Abstract: A non-transitory computer readable storage medium, comprising executable instructions to collect network traffic data, produce a Fourier signature from the network traffic data, associate the Fourier signature with a known pattern, collect new network traffic data, produce a new Fourier signature from the new network traffic data, compare the new Fourier signature with the Fourier signature to selectively identify a match and associate the new network traffic data with the known pattern upon a match.

Abstract: A non-transitory computer readable storage medium includes executable instructions to identify specified network interactions initiated by a client machine. The specified network interactions are compared to normative values to produce a promiscuity score indicative of the risk of the client machine contracting malicious software. Depending upon the promiscuity score, prophylactic actions are optionally applied to the client machine.

Abstract: A non-transitory computer readable storage medium, comprising executable instructions to collect network traffic data, produce a Fourier signature from the network traffic data, associate the Fourier signature with a known pattern, collect new network traffic data, produce a new Fourier signature from the new network traffic data, compare the new Fourier signature with the Fourier signature to selectively identify a match and associate the new network traffic data with the known pattern upon a match.

Abstract: A non-transitory computer readable storage medium includes executable instructions to identify specified network interactions initiated by a client machine. The specified network interactions are compared to normative values to produce a promiscuity score indicative of the risk of the client machine contracting malicious software. Depending upon the promiscuity score, prophylactic actions are optionally applied to the client machine.

Abstract: A method and apparatus for resource locator identifier rewrite have been presented. A security device receives from a resource host over a non-secure hypertext transfer protocol (HTTP) session a response to a request received from a client over a secure HTTP session. The response includes a uniform resource locator (URL) that is supposed to be for a resource host, but the URL does not designate a secure resource access protocol and the resource host requires the secure resource access protocol. The URL is located in the response and modified to designate the secure resource access protocol. After modification, the response is transmitted via the secure resource access protocol session to the client.

Abstract: A method and apparatus for resource locator identifier rewrite have been presented. A security device receives from a resource host over a non-secure hypertext transfer protocol (HTTP) session a response to a request received from a client over a secure HTTP session. The response includes a uniform resource locator (URL) that is supposed to be for a resource host, but the URL does not designate a secure resource access protocol and the resource host requires the secure resource access protocol. The URL is located in the response and modified to designate the secure resource access protocol. After modification, the response is transmitted via the secure resource access protocol session to the client.

Abstract: HTTP layered reconstruction is disclosed. A database is queried to identify a location of a previously reconstructed HTML artifact file or packet data of a HTML file in a repository that stores packet data captured from a network. The reconstructed HTML file is analyzed. Links to external files are identified and the database is queried to identify a location of previously reconstructed artifact files or packet data of associated external files. The external files are reconstructed, as needed. A web page is then reconstructed based on the reconstructed HTML file and reconstructed external files, presenting a view of the web page as it originally appeared to a user. A user may specify which external file types to include and/or not include. New versions of external files may be obtained and indicated in the reconstructed web page when associated artifact files or packet data are not stored within the repository.

Abstract: A non-transitory computer readable storage medium includes executable instructions to identify specified network interactions initiated by a client machine. The specified network interactions are compared to normative values to produce a promiscuity score indicative of the risk of the client machine contracting malicious software. Depending upon the promiscuity score, prophylactic actions are optionally applied to the client machine.

Abstract: An indexing database utilizes a non-transitory storage medium. A pattern matching processing unit generates preclassification data for the network data packets utilizing pattern matching analysis. At least one processing unit implements a storage process that receives the network data packets, stores the network data packets in at least one of the slots, and transfers the network data packets to a packet capture repository when slots in a shared memory are full. A preclassification process requests from the pattern matching processing unit the preclassification data. An indexing process determines, based upon the preclassification data, whether to invoke or omit additional analysis of the network data packets, and performs at least one of aggregation, classification, or annotation of the network data packets in the shared memory to maintain one or more indices in the indexing database.

Abstract: A method and apparatus for resource locator identifier rewrite have been presented. A security device receives from a resource host over a non-secure hypertext transfer protocol (HTTP) session a response to a request received from a client over a secure HTTP session. The response includes a uniform resource locator (URL) that is supposed to be for a resource host, but the URL does not designate a secure resource access protocol and the resource host requires the secure resource access protocol. The URL is located in the response and modified to designate the secure resource access protocol. After modification, the response is transmitted via the secure resource access protocol session to the client.

Abstract: A system and method of presentation of an extracted artifact based on an indexing technique are disclosed. In an embodiment, the method includes indexing a database of a captured network characteristic data using a processor and a memory to form an indexed capture data. The method includes enhancing a query response time with the indexed capture data. The method further includes searching the indexed capture data to generate a capture query result. The capture query result includes an extracted artifact. The method also includes graphically presenting the capture query result as at least one of an artifact list and an artifact image.

