Abstract: One embodiment relates to a network gateway apparatus configured for high-performance network content processing. The apparatus includes data storage configured to store computer-readable code and data, and a processor configured to execute computer-readable code and to access said data storage. Computer-readable code implements a plurality of packet processors, each packet processor being configured with different processing logic. Computer-readable code further implements a packet handler which is configured to send incoming packets in parallel to the plurality of packet processors. Another embodiment relates to a method for high-performance network content processing. Other embodiments, aspects and features are also disclosed.

Abstract: Various embodiments illustrated and described herein include systems, methods and software for content type classification. Some such embodiments include determining a potential state of classification for packets associated with a session based at least in part on a packet associated with the session that is a packet other than the first packet of the session.

Abstract: A method for determining a type of content includes receiving a first packet, determining a state of classification for the first packet or for a session with which the first packet is associated, receiving a second packet, and determining a content type for the second packet based at least in part on the determined state. A method for determining a type of content includes receiving a packet associated with a session, determining whether a content type has been determined for the session or for an other packet associated with the session, and classifying the packet to be the content type based at least in part on a result from the act of determining. A method for determining a type of content includes receiving a first packet from a first port, the first port adapted for receiving at least two types of content, and determining a content type for the first packet or for a session with which the first packet is associated.

Abstract: A method and apparatus for managing a transfer of data in a data network identifies data associated with a communication session between a first node and a second node in the data network. Further processing of the communication session occurs when a portion of the communication session meets a criterion and the communication session is permitted to continue when the portion of the communication session does not meet the criterion.

Abstract: A client computer may be configured to perform computer security operations in conjunction with a remotely located security server. Upon detection of a computer security event, such as reception of a file, the client computer may generate a query input and determine if the query input has corresponding security information in the security server. When the query input has corresponding security information, the client computer may forward the query input to the security server. In response, the security server may retrieve the security information using the query input and provide the security information to the client computer. As a particular example, the security event may be reception of a file in the client computer and the security information may indicate whether or not the file is infected with a computer virus.

Abstract: A method and apparatus for managing a transfer of data in a data network identifies data associated with a communication session between a first node and a second node in the data network. Further processing of the communication session occurs when a portion of the communication session meets a criterion and the communication session is permitted to continue when the portion of the communication session does not meet the criterion.

Abstract: A method and apparatus for managing a transfer of data in a data network identifies data associated with a communication session between a first node and a second node in the data network. Further processing of the communication session occurs when a portion of the communication session meets a criterion and the communication session is permitted to continue when the portion of the communication session does not meet the criterion.

Abstract: A method of processing electronic data includes receiving electronic data, and scanning at least a portion of the electronic data against a first signature, wherein the first signature is not data-type dependent. A method of processing electronic data includes receiving electronic data to be scanned, identifying a portion of the electronic data, wherein the portion is represented as an object, and assigning one or more procedures to scan the portion based at least in part on the object. A system for processing electronic data includes an input for receiving electronic data, a processor configured for identifying one or more portions of the electronic data, each of the one or more portions represented as a typed object, and a buffer configured to store data associated with no more than one object at a time.

Abstract: A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes receiving a plurality of packets, and determining an existence of a flooding attack without tracking each of the plurality of packets with a SYN bit.

Abstract: A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes receiving a plurality of packets, and determining an existence of a flooding attack without tracking each of the plurality of packets with a SYN bit.

Abstract: An integrated security switch and related method for managing connectivity and security among networks. The integrated security switch includes a security function connectable with a first network and at least one switching function connectable with a second network. A common management interface driven by both command line interface and graphic user interface protocols manages the switching function via a management path dedicated between the security function and the switching function. The common management interface enables secure switching of traffic to flow via a traffic path dedicated between the switching function and the security function. Typically, the traffic is a flow of data between the Internet and a group of networked users such as a wide area network.

Abstract: A method for determining a type of content includes receiving a first packet, determining a state of classification for the first packet or for a session with which the first packet is associated, receiving a second packet, and determining a content type for the second packet based at least in part on the determined state. A method for determining a type of content includes receiving a packet associated with a session, determining whether a content type has been determined for the session or for an other packet associated with the session, and classifying the packet to be the content type based at least in part on a result from the act of determining. A method for determining a type of content includes receiving a first packet from a first port, the first port adapted for receiving at least two types of content, and determining a content type for the first packet or for a session with which the first packet is associated.

Abstract: A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes receiving a plurality of packets, and determining an existence of a flooding attack without tracking each of the plurality of packets with a SYN bit.

Abstract: An integrated security switch and related method for managing connectivity and security among networks. The integrated security switch includes a security function connectable with a first network and at least one switching function connectable with a second network. A common management interface driven by both command line interface and graphic user interface protocols manages the switching function via a management path dedicated between the security function and the switching function. The common management interface enables secure switching of traffic to flow via a traffic path dedicated between the switching function and the security function. Typically, the traffic is a flow of data between the Internet and a group of networked users such as a wide area network.

Abstract: A method for determining a type of content includes receiving a first packet, determining a state of classification for the first packet or for a session with which the first packet is associated, receiving a second packet, and determining a content type for the second packet based at least in part on the determined state. A method for determining a type of content includes receiving a packet associated with a session, determining whether a content type has been determined for the session or for an other packet associated with the session, and classifying the packet to be the content type based at least in part on a result from the act of determining. A method for determining a type of content includes receiving a first packet from a first port, the first port adapted for receiving at least two types of content, and determining a content type for the first packet or for a session with which the first packet is associated.

Abstract: A method for determining a type of content includes receiving a first packet, determining a state of classification for the first packet or for a session with which the first packet is associated, receiving a second packet, and determining a content type for the second packet based at least in part on the determined state. A method for determining a type of content includes receiving a packet associated with a session, determining whether a content type has been determined for the session or for an other packet associated with the session, and classifying the packet to be the content type based at least in part on a result from the act of determining. A method for determining a type of content includes receiving a first packet from a first port, the first port adapted for receiving at least two types of content, and determining a content type for the first packet or for a session with which the first packet is associated.

Abstract: An integrated security switch and related method for managing connectivity and security among networks. The integrated security switch includes a security function connectable with a first network and at least one switching function connectable with a second network. A common management interface driven by both command line interface and graphic user interface protocols manages the switching function via a management path dedicated between the security function and the switching function. The common management interface enables secure switching of traffic to flow via a traffic path dedicated between the switching function and the security function. Typically, the traffic is a flow of data between the Internet and a group of networked users such as a wide area network.

Abstract: A method and apparatus for managing a transfer of data in a data network identifies data associated with a communication session between a first node and a second node in the data network. Further processing of the communication session occurs when a portion of the communication session meets a criterion and the communication session is permitted to continue when the portion of the communication session does not meet the criterion.

Abstract: A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes receiving a plurality of packets, and determining an existence of a flooding attack without tracking each of the plurality of packets with a SYN bit.

Abstract: A method of processing electronic data includes receiving electronic data, and scanning at least a portion of the electronic data against a first signature, wherein the first signature is not data-type dependent. A method of processing electronic data includes receiving electronic data to be scanned, identifying a portion of the electronic data, wherein the portion is represented as an object, and assigning one or more procedures to scan the portion based at least in part on the object. A system for processing electronic data includes an input for receiving electronic data, a processor configured for identifying one or more portions of the electronic data, each of the one or more portions represented as a typed object, and a buffer configured to store data associated with no more than one object at a time.