security controls for a protected network are received by a network device. Network traffic configured to validate an extent of conformance by the protected network with the desired security controls is generated by the network device. The generated network traffic is transmitted by the network device onto the protected network. An assessment is performed by the network device regarding how network security policies configured within the protected network process the generated network traffic.

Abstract: Methods and systems for Data Leak Prevention (DLP) in a private network are provided. According to one embodiment, a packet is received by a network security device. An upper layer protocol associated with the packet is identified. It is determined whether the identified upper layer protocol is one of multiple candidate upper layer protocols having a potential to carry sensitive information with reference to a database identifying the candidate upper layer protocols, corresponding commands of interest and a corresponding suspect field within each of the commands that is to be subjected to DLP scanning. Responsive to an affirmative determination and when a command represented by the packet is one of the corresponding commands of interest for the identified upper layer protocol, then a DLP scan is performed on content contained within the corresponding suspect field of the packet. Otherwise, performance of the DLP scan for the received packet is skipped.

Abstract: Methods and systems for Data Leak Prevention (DLP) in a private network are provided. According to one embodiment, a packet is received by a network security device. An upper layer protocol associated with the packet is identified. It is determined whether the identified upper layer protocol is one of multiple candidate upper layer protocols having a potential to carry sensitive information with reference to a database identifying the candidate upper layer protocols, corresponding commands of interest and a corresponding suspect field within each of the commands that is to be subjected to DLP scanning. Responsive to an affirmative determination and when a command represented by the packet is one of the corresponding commands of interest for the identified upper layer protocol, then a DLP scan is performed on content contained within the corresponding suspect field of the packet. Otherwise, performance of the DLP scan for the received packet is skipped.

Abstract: Methods and systems for Data Leak Prevention (DLP) in a private network are provided. According to one embodiment, a packet is received by a network security device. An upper layer protocol associated with the packet is identified. It is determined whether the identified upper layer protocol is one of multiple candidate upper layer protocols having a potential to carry sensitive information with reference to a database identifying the candidate upper layer protocols, corresponding commands of interest and a corresponding suspect field within each of the commands that is to be subjected to DLP scanning. Responsive to an affirmative determination and when a command represented by the packet is one of the corresponding commands of interest for the identified upper layer protocol, then a DLP scan is performed on content contained within the corresponding suspect field of the packet. Otherwise, performance of the DLP scan for the received packet is skipped.

Abstract: Methods and systems for Data Leak Prevention (DLP) in a private network are provided. A data structure is maintained within a network security appliance identifying candidate upper layer protocols, corresponding commands of interest and a corresponding suspect field within each of the commands that is to be subjected to DLP scanning as a result of its potential for carrying sensitive information. A packet is received by the network security appliance. A protocol associated with the packet is identified. It is determined whether the identified protocol is among those of the candidate protocols. Responsive to an affirmative determination and when a command represented by the packet is among those of the corresponding commands of interest for the candidate protocol, then a DLP scan is performed on the packet. Otherwise, the packet is allowed to pass through the network security appliance without being subject to a DLP scan.

Abstract: Methods and systems for Data Leak Prevention (DLP) in a private network are provided. A data structure is maintained within a network security appliance identifying candidate upper layer protocols, corresponding commands of interest and a corresponding suspect field within each of the commands that is to be subjected to DLP scanning as a result of its potential for carrying sensitive information. A packet is received by the network security appliance. A protocol associated with the packet is identified. It is determined whether the identified protocol is among those of the candidate protocols. Responsive to an affirmative determination and when a command represented by the packet is among those of the corresponding commands of interest for the candidate protocol, then a DLP scan is performed on the packet. Otherwise, the packet is allowed to pass through the network security appliance without being subject to a DLP scan.

Abstract: Methods and systems for Data Leak Prevention (DLP) in a private network are provided. According to one embodiment, a data packet is received by a network security appliance. The data packet is originated by a first networking device within a network protected by the network security appliance and is directed to a second networking device that is outside the network. The data packet is decoded in accordance with an upper layer protocol through which the data packet is being transmitted. A command, request or method of the upper layer protocol that is specified by or represented by the data packet is determined. A field of the command, request or method, which is not designed for carrying a message or a file, is scanned for sensitive or confidential information based on a sensor rule. When the scanning results in a match, then an action associated with the sensor rule is performed.

Abstract: Methods and systems for Data Leak Prevention (DLP) in a private network are provided. According to one embodiment, information is received from an administrator (i) defining a DLP rule to be applied to packets associated with an upper layer protocol and (ii) defining an action to take when a condition associated with the rule is satisfied. The rule includes a regular expression and/or a string that is configured to detect existence of sensitive information. A packet originated by a host device is received. The packet is determined to be associated with the upper layer protocol. A command, request or method of the protocol is identified that is specified by or represented by the packet. The packet is scanned for sensitive information based on the rule. When the scanning results in a conclusion that sensitive information is contained within the packet, then the defined action is performed.