公开(公告)号：US20200267067A1

公开(公告)日：2020-08-20

申请号：US16802986

申请日：2020-02-27

Applicant: Verint Systems Ltd.

Inventor： Naomi Frid

IPC: H04L12/26 ,  H04L29/14 ,  H04L29/08

Abstract: A packet broker that performs a health-status check of a proxy server while the proxy server processes one or more proxy connections. The packet broker may attempt to exchange a heartbeat signal with the proxy server, and if unsuccessful, the proxy server is assumed to be failing. In such cases, a failover is desirable. Rather than implementing a “hard” failover, in which no further communication packets are directed to the proxy server, a “soft” failover is performed where the packet broker prevents new proxy connections from being processed by the proxy server, but maintains at least one (e.g., all) of the current proxy connections that are being processed by the proxy server.

公开(公告)号：US11212205B2

公开(公告)日：2021-12-28

申请号：US16802986

申请日：2020-02-27

Applicant: Verint Systems Ltd.

Inventor： Naomi Frid

IPC: H04L12/26 ,  H04L29/14 ,  H04L29/08

Abstract: A packet broker that performs a health-status check of a proxy server while the proxy server processes one or more proxy connections. The packet broker may attempt to exchange a heartbeat signal with the proxy server, and if unsuccessful, the proxy server is assumed to be failing. In such cases, a failover is desirable. Rather than implementing a “hard” failover, in which no further communication packets are directed to the proxy server, a “soft” failover is performed where the packet broker prevents new proxy connections from being processed by the proxy server, but maintains at least one (e.g., all) of the current proxy connections that are being processed by the proxy server.

公开(公告)号：US10581709B2

公开(公告)日：2020-03-03

申请号：US15334415

申请日：2016-10-26

Applicant: Verint Systems Ltd.

Inventor： Naomi Frid

IPC: H04L12/26 ,  H04L29/14 ,  H04L29/08

Abstract: A packet broker that performs a health-status check of a proxy server while the proxy server processes one or more proxy connections. The packet broker may attempt to exchange a heartbeat signal with the proxy server, and if unsuccessful, the proxy server is assumed to be failing. In such cases, a failover is desirable. Rather than implementing a “hard” failover, in which no further communication packets are directed to the proxy server, a “soft” failover is performed where the packet broker prevents new proxy connections from being processed by the proxy server, but maintains at least one (e.g., all) of the current proxy connections that are being processed by the proxy server.

公开(公告)号：US20180295035A1

公开(公告)日：2018-10-11

申请号：US15935407

申请日：2018-03-26

Applicant: Verint Systems Ltd.

Inventor： Eithan Goldfarb ,  Yuval Altman ,  Naomi Frid ,  Gur Yaari

IPC: H04L12/26 ,  H04L29/06

CPC classification number: H04L43/026 ,  H04L43/04 ,  H04L63/0227 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/30 ,  H04L63/306

Abstract: Methods and systems for analyzing flows of communication packets. A front-end processor associates input packets with flows and forwards each flow to the appropriate unit, typically by querying a flow table that holds a respective classification for each active flow. In general, flows that are not yet classified are forwarded to the classification unit, and the resulting classification is entered in the flow table. Flows that are classified as requested for further analysis are forwarded to an appropriate flow analysis unit. Flows that are classified as not requested for analysis are not subjected to further processing, e.g., discarded or allowed to pass.

公开(公告)号：US09929920B2

公开(公告)日：2018-03-27

申请号：US14989075

申请日：2016-01-06

Applicant: Verint Systems Ltd.

Inventor： Eithan Goldfarb ,  Yuval Altman ,  Naomi Frid ,  Gur Yaari

IPC: H04L12/26 ,  H04L29/06

CPC classification number: H04L43/026 ,  H04L43/04 ,  H04L63/0227 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/30 ,  H04L63/306

Abstract: Methods and systems for analyzing flows of communication packets. A front-end processor associates input packets with flows and forwards each flow to the appropriate unit, typically by querying a flow table that holds a respective classification for each active flow. In general, flows that are not yet classified are forwarded to the classification unit, and the resulting classification is entered in the flow table. Flows that are classified as requested for further analysis are forwarded to an appropriate flow analysis unit. Flows that are classified as not requested for analysis are not subjected to further processing, e.g., discarded or allowed to pass.

公开(公告)号：US20170331792A1

公开(公告)日：2017-11-16

申请号：US15602477

申请日：2017-05-23

Applicant: Verint Systems Ltd.

Inventor： Naomi Frid

IPC: H04L29/06

CPC classification number: H04L63/0407 ,  H04L63/0281 ,  H04L63/30 ,  H04L63/306

Abstract: Methods and systems for applying surveillance to client computers that communicate via proxy servers. A decoding system accepts communication packets from a communication network. Based on the received packets, the decoding system identifies that a certain client computer conducts a communication session with a target server via a proxy server. The decoding system processes the packets so as to correlate the identity of the client computer with the identity of the target server. The correlated identities may comprise, for example, Internet Protocol (IP) addresses or Uniform Resource Locators (URLs).

