Abstract: A computerized method involves obfuscating one or more segments of data that is part of a flow prior to analysis of the flow for malware. Each of the one or more obfuscated data corresponds to one or more anonymized data. Thereafter, an identifier is generated for each of the one or more anonymized data, and each identifier is substituted for its corresponding anonymized data. The anonymized data and its corresponding identifiers are separately maintained from the stored flow.

Abstract: A computerized method involves obfuscating one or more segments of data that is part of a flow prior to analysis of the flow for malware. Each of the one or more obfuscated data corresponds to one or more anonymized data. Thereafter, an identifier is generated for each of the one or more anonymized data, and each identifier is substituted for its corresponding anonymized data. The anonymized data and its corresponding identifiers are separately maintained from the stored flow.

Abstract: A computerized method involves obfuscating one or more segments of data that is part of a flow prior to analysis of the flow for malware. Each of the one or more obfuscated data corresponds to one or more anonymized data. Thereafter, an identifier is generated for each of the one or more anonymized data, and each identifier is substituted for its corresponding anonymized data. The anonymized data and its corresponding identifiers are separately maintained from the stored flow.

Abstract: A network sensor that features a data store and a packet processing engine. In communication with the data store, the packet processing engine comprises (1) a cache management logic and (2) deduplication logic. The cache management logic is configured to analyze packets to determine whether (a) a packet under analysis include duplicated data and (b) content of the packet is targeted for storage in a same continuous logical storage area as the duplicated data. The deduplication logic, when activated by the cache management logic, is configured to generate a deduplication reference for insertion into the packet prior to storage.

Abstract: A network sensor that features a data store and a packet processing engine. Communicatively coupled to the data store, the packet processing engine is configured to (i) generate a retention priority for at least a first flow within a first storage region of a plurality of storage regions and (ii) identify, in response to an eviction request, the priority of each of the plurality of storage regions. The priority of the first storage region is partially based on the retention priority associated with the first flow while the priority of a second storage region is based on retention priorities associated with flows stored within the second storage region. The packet processing engine also is configured to identify, through use of the retention priorities of the stored flows within the first storage region, which flows are to be retained and which flows are to be evicted.

Abstract: Collaborative and adaptive threat intelligence. Data collected on a first customer network is received. One or more local models are trained with at least the received data, where the one or more local models are related to security. An amount of data to transmit to a centralized controller is determined based at least on a result of the training one or more local models and the determined amount of data is transmitted to the centralized controller. Result data is received from the centralized controller that is a result of one or more global models trained on the centralized controller using data collected on multiple customer networks including the first customer network. The one or more local models are adjusted using the received result data and the one or more adjusted local models are trained.

Abstract: The present disclosure discloses a method and system for achieving enhanced performance for application message handling. The disclosed system includes a device and is configured to receive, at a first processing layer implemented by the device, a message addressed to a first port. The system is further configured to modify the message to be addressed to a second port indicated in a body of the message prior to forwarding the message to a second processing layer implemented by the device. Furthermore, the system is configured to forward, by the first processing layer to the second processing layer, the modified message addressed to the second port.

Abstract: The present disclosure discloses a method and system for achieving enhanced performance for application message handling. The disclosed system includes a device and is configured to receive, at a first processing layer implemented by the device, a message addressed to a first port. The system is further configured to modify the message to be addressed to a second port indicated in a body of the message prior to forwarding the message to a second processing layer implemented by the device. Furthermore, the system is configured to forward, by the first processing layer to the second processing layer, the modified message addressed to the second port.

Abstract: According to one embodiment, a method comprises an operation of determining whether an ingress control message is locally terminated control traffic on a digital device prior to the ingress control message being forwarded to a hardware processor of the digital device for processing. A priority is assigned to the ingress control message based on information within the ingress control message, if the ingress control message is determined to be locally terminated control logic.

Abstract: A computerized method involves obfuscating one or more segments of data that is part of a flow prior to analysis of the flow for malware. Each of the one or more obfuscated data corresponds to one or more anonymized data. Thereafter, an identifier is generated for each of the one or more anonymized data, and each identifier is substituted for its corresponding anonymized data. The anonymized data and its corresponding identifiers are separately maintained from the stored flow.

Abstract: According to one embodiment, a method comprises an operation of determining whether an ingress control message is locally terminated control traffic on a digital device prior to the ingress control message being forwarded to a hardware processor of the digital device for processing. A priority is assigned to the ingress control message based on information within the ingress control message, if the ingress control message is determined to be locally terminated control logic.

