Patents by Inventor Matthew Laswell
Matthew Laswell has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11005814Abstract: An example of a computing system is described herein. The computing system includes a plurality of network security devices. The computing system also includes a network switch configured to direct network traffic. The computing system further includes a controller coupled to the network switch. The controller is to instruct the network switch in directing network traffic to the plurality of network security devices.Type: GrantFiled: June 10, 2014Date of Patent: May 11, 2021Assignee: Hewlett Packard Enterprise Development LPInventors: Joseph A. Curcio, Jechun Chiu, Bruce E. Lavigne, Wei Lu, Shaun Wakumoto, Mauricio Sanchez, Matthew Laswell
-
Patent number: 10554691Abstract: A security system for a network maintains security policies that each includes a risk level. The security system maintains groups, with each group being associated with a security policy. Assets of the network are assigned to groups according to the risk assessments of the assets. Security policy associated with a group is enforced against network traffic of an asset when the asset is assigned to the group.Type: GrantFiled: December 22, 2016Date of Patent: February 4, 2020Assignee: Trend Micro IncorporatedInventors: Russell Meyers, Scott Rivers, Matthew Laswell
-
Patent number: 10367830Abstract: Example embodiments disclosed herein relate to perform a security action, (e.g., filtering) based on reputation and a signature match. A reputation is determined of a devices associated with a network packet or network packet stream. It is determined whether a signature matches the network packet or an associated flow of the network packet. The security action is determined based on the reputation and the match.Type: GrantFiled: May 25, 2016Date of Patent: July 30, 2019Assignee: TREND MICRO INCORPORATEDInventors: Matthew Laswell, James Rolette
-
Patent number: 10341295Abstract: According to an example, security and access control may include receiving traffic that is related to an application tier of a plurality of application tiers, and that is to be routed to another application tier or within the application tier. The attributes of the traffic related to the application tier may be analyzed, and based on the analysis, an application related to the traffic and a type of the traffic may be determined. The type of the traffic may be compared to a policy related to the application to determine whether the traffic is valid traffic or invalid traffic. Based on a determination that the traffic is valid traffic, the valid traffic may be forwarded to an intended destination. Further, based on a determination that the traffic is invalid traffic, the invalid traffic may be forwarded to a predetermined destination or blocked.Type: GrantFiled: June 28, 2016Date of Patent: July 2, 2019Assignee: Trend Micro IncorporatedInventors: Matthew Laswell, Wei Lu
-
Patent number: 10341326Abstract: Example embodiments disclosed herein relate to providing network security. A network security device parses an initial handshake or communication to establish an encrypted channel between two endpoints. The network security device validates a certificate chain between the two endpoints and determines a reputation for each of one or more signers of a respective one or more certificates of the certificate chain. The network security device determines a certificate reputation for the certificate chain.Type: GrantFiled: September 2, 2016Date of Patent: July 2, 2019Assignee: Trend Micro IncorporatedInventors: Scott Rivers, Matthew Laswell
-
Patent number: 10275274Abstract: According to an example, configurable workload optimization may include selecting a performance optimized application workload from available performance optimized application workloads. A predetermined combination of removable workload optimized modules may be selected to implement the selected performance optimized application workload. Different combinations of the removable workload optimized modules may be usable to implement different ones of the available performance optimized application workloads. The predetermined combination of the removable workload optimized modules may be managed to implement the selected performance optimized application workload. Data flows directed to the predetermined combination of the removable workload optimized modules may be received.Type: GrantFiled: June 29, 2016Date of Patent: April 30, 2019Assignee: Trend Micro IncorporatedInventors: Stephen G. Low, James Rolette, Edward A. Wartha, Matthew Laswell
-
Patent number: 10243988Abstract: According to an example, configurable network security may include receiving data flows directed to end node modules of a server, and selecting data flows from the received data flows based on an analysis of attributes of the received data flows. The selected data flows may be less than the received data flows. A number of IPS data plane modules of the server that are available for inspection of the selected data flows may be determined. The selected data flows may be distributed between the IPS data plane modules based on the determined number of the IPS data plane modules. The distributed data flows may be inspected using the IPS data plane modules to identify malicious and benign data flows, and to determine whether to drop the malicious data flows, direct the malicious data flows to a predetermined destination, or forward the benign data flows to the end node modules.Type: GrantFiled: October 13, 2016Date of Patent: March 26, 2019Assignee: Trend Micro IncorporatedInventors: Stephen G. Low, James Rolette, Matthew Laswell
-
Publication number: 20170142132Abstract: An example of a computing system is described herein. The computing system includes a network switch configured to direct network traffic. The computing system also includes a network device to receive the network traffic. The computing system further includes a controller coupled to the network switch. The controller is to monitor network traffic in the network switch and generate a policy to instruct the network switch in selecting a portion of the network traffic to direct to the network device.Type: ApplicationFiled: June 10, 2014Publication date: May 18, 2017Inventors: Joseph A. CURCIO, Jechun CHIU, Bruce E. LAVIGNE, Wei LU, Shaun WAKUMOTO, Mauricio SANCHEZ, Matthew LASWELL
