Patents by Inventor Kelly A. Wanser
Kelly A. Wanser has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10404555Abstract: A method and apparatus of a device that dynamically changes how management data is managed in response to events detected in a network system is described. In an exemplary embodiment, the device detects an event occurring in the network system. The device further determines if the event triggers a system change in how the management data is reported on one or more of the managed nodes. If the event notification does trigger the system change, for each of the one or more of the managed nodes, the device determines a command for that manage node that represents a specific change in how frequent the management data is reported to the network management system. In addition, the device sends the command to that managed node, where the agent applies the command to the managed node and the applied command implements the specific change in how frequent the management data is reported to the network management system.Type: GrantFiled: May 22, 2017Date of Patent: September 3, 2019Assignee: Fortinet, Inc.Inventors: Kelly Wanser, Andreas Markos Antonopoulos
-
Publication number: 20180219757Abstract: Methods and systems for implementing a link layer path latency protocol (LLPLP) to monitor per-hop path latency are provided. According to one embodiment, a LLPLP message of a first type, including multiple hop records corresponding to multiple hops in a unique set of hops derived from all possible paths between a start node and an end node within the private network, is sent to a source node specified by a first hop record of the multiple hop records. Receipt of the LLPLP message by a source node specified in one or more hop records causes the source node to send one or more LLPLP messages of the first type to corresponding destination nodes. Receipt of the LLPLP message by a destination node specified in one or more hop records causes the destination node to calculate and return latency measurements for the appropriate hops via LLPLP messages of a second type.Type: ApplicationFiled: January 30, 2017Publication date: August 2, 2018Applicant: Fortinet, Inc.Inventors: Kelly A. Wanser, Cyrus J. Durgin
-
Patent number: 9948607Abstract: Systems and methods for securing a dynamic virtualized network are provided. According to one embodiment, a network policy of a dynamic virtualized network is received by an SDN controller of the dynamic virtualized network. The network policy includes network policy elements which each identify (i) an authorized endpoint, (ii) a network access device, and (iii) a port of the network access device with which the authorized endpoint is associated. A security policy for the dynamic virtualized network is generated based on the network policy, by, for each network access device, creating a set of appropriate security measures for the network access device. Each security measure specifies how network traffic in the dynamic virtualized network is to be processed by a port of the network access device. Finally, the security policy is applied to each affected network access device.Type: GrantFiled: March 7, 2017Date of Patent: April 17, 2018Assignee: Fortinet, Inc.Inventors: Kelly Wanser, Andreas Markso Antonopoulos
-
Patent number: 9887901Abstract: Systems and methods for securing a dynamic virtualized network are provided. According to one embodiment, a network policy of a dynamic virtualized network is received by an SDN controller of the dynamic virtualized network. The network policy includes network policy elements which each identify (i) an authorized endpoint, (ii) a network access device, and (iii) a port of the network access device with which the authorized endpoint is associated. A test network access device is selected from which test traffic is to be injected into the dynamic virtualized network. The test network access device is caused to inject the test traffic into the dynamic virtualized network. One or more errors in connection with handling of the test traffic by the dynamic virtualized network are identified by comparing a predicted result with the actual result of injection of the test traffic.Type: GrantFiled: March 21, 2017Date of Patent: February 6, 2018Assignee: Fortinet, Inc.Inventors: Kelly Wanser, Andreas Markso Antonopoulos
-
Publication number: 20170264509Abstract: A method and apparatus of a device that dynamically changes how management data is managed in response to events detected in a network system is described. In an exemplary embodiment, the device detects an event occurring in the network system. The device further determines if the event triggers a system change in how the management data is reported on one or more of the managed nodes. If the event notification does trigger the system change, for each of the one or more of the managed nodes, the device determines a command for that manage node that represents a specific change in how frequent the management data is reported to the network management system. In addition, the device sends the command to that managed node, where the agent applies the command to the managed node and the applied command implements the specific change in how frequent the management data is reported to the network management system.Type: ApplicationFiled: May 22, 2017Publication date: September 14, 2017Applicant: Fortinet, Inc.Inventors: Kelly Wanser, Andreas Markos Antonopoulos