Abstract: A network sensor that features a data store and a packet processing engine. Communicatively coupled to the data store, the packet processing engine is configured to (i) generate a retention priority for at least a first flow within a first storage region of a plurality of storage regions and (ii) identify, in response to an eviction request, the priority of each of the plurality of storage regions. The priority of the first storage region is partially based on the retention priority associated with the first flow while the priority of a second storage region is based on retention priorities associated with flows stored within the second storage region. The packet processing engine also is configured to identify, through use of the retention priorities of the stored flows within the first storage region, which flows are to be retained and which flows are to be evicted.

Abstract: A network sensor that features a data store and a packet processing engine. In communication with the data store, the packet processing engine comprises (1) a cache management logic and (2) deduplication logic. The cache management logic is configured to analyze packets to determine whether (a) a packet under analysis include duplicated data and (b) content of the packet is targeted for storage in a same continuous logical storage area as the duplicated data. The deduplication logic, when activated by the cache management logic, is configured to generate a deduplication reference for insertion into the packet prior to storage.

Abstract: Collaborative and adaptive threat intelligence. Data collected on a first customer network is received. One or more local models are trained with at least the received data, where the one or more local models are related to security. An amount of data to transmit to a centralized controller is determined based at least on a result of the training one or more local models and the determined amount of data is transmitted to the centralized controller. Result data is received from the centralized controller that is a result of one or more global models trained on the centralized controller using data collected on multiple customer networks including the first customer network. The one or more local models are adjusted using the received result data and the one or more adjusted local models are trained.

Abstract: According to one embodiment, a method comprises an operation of determining whether an ingress control message is locally terminated control traffic on a digital device prior to the ingress control message being forwarded to a hardware processor of the digital device for processing. A priority is assigned to the ingress control message based on information within the ingress control message, if the ingress control message is determined to be locally terminated control logic.

Abstract: The present disclosure discloses a method and network device for an enhanced serialization mechanism. Specifically, the disclosed system receives a plurality of packets from a plurality of transport layer flows corresponding to a security association. Also, the system designates one processor of a plurality of processors to be associated with the security association. Moreover, the system assigns a sequence number to each packet, and transmits the plurality of packets from the plurality of transport layer flows such that packets within the same transport layer flow are transmitted in order of their sequence numbers. However, at least two packets from two different transport layer flows may be transmitted out of incremental order of their sequence number.

Abstract: The present disclosure discloses a method and network device for achieving enhanced performance with multiple CPU cores in a network device having a symmetric multiprocessing architecture. The disclosed method allows for storing, by each central processing unit (CPU) core, a non-atomic data structure, which is specific to each networking CPU core, in a memory shared by the plurality of CPU cores. Also, the memory is not associated with any locking mechanism. In response to a data packet is received by a particular CPU core, the disclosed system will update a value of the non-atomic data structure corresponding to the particular CPU core. The data structure may be a counter or a fragment table. Further, a dedicated CPU core is allocated to process only data packets received from other CPU cores, and is responsible for dynamically responding to queries receives from a control plane process.

Abstract: According to one embodiment, a method comprises an operation of determining whether an ingress control message is locally terminated control traffic on a digital device prior to the ingress control message being forwarded to a hardware processor of the digital device for processing. A priority is assigned to the ingress control message based on information within the ingress control message, if the ingress control message is determined to be locally terminated control logic.

Abstract: The present disclosure discloses a method and network device for an enhanced serialization mechanism. Specifically, the disclosed system receives a plurality of packets from a plurality of transport layer flows corresponding to a security association. Also, the system designates one processor of a plurality of processors to be associated with the security association. Moreover, the system assigns a sequence number to each packet, and transmits the plurality of packets from the plurality of transport layer flows such that packets within the same transport layer flow are transmitted in order of their sequence numbers. However, at least two packets from two different transport layer flows may be transmitted out of incremental order of their sequence number.

Abstract: The present disclosure discloses a method and system for achieving enhanced performance for application message handling. The disclosed system includes a device and is configured to receive, at a first processing layer implemented by the device, a message addressed to a first port. The system is further configured to modify the message to be addressed to a second port indicated in a body of the message prior to forwarding the message to a second processing layer implemented by the device. Furthermore, the system is configured to forward, by the first processing layer to the second processing layer, the modified message addressed to the second port.