Abstract: A method and apparatus for resource locator identifier rewrite have been presented. A security device receives from a resource host over a non-secure hypertext transfer protocol (HTTP) session a response to a request received from a client over a secure HTTP session. The response includes a uniform resource locator (URL) that is supposed to be for a resource host, but the URL does not designate a secure resource access protocol and the resource host requires the secure resource access protocol. The URL is located in the response and modified to designate the secure resource access protocol. After modification, the response is transmitted via the secure resource access protocol session to the client.

Abstract: An indexing database utilizes a non-transitory storage medium. A pattern matching processing unit generates preclassification data for the network data packets utilizing pattern matching analysis. At least one processing unit implements a storage process that receives the network data packets, stores the network data packets in at least one of the slots, and transfers the network data packets to a packet capture repository when slots in a shared memory are full. A preclassification process requests from the pattern matching processing unit the preclassification data. An indexing process determines, based upon the preclassification data, whether to invoke or omit additional analysis of the network data packets, and performs at least one of aggregation, classification, or annotation of the network data packets in the shared memory to maintain one or more indices in the indexing database.

Abstract: HTTP layered reconstruction is disclosed. A database is queried to identify a location of a previously reconstructed HTML artifact file or packet data of a HTML file in a repository that stores packet data captured from a network. The reconstructed HTML file is analyzed. Links to external files are identified and the database is queried to identify a location of previously reconstructed artifact files or packet data of associated external files. The external files are reconstructed, as needed. A web page is then reconstructed based on the reconstructed HTML file and reconstructed external files, presenting a view of the web page as it originally appeared to a user. A user may specify which external file types to include and/or not include. New versions of external files may be obtained and indicated in the reconstructed web page when associated artifact files or packet data are not stored within the repository.

Abstract: An authentication mark-up data of multiple local area networks is disclosed. In one embodiment of a system, the system includes a wide area network, an update device coupled to the wide area network, and any number of gateway devices coupled to the wide area network. Each of the gateway devices is associated with a separate local area network. Each of the plurality of gateway devices automatically provide an authentication page stored in the update device based upon a data provided to the update device. In addition, the authentication page is the same for at least some of the plurality of gateway devices, according to the one embodiment.

Abstract: Methods and a system of capture and regeneration of a network data using a virtual software switch are disclosed. In an embodiment, a method includes capturing a network data using a virtual software switch, a processor, and a memory. The network data is captured to perform a network visibility analysis and the network data is communicated to at least one port of the virtual software switch. The method includes forming a stored network data in a memory. The method also includes regenerating the stored network data to form a reconstructed data.

Abstract: A method is disclosed for providing security to a client-to-client communication. The method includes authenticating a first client and a second client with an access point device, transmitting the packet to the security device and modifying a destination media access control (MAC) address of a packet from the first client to a MAC address of a security device for a first network. The packet contains a destination internet protocol (IP) address of the second client. The access point device and the first and second clients belong to the first network. The security device is located between the first network and a second network.

Abstract: Methods and a system of method and apparatus for real time identification and recording of artifacts are disclosed. In one embodiment, a method of network database maintenance includes designating a network packet data to be stored in one of a packet capture repository and a file system resident database to indicate an artifact type, a protocol type, an application, a user-definable attribute, and a temporal session duration based on a real-time packet inspection. The method includes grouping the designated packet data in a database including packet data having a similar one of the artifact type, the protocol type, the application, the user-definable attribute and the temporal session duration. In addition, the method of network database maintenance includes indexing the database to point to a memory location of the designated packet data grouped in the database in the packet capture repository.

Abstract: Storing and indexing of high-speed network traffic data is disclosed. In one embodiment, a method of network database maintenance includes sequentially recording in real-time packet header and/or packet content attributes derived from network packets captured and stored in one of a packet capture repository and a file system in database units ordered by arrival of the network packet data. In addition, the method includes indexing each database unit to point to a memory location of the network packet data in one of the packet capture repository and the file system. The method also includes computing a hash value on certain input data and creating index bitmaps on each database unit to facilitate grouping of a similar attributes associated with the network packet data recorded in the database units. The resulting data may then be stored in compressed and/or encrypted formats on a file system for efficiency and security.

Abstract: A method and apparatus for resource locator identifier rewrite have been presented. A security device receives from a resource host over a non-secure hypertext transfer protocol (HTTP) session a response to a request received from a client over a secure HTTP session. The response includes a uniform resource locator (URL) that is supposed to be for a resource host, but the URL does not designate a secure resource access protocol and the resource host requires the secure resource access protocol. The URL is located in the response and modified to designate the secure resource access protocol. After modification, the response is transmitted via the secure resource access protocol session to the client.