公开(公告)号：US10862869B2

公开(公告)日：2020-12-08

申请号：US15602477

申请日：2017-05-23

Applicant: Verint Systems Ltd.

Inventor： Naomi Frid

IPC: H04L29/06

Abstract: Methods and systems for applying surveillance to client computers that communicate via proxy servers. A decoding system accepts communication packets from a communication network. Based on the received packets, the decoding system identifies that a certain client computer conducts a communication session with a target server via a proxy server. The decoding system processes the packets so as to correlate the identity of the client computer with the identity of the target server. The correlated identities may comprise, for example, Internet Protocol (IP) addresses or Uniform Resource Locators (URLs).

公开(公告)号：US09497167B2

公开(公告)日：2016-11-15

申请号：US13953141

申请日：2013-07-29

Applicant: Verint Systems Ltd.

Inventor： Dana Weintraub ,  Naomi Frid

IPC: G06F9/00 ,  G06F15/16 ,  G06F17/00 ,  H04L29/06

CPC classification number: H04L63/0263 ,  H04L63/0236 ,  H04L63/0245

Abstract: Methods and systems for filtering communication packets using a multi-stage filtering system that receives a large volume of communication packets from a communication network that filters the packets in two or more successive stages. The system comprises at least one front-end filtering unit and multiple back-end filtering units. Typically although not necessarily, the front-end filtering unit filters the packets based on layer-2 to layer-4 attributes of the packets. The back-end filtering units, on the other hand, filter the packets based on content extracted from the packet payloads. The back-end filtering units may perform filtering, for example, based on keyword spotting, application classification, malware detection and other content-related criteria. The front-end filtering unit typically performs filtering at the individual packet level and/or at the level of request-response transactions. The back-end filtering units, on the other hand, typically perform filtering at the level of entire reconstructed packet flows.

Abstract translation: 使用多级过滤系统过滤通信分组的方法和系统，该多级过滤系统从在两个或多个连续阶段中过滤分组的通信网络接收大量通信分组。 该系统包括至少一个前端滤波单元和多个后端滤波单元。 通常，虽然不一定，前端过滤单元根据数据包的第2层到第4层属性来过滤数据包。 另一方面，后端过滤单元基于从分组有效载荷提取的内容来过滤分组。 后端过滤单元可以例如基于关键字识别，应用分类，恶意软件检测和其他内容相关标准来执行过滤。 前端过滤单元通常在各个分组级别和/或在请求 - 响应事务级别执行过滤。 另一方面，后端过滤单元通常在整个重建的分组流的级别执行滤波。

公开(公告)号：US20160197796A1

公开(公告)日：2016-07-07

申请号：US14989075

申请日：2016-01-06

Applicant: Verint Systems Ltd.

Inventor： Eithan Goldfarb ,  Yuval Altman ,  Naomi Frid ,  Gur Yaari

IPC: H04L12/26

CPC classification number: H04L43/026 ,  H04L43/04 ,  H04L63/0227 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/30 ,  H04L63/306

Abstract: Methods and systems for analyzing flows of communication packets. A front-end processor associates input packets with flows and forwards each flow to the appropriate unit, typically by querying a flow table that holds a respective classification for each active flow. In general, flows that are not yet classified are forwarded to the classification unit, and the resulting classification is entered in the flow table. Flows that are classified as requested for further analysis are forwarded to an appropriate flow analysis unit. Flows that are classified as not requested for analysis are not subjected to further processing, e.g., discarded or allowed to pass.

Abstract translation: 用于分析通信包流的方法和系统。 前端处理器将输入分组与流相关联，并将每个流转发到适当的单元，通常通过查询为每个活动流保存相应分类的流表。 一般来说，尚未分类的流量被转发到分类单元，并且所得到的分类被输入到流程表中。 被分类为进一步分析的流量被转发到适当的流量分析单元。 分类为不要求进行分析的流量不经过进一步处理，例如丢弃或允许通过。

公开(公告)号：US20210126905A1

公开(公告)日：2021-04-29

申请号：US17094096

申请日：2020-11-10

Applicant: Verint Systems Ltd.

Inventor： Naomi Frid

IPC: H04L29/06

Abstract: Methods and systems for applying surveillance to client computers that communicate via proxy servers. A decoding system accepts communication packets from a communication network. Based on the received packets, the decoding system identifies that a certain client computer conducts a communication session with a target server via a proxy server. The decoding system processes the packets so as to correlate the identity of the client computer with the identity of the target server. The correlated identities may comprise, for example, Internet Protocol (IP) addresses or Uniform Resource Locators (URLs).