Abstract: A method for processing network traffic data includes receiving a packet, and determining whether the packet or a session of the packet is associated with a flooding attack. Some embodiments are implemented on network switching devices.

Abstract: A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes receiving a plurality of packets, and determining an existence of a flooding attack without tracking each of the plurality of packets with a SYN bit.

Abstract: A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes receiving a plurality of packets, and determining an existence of a flooding attack without tracking each of the plurality of packets with a SYN bit.

Abstract: A method and apparatus for managing a transfer of data in a data network identifies data associated with a communication session between a first node and a second node in the data network. Further processing of the communication session occurs when a portion of the communication session meets a criterion and the communication session is permitted to continue when the portion of the communication session does not meet the criterion.

Abstract: Visualization for presenting event information indicative of a computer security threat is automatically selected from available visualizations. Event information received from data sources is assigned a category prior to being stored in an event log. The event log may be searched for relevant event information using the assigned categories. Visualizations applicable to the relevant event information are retrieved and given an importance score, which may be based on execution of prioritization algorithms using corresponding relevant event information. The retrieved visualizations are ranked based on their importance scores. One or more retrieved visualizations that have the best importance scores relative to other retrieved visualization are selected for rendering.

Abstract: A method and apparatus for managing a transfer of data in a data network identifies data associated with a communication session between a first node and a second node in the data network. Further processing of the communication session occurs when a portion of the communication session meets a criterion and the communication session is permitted to continue when the portion of the communication session does not meet the criterion.

Abstract: A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes receiving a plurality of packets, and determining an existence of a flooding attack without tracking each of the plurality of packets with a SYN bit.

Abstract: A method for processing network traffic data includes receiving a packet, and determining whether the packet or a session of the packet is associated with a flooding attack. Some embodiments are implemented on network switching devices.

Abstract: Various embodiments illustrated and described herein include systems, methods and software for content type classification. Some such embodiments include determining a potential state of classification for packets associated with a session based at least in part on a packet associated with the session that is a packet other than the first packet of the session.

Abstract: Various embodiments illustrated and described herein include systems, methods and software for content type classification. Some such embodiments include determining a potential state of classification for packets associated with a session based at least in part on a packet associated with the session that is a packet other than the first packet of the session.

Abstract: Various embodiments illustrated and described herein include systems, methods and software for content type classification. Some such embodiments include determining a potential state of classification for packets associated with a session based at least in part on a packet associated with the session that is a packet other than the first packet of the session.

Abstract: A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes receiving a plurality of packets, and determining an existence of a flooding attack without tracking each of the plurality of packets with a SYN bit.

Abstract: Various embodiments illustrated and described herein include systems, methods and software for content type classification. Some such embodiments include determining a potential state of classification for packets associated with a session based at least in part on a packet associated with the session that is a packet other than the first packet of the session.

Abstract: A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes receiving a plurality of packets, and determining an existence of a flooding attack without tracking each of the plurality of packets with a SYN bit.

Abstract: An integrated security switch and related method for managing connectivity and security among networks. The integrated security switch includes a security function connectable with a first network and at least one switching function connectable with a second network. A common management interface driven by both command line interface and graphic user interface protocols manages the switching function via a management path dedicated between the security function and the switching function. The common management interface enables secure switching of traffic to flow via a traffic path dedicated between the switching function and the security function. Typically, the traffic is a flow of data between the Internet and a group of networked users such as a wide area network.

Abstract: An integrated security switch and related method for managing connectivity and security among networks. The integrated security switch includes a security function connectable with a first network and at least one switching function connectable with a second network. A common management interface driven by both command line interface and graphic user interface protocols manages the switching function via a management path dedicated between the security function and the switching function. The common management interface enables secure switching of traffic to flow via a traffic path dedicated between the switching function and the security function. Typically, the traffic is a flow of data between the Internet and a group of networked users such as a wide area network.

Abstract: Various embodiments illustrated and described herein include systems, methods and software for content type classification. Some such embodiments include determining a potential state of classification for packets associated with a session based at least in part on a packet associated with the session that is a packet other than the first packet of the session.

Abstract: Incremental scanning of files for malicious codes. A file may be scanned for malicious codes in a first scanning instance in a client computer using a pattern of malicious code signatures. Thereafter, an update to the pattern for generating an updated pattern is received in the client computer. A delta pattern may be generated based on a difference between the pattern and the updated pattern. In a second scanning instance, the file may be rescanned using the delta pattern.

Abstract: A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes receiving a plurality of packets, and determining an existence of a flooding attack without tracking each of the plurality of packets with a SYN bit.

Abstract: A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes receiving a plurality of packets, and determining an existence of a flooding attack without tracking each of the plurality of packets with a SYN bit.