-
Patent number: 9729409Abstract: A method and apparatus of a device that dynamically changes how management data is managed in response to events detected in a network system is described. In an exemplary embodiment, the device detects an event occurring in the network system. The device further determines if the event triggers a system change in how the management data is reported on one or more of the managed nodes. If the event notification does trigger the system change, for each of the one or more of the managed nodes, the device determines a command for that manage node that represents a specific change in how frequent the management data is reported to the network management system. In addition, the device sends the command to that managed node, where the agent applies the command to the managed node and the applied command implements the specific change in how frequent the management data is reported to the network management system.Type: GrantFiled: February 26, 2013Date of Patent: August 8, 2017Assignee: Fortinet, Inc.Inventors: Kelly Wanser, Andreas Markos Antonopoulos
-
Publication number: 20170195207Abstract: Systems and methods for securing a dynamic virtualized network are provided. According to one embodiment, a network policy of a dynamic virtualized network is received by an SDN controller of the dynamic virtualized network. The network policy includes network policy elements which each identify (i) an authorized endpoint, (ii) a network access device, and (iii) a port of the network access device with which the authorized endpoint is associated. A test network access device is selected from which test traffic is to be injected into the dynamic virtualized network. The test network access device is caused to inject the test traffic into the dynamic virtualized network. One or more errors in connection with handling of the test traffic by the dynamic virtualized network are identified by comparing a predicted result with the actual result of injection of the test traffic.Type: ApplicationFiled: March 21, 2017Publication date: July 6, 2017Applicant: Fortinet, Inc.Inventors: Kelly Wanser, Andreas Markso Antonopoulos
-
Publication number: 20170180323Abstract: Systems and methods for securing a dynamic virtualized network are provided. According to one embodiment, a network policy of a dynamic virtualized network is received by an SDN controller of the dynamic virtualized network. The network policy includes network policy elements which each identify (i) an authorized endpoint, (ii) a network access device, and (iii) a port of the network access device with which the authorized endpoint is associated. A security policy for the dynamic virtualized network is generated based on the network policy, by, for each network access device, creating a set of appropriate security measures for the network access device. Each security measure specifies how network traffic in the dynamic virtualized network is to be processed by a port of the network access device. Finally, the security policy is applied to each affected network access device.Type: ApplicationFiled: March 7, 2017Publication date: June 22, 2017Applicant: Fortinet, Inc.Inventors: Kelly Wanser, Andreas Markso Antonopoulos
-
Patent number: 9609021Abstract: A method and apparatus that secures a dynamic virtualized network is described. In an exemplary embodiment, a device receives a current network policy of the dynamic virtualized network. In addition, the current network policy includes multiple network policy elements, where each of the multiple network policy elements identifies an authorized endpoint in the dynamic virtualized network. The device further determines a network security policy for the dynamic virtualized network from the current network policy. The network security policy includes one or more second network policy elements that are a different network policy element than one of the multiple network policy elements of the current network policy. In addition, each of the one or more second network policy network elements adds an additional policy on how network traffic is processed in the dynamic virtualized network by a port of one of the plurality of network access devices.Type: GrantFiled: November 26, 2014Date of Patent: March 28, 2017Assignee: FORTINET, INC.Inventors: Kelly Wanser, Andreas Markos Antonopoulos
-