-
Publication number: 20170142071Abstract: An example of a computing system is described herein. The computing system includes a plurality of network security devices. The computing system also includes a network switch configured to direct network traffic. The computing system further includes a controller coupled to the network switch. The controller is to instruct the network switch in directing network traffic to the plurality of network security devices.Type: ApplicationFiled: June 10, 2014Publication date: May 18, 2017Inventors: Joseph A. CURCIO, Jechun CHIU, Bruce E. LAVIGNE, Wei LU, Shaun WAKUMOTO, Maurcio SANCHEZ, Matthew LASWELL
-
Publication number: 20170104790Abstract: In one implementation, a risk assessment of an asset is compared to a risk level of a security policy and network traffic associated with the asset is assigned to a group associated with the security policy when the risk assessment achieves the risk level of the security policy.Type: ApplicationFiled: December 22, 2016Publication date: April 13, 2017Applicant: Trend Micro IncorporatedInventors: Russell MEYERS, Scott RIVERS, Matthew LASWELL
-
Publication number: 20170034207Abstract: According to an example, configurable network security may include receiving data flows directed to end node modules of a server, and selecting data flows from the received data flows based on an analysis of attributes of the received data flows. The selected data flows may be less than the received data flows. A number of IPS data plane modules of the server that are available for inspection of the selected data flows may be determined. The selected data flows may be distributed between the IPS data plane modules based on the determined number of the IPS data plane modules. The distributed data flows may be inspected using the IPS data plane modules to identify malicious and benign data flows, and to determine whether to drop the malicious data flows, direct the malicious data flows to a predetermined destination, or forward the benign data flows to the end node modules.Type: ApplicationFiled: October 13, 2016Publication date: February 2, 2017Applicant: Trend Micro IncorporatedInventors: Stephen G. LOW, James ROLETTE, Matthew LASWELL
-
Publication number: 20160373433Abstract: Example embodiments disclosed herein relate to providing network security. A network security device parses an initial handshake or communication to establish an encrypted channel between two endpoints. The network security device validates a certificate chain between the two endpoints and determines a reputation for each of one or more signers of a respective one or more certificates of the certificate chain. The network security device determines a certificate reputation for the certificate chain.Type: ApplicationFiled: September 2, 2016Publication date: December 22, 2016Applicant: Trend Micro IncorporatedInventors: Scott RIVERS, Matthew LASWELL
-
Publication number: 20160308832Abstract: According to an example, security and access control may include receiving traffic that is related to an application tier of a plurality of application tiers, and that is to be routed to another application tier or within the application tier. The attributes of the traffic related to the application tier may be analyzed, and based on the analysis, an application related to the traffic and a type of the traffic may be determined. The type of the traffic may be compared to a policy related to the application to determine whether the traffic is valid traffic or invalid traffic. Based on a determination that the traffic is valid traffic, the valid traffic may be forwarded to an intended destination. Further, based on a determination that the traffic is invalid traffic, the invalid traffic may be forwarded to a predetermined destination or blocked.Type: ApplicationFiled: June 28, 2016Publication date: October 20, 2016Applicant: Trend Micro IncorporatedInventors: Matthew LASWELL, Wei LU
-
Publication number: 20160306653Abstract: According to an example, configurable workload optimization may include selecting a performance optimized application workload from available performance optimized application workloads. A predetermined combination of removable workload optimized modules may be selected to implement the selected performance optimized application workload. Different combinations of the removable workload optimized modules may be usable to implement different ones of the available performance optimized application workloads. The predetermined combination of the removable workload optimized modules may be managed to implement the selected performance optimized application workload. Data flows directed to the predetermined combination of the removable workload optimized modules may be received.Type: ApplicationFiled: June 29, 2016Publication date: October 20, 2016Applicant: Trend Micro IncorporatedInventors: Stephen G. LOW, James ROLETTE, Edward A. WARTHA, Matthew LASWELL
-
Publication number: 20160269430Abstract: Example embodiments disclosed herein relate to perform a security action, (e.g., filtering) based on reputation and a signature match. A reputation is determined of a devices associated with a network packet or network packet stream. It is determined whether a signature matches the network packet or an associated flow of the network packet. The security action is determined based on the reputation and the match.Type: ApplicationFiled: May 25, 2016Publication date: September 15, 2016Applicant: Trend Micro IncorporatedInventors: Matthew LASWELL, James ROLETTE
-
Publication number: 20150213075Abstract: A process may include selecting from among entries in a primary connection table, an entry to be removed from a primary connection table in order to create space for another entry in the primary connection table. The process may further store in a secondary connection table an entry for the connection corresponding to the selected entry.Type: ApplicationFiled: September 10, 2012Publication date: July 30, 2015Inventors: James Collinge, James M. Rolette, Matthew Laswell, Julian Palmer