公开(公告)号：US20200162514A1

公开(公告)日：2020-05-21

申请号：US16748629

申请日：2020-01-21

Applicant: Palo Alto Networks, Inc.

Inventor： Mitchell Rappard ,  Leonid Burakovsky

IPC: H04L29/06 ,  H04W24/08 ,  H04L29/12

Abstract: Techniques for dynamic per subscriber policy enablement for security platforms within service provider network environments are disclosed. In some embodiments, a system/process/computer program product for dynamic per subscriber policy enablement for security platforms within service provider network environments includes monitoring network traffic on a service provider network at a security platform to identify a subscriber with a new IP flow; associating the subscriber with the new IP flow at the security platform; and determining a security policy to apply at the security platform to the new IP flow based on the subscriber.

公开(公告)号：US10477391B1

公开(公告)日：2019-11-12

申请号：US16368762

申请日：2019-03-28

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky

IPC: H04M1/66 ,  H04M1/68 ,  H04M3/16 ,  H04W12/00 ,  H04W12/10 ,  H04L29/06 ,  H04W12/08 ,  H04W12/12 ,  H04W8/18

Abstract: Techniques for providing service-based security per user location in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for service-based security per user location in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a new session, wherein the service provider network includes a 5G network or a converged 5G network; extracting user location information for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the user location information.

公开(公告)号：US20190253387A1

公开(公告)日：2019-08-15

申请号：US15895944

申请日：2018-02-13

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky

IPC: H04L29/06 ,  H04W12/08

Abstract: Techniques for application layer signaling security with next generation firewall are disclosed. In some embodiments, a system/process/computer program product for application layer signaling security with next generation firewall includes monitoring application layer signaling traffic on a service provider network at a security platform; and filtering the application layer signaling traffic at the security platform based on a security policy.

公开(公告)号：US20250031048A1

公开(公告)日：2025-01-23

申请号：US18225026

申请日：2023-07-21

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky ,  John Edward McDowall ,  Apoorva Jain

IPC: H04W12/37 ,  H04W12/088

Abstract: Techniques for selective intelligent enforcement and/or selective intelligent offloading for mobile networks using a smart network interface card are disclosed. In some embodiments, a system/process/computer program product for selective intelligent enforcement and/or selective intelligent offloading for mobile networks using a smart network interface card includes monitoring network traffic in a core mobile network using a Smart Network Interface Card (NIC) of a network element in the core mobile network to identify a new session that attached to the core mobile network for mobile network communications; extracting meta information associated with the new session using the Smart NIC of the network element in the core mobile network; and applying selective intelligent enforcement and/or selective intelligent offloading using the Smart NIC of the network element if the extracted meta information associated with the new session matches a selective intelligent enforcement policy and/or a selective intelligent offload policy.

公开(公告)号：US20240259428A1

公开(公告)日：2024-08-01

申请号：US18103011

申请日：2023-01-30

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky ,  Srikanth Ramachandran

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/1425

Abstract: Techniques for applying context-based security in mobile networks using an API and a data store are disclosed. In some embodiments, a system/process/computer program product for applying context-based security in mobile networks using an API and a data store includes monitoring network traffic on a mobile network at a security platform to identify a new session; determining user-IP mapping information associated with the new session using an API and a data store; and enforcing a security policy on the new session at the security platform based on the user-IP mapping information to apply context-based security in the mobile network.

公开(公告)号：US11805153B2

公开(公告)日：2023-10-31

申请号：US17244758

申请日：2021-04-29

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky ,  Jesse C. Shu ,  Chang Li

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/029 ,  H04L63/0263 ,  H04L63/107 ,  H04L63/1408 ,  H04L63/1416

Abstract: Techniques for location based security in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. A system/process/computer program product for location based security in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a location for a new session; associating the location with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the location.

公开(公告)号：US11784972B2

公开(公告)日：2023-10-10

申请号：US17669195

申请日：2022-02-10

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky ,  Mingxu Huo ,  Fengliang Hu

IPC: H04L29/06 ,  G06F21/00 ,  H04L9/40 ,  H04W12/08

CPC classification number: H04L63/0236 ,  H04L63/20 ,  H04W12/08

Abstract: Techniques for Diameter security with next generation firewall are disclosed. In some embodiments, a system/process/computer program product for Diameter security with next generation firewall includes monitoring Diameter protocol traffic on a service provider network at a security platform; and filtering the Diameter protocol traffic at the security platform based on a security policy.

公开(公告)号：US20230276228A1

公开(公告)日：2023-08-31

申请号：US17681489

申请日：2022-02-25

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky

IPC: H04W12/00 ,  H04W12/60 ,  H04W24/08

CPC classification number: H04W12/009 ,  H04W12/60 ,  H04W24/08 ,  H04W88/16

Abstract: Techniques for applying context-based security over interfaces in NG-RAN environments in mobile networks are disclosed. In some embodiments, a system/process/computer program product for applying context-based security over interfaces in NG-RAN environments in mobile networks includes monitoring network traffic on a mobile network at a security platform to identify a GTP-U tunnel session setup message associated with a new session; extracting a plurality of parameters from the GTP-U tunnel session setup message and from XnAP traffic to extract contextual information at the security platform; and enforcing a security policy at the security platform on the new session based on one or more of the plurality of parameters to apply context-based security to the network traffic transported between NG-RAN nodes in an NG-RAN environment in the mobile network.

公开(公告)号：US11558427B2

公开(公告)日：2023-01-17

申请号：US17035482

申请日：2020-09-28

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky

IPC: H04L29/06 ,  H04L9/40 ,  H04W12/088 ,  H04W12/73

Abstract: Techniques for access point name and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for access point name (e.g., APN) and application identity (e.g., application identifier) based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify an access point name for a new session; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the access point name and the application identifier.

公开(公告)号：US20220247792A1

公开(公告)日：2022-08-04

申请号：US17720213

申请日：2022-04-13

Applicant: Palo Alto Networks, Inc.

Inventor： Sachin Verma ,  Leonid Burakovsky

IPC: H04L9/40 ,  H04W12/08 ,  H04W24/08 ,  H04W12/121

Abstract: Techniques for providing multi-access edge computing (MEC) services security in mobile networks (e.g., service provider networks for mobile subscribers, such as for 5G networks) by parsing Application Programming Interfaces (APIs) are disclosed. In some embodiments, a system/process/computer program product for MEC services security in mobile networks by parsing APIs in accordance with some embodiments includes monitoring network traffic on a mobile network at a security platform to identify an API message associated with a new session, wherein the mobile network includes a 5G network or a converged 5G network that includes a multi-access edge computing (MEC) service; extracting mobile network identifier information from the API message at the security platform; and determining a security policy to apply at the security platform to the new session based on the mobile network identifier information.