Publication number: 20150089583Abstract: A method and apparatus that secures a dynamic virtualized network is described. In an exemplary embodiment, a device receives a current network policy of the dynamic virtualized network. In addition, the current network policy includes multiple network policy elements, where each of the multiple network policy elements identifies an authorized endpoint in the dynamic virtualized network. The device further determines a network security policy for the dynamic virtualized network from the current network policy. The network security policy includes one or more second network policy elements that are a different network policy element than one of the multiple network policy elements of the current network policy. In addition, each of the one or more second network policy network elements adds an additional policy on how network traffic is processed in the dynamic virtualized network by a port of one of the plurality of network access devices.Type: ApplicationFiled: November 26, 2014Publication date: March 26, 2015Inventors: Kelly Wanser, Andreas Markos Antonopoulos
-
Patent number: 8931046Abstract: A method and apparatus that secures a dynamic virtualized network is described. In an exemplary embodiment, a device learns a current network policy of the dynamic virtualized network, where the dynamic virtualized network is a virtualized layer 2 network that is overlaid on a layer 3 physical network. In addition, the current network policy includes multiple network policy elements, where each of the multiple network policy elements identifies an authorized endpoint in the dynamic virtualized network. Furthermore, the layer 3 physical network includes multiple network access devices. The device further determines a network security policy for the dynamic virtualized network from the current network policy. The network security policy includes one or more second network policy elements that are a different network policy element than one of the multiple network policy elements of the current network policy.Type: GrantFiled: March 15, 2013Date of Patent: January 6, 2015Assignee: Stateless Networks, Inc.Inventors: Kelly Wanser, Andreas Markos Antonopoulos
-
Patent number: 8931047Abstract: A method and apparatus that secures a dynamic virtualized network is described. In an exemplary embodiment, a device learns a current network policy of the dynamic virtualized network, where the dynamic virtualized network is a virtualized layer 2 network that is overlaid on a layer 3 physical network. In addition, the current network policy includes multiple network policy elements, where each of the multiple network policy elements identifies an authorized endpoint in the dynamic virtualized network. Furthermore, the layer 3 physical network includes multiple network access devices. The device further determines a network security policy for the dynamic virtualized network from the current network policy. The network security policy includes one or more second network policy elements that are a different network policy element than one of the multiple network policy elements of the current network policy.Type: GrantFiled: June 6, 2013Date of Patent: January 6, 2015Assignee: Stateless Networks, Inc.Inventors: Kelly Wanser, Andreas Markos Antonopoulos
-
Publication number: 20140337497Abstract: A method and apparatus that determines a plurality of matching policies for a segment of a dynamic virtualized network is described. A device retrieves a virtual network identifier of the segment, where the virtual network identifier includes a plurality of bits and a plurality of subnets and each of the plurality of subnets is a different subset of the plurality of bits. In addition, the dynamic virtualized network is a virtualized layer 2 network that is overlaid on a layer 3 physical network, where the layer 3 physical network includes a plurality of network access devices, and the segment includes a plurality of endpoints. The device further determines the plurality of matching policies for the segment from the plurality of subnets of the virtual network identifier, where each of the plurality of subnets corresponds to one of the plurality of matching policies.Type: ApplicationFiled: March 13, 2014Publication date: November 13, 2014Inventors: Kelly Wanser, Andreas Markos Antonopoulos
-
Publication number: 20140123211Abstract: A method and apparatus that secures a dynamic virtualized network is described. In an exemplary embodiment, a device learns a current network policy of the dynamic virtualized network, where the dynamic virtualized network is a virtualized layer 2 network that is overlaid on a layer 3 physical network. In addition, the current network policy includes multiple network policy elements, where each of the multiple network policy elements identifies an authorized endpoint in the dynamic virtualized network. Furthermore, the layer 3 physical network includes multiple network access devices. The device further determines a network security policy for the dynamic virtualized network from the current network policy. The network security policy includes one or more second network policy elements that are a different network policy element than one of the multiple network policy elements of the current network policy.Type: ApplicationFiled: March 15, 2013Publication date: May 1, 2014Inventors: Kelly Wanser, Andreas Markos Antonopoulos
-
