Abstract: Example embodiments disclosed herein relate to perform a security action, (e.g., filtering) based on reputation and a signature match. A reputation is determined of a devices associated with a network packet or network packet stream. It is determined whether a signature matches the network packet or an associated flow of the network packet. The security action is determined based on the reputation and the match.

Abstract: According to an example, configurable workload optimization may include selecting a performance optimized application workload from available performance optimized application workloads. A predetermined combination of removable workload optimized modules may be selected to implement the selected performance optimized application workload. Different combinations of the removable workload optimized modules may be usable to implement different ones of the available performance optimized application workloads. The predetermined combination of the removable workload optimized modules may be managed to implement the selected performance optimized application workload. Data flows directed to the predetermined combination of the removable workload optimized modules may be received.

Abstract: According to an example, configurable network security may include receiving data flows directed to end node modules of a server, and selecting data flows from the received data flows based on an analysis of attributes of the received data flows. The selected data flows may be less than the received data flows. A number of IPS data plane modules of the server that are available for inspection of the selected data flows may be determined. The selected data flows may be distributed between the IPS data plane modules based on the determined number of the IPS data plane modules. The distributed data flows may be inspected using the IPS data plane modules to identify malicious and benign data flows, and to determine whether to drop the malicious data flows, direct the malicious data flows to a predetermined destination, or forward the benign data flows to the end node modules.

Abstract: Example embodiments disclosed herein relate to a network security system. The network security system intercepts inline DNS requests. It is determined whether a domain name associated with one of the inline DNS requests corresponds with one or more domain names. A security action is performed based on the determination.

Abstract: According to an example, configurable network security may include receiving data flows directed to end node modules of a server, and selecting data flows from the received data flows based on an analysis of attributes of the received data flows. The selected data flows may be less than the received data flows. A number of IPS data plane modules of the server that are available for inspection of the selected data flows may be determined. The selected data flows may be distributed between the IPS data plane modules based on the determined number of the IPS data plane modules. The distributed data flows may be inspected using the IPS data plane modules to identify malicious and benign data flows, and to determine whether to drop the malicious data flows, direct the malicious data flows to a predetermined destination, or forward the benign data flows to the end node modules.

Abstract: According to an example, configurable workload optimization may include selecting a performance optimized application workload from available performance optimized application workloads. A predetermined combination of removable workload optimized modules may be selected to implement the selected performance optimized application workload. Different combinations of the removable workload optimized modules may be usable to implement different ones of the available performance optimized application workloads. The predetermined combination of the removable workload optimized modules may be managed to implement the selected performance optimized application workload. Data flows directed to the predetermined combination of the removable workload optimized modules may be received.

Abstract: Securing a virtual environment includes: in a host device, intercepting a packet addressed to a virtual machine implemented by the host device; redirecting the packet to a security device external to the host device through an egress tunnel; and delivering the packet to the virtual machine if the host device receives an indication from the security device that the packet is approved.

Abstract: Example embodiments disclosed herein relate to perform a security action, (e.g., filtering) based on reputation and a signature match. A reputation is determined of a devices associated with a network packet or network packet stream. It is determined whether a signature matches the network packet or an associated flow of the network packet. The security action is determined based on the reputation and the match.

Abstract: Example embodiments disclosed herein relate to a network security system. The network security system intercepts inline DNS requests. It is determined whether a domain name associated with one of the inline DNS requests corresponds with one or more domain names. A security action is performed based on the determination.

Abstract: Packet inspection in a network device includes a first stage circuit to monitor packets being switched by a network interface in the network device. The first stage circuit includes at least one pattern matcher to identify selected flows in the packets satisfying first criteria and to divert the selected flows from standard processing in the network interface. A second stage circuit receives the selected flows, performs deep packet inspection on the selected flows to identify further selected flows satisfying a second criteria, and controls the network interface to apply alternative processing to the further selected flows and allow the selected flows other than the further selected flows to rejoin the standard processing.

Abstract: Securing a virtual environment includes: in a host device, intercepting a packet addressed to a virtual machine implemented by the host device; redirecting the packet to a security device external to the host device through an egress tunnel; and delivering the packet to the virtual machine if the host device receives an indication from the security device that the packet is approved.