Publication number: 20140123212Abstract: A method and apparatus that secures a dynamic virtualized network is described. In an exemplary embodiment, a device learns a current network policy of the dynamic virtualized network, where the dynamic virtualized network is a virtualized layer 2 network that is overlaid on a layer 3 physical network. In addition, the current network policy includes multiple network policy elements, where each of the multiple network policy elements identifies an authorized endpoint in the dynamic virtualized network. Furthermore, the layer 3 physical network includes multiple network access devices. The device further determines a network security policy for the dynamic virtualized network from the current network policy. The network security policy includes one or more second network policy elements that are a different network policy element than one of the multiple network policy elements of the current network policy.Type: ApplicationFiled: June 6, 2013Publication date: May 1, 2014Inventors: Kelly Wanser, Andreas Markos Antonopoulos
-
Publication number: 20140101301Abstract: A method and apparatus of a device that dynamically changes how management data is managed in response to events detected in a network system is described. In an exemplary embodiment, the device receives an event notification from an agent associated with a managed node. The device further determines if the received event notification triggers a change in how the management data is managed on that manage node. If the event notification does trigger a change, the device determines a command for that manage node that represents that change if how the management data is managed on the managed node. In addition, the device sends the command to the managed, where the agent applies the command to the managed node and the applied command implements the change in how the management data is managed on the managed node.Type: ApplicationFiled: October 4, 2012Publication date: April 10, 2014Applicant: STATELESS NETWORKS, INC.Inventors: Kelly Wanser, Andreas Markos Antonopoulos
-
Publication number: 20140101308Abstract: A method and apparatus of a device that dynamically changes how management data is managed in response to events detected in a network system is described. In an exemplary embodiment, the device detects an event occurring in the network system. The device further determines if the event triggers a system change in how the management data is reported on one or more of the managed nodes. If the event notification does trigger the system change, for each of the one or more of the managed nodes, the device determines a command for that manage node that represents a specific change in how frequent the management data is reported to the network management system. In addition, the device sends the command to that managed node, where the agent applies the command to the managed node and the applied command implements the specific change in how frequent the management data is reported to the network management system.Type: ApplicationFiled: February 26, 2013Publication date: April 10, 2014Inventors: Kelly Wanser, Andreas Markos Antonopoulos
-
Patent number: 8687490Abstract: In a computer network system based on an open system interconnection model, where the computer network system includes at least a network layer (Layer 3) and an application layer (Layer 7), a system and a method for managing electronic message traffic into and out of the computer network system including defining a communication channel between Layer 3 and Layer 7 for exchanging data directly therebetween for use in enhancing flow of the electronic message traffic.Type: GrantFiled: June 16, 2010Date of Patent: April 1, 2014Assignee: Dell Software Inc.Inventors: Scott T. Brown, Kelly A. Wanser, Paul Trout
-
Patent number: 8312093Abstract: A multi-user e-mail messaging system is described that is interfaced through the Internet and includes a first user group sharing a first server, which first server is interfaced to the Internet. In this system, after an e-mail message has been originated by an originating user of the first user group, the e-mail message is directed onto an e-mail enhancement path, and additional content is added to the e-mail message using the e-mail enhancement path to produce an enhanced e-mail message. Thereafter, the enhanced e-mail message from the e-mail enhancement path to the intended recipient. In one feature, the path taken by an incoming e-mail message is different from an outgoing path taken by an e-mail message sent from the first user group. The outgoing path defined to the intended recipient includes the enhancement path.Type: GrantFiled: March 9, 2012Date of Patent: November 13, 2012Inventors: Scott T. Brown, Kelly A. Wanser
-
Patent number: 8285798Abstract: A highly advantageous message policy management system and method are disclosed for managing email message flow with a sender set of policies which recommend actions to be taken by receivers based on characteristics of the email message.Type: GrantFiled: April 13, 2010Date of Patent: October 9, 2012Assignee: Ecert, Inc.Inventors: Kelly Wanser, Eve Phillips