公开(公告)号：US12113777B2

公开(公告)日：2024-10-08

申请号：US18391016

申请日：2023-12-20

Applicant: Real Innovations International LLC

Inventor： Andrew S. Thomas

IPC: H04L9/40

CPC classification number: H04L63/029 ,  H04L63/0218 ,  H04L63/108

Abstract: Methods, systems, and computer products facilitate access to historical data via a real-time tunnel within an architectural framework that encompasses an operational technology (OT) network, a de-militarized zone (DMZ), and an information technology (IT) network. Real-time data is retrieved from a data source using a first connector, which comprises a first tunneller, a first history-writer, and a first history-tunneller. The mechanisms involve interleaving real-time data and historical data over a first tunnel connection, a first firewall, and a second firewall by (a) executing pull replication of the historical data, (b) daisy-chaining the historical data, or (c) a combination of both (a) and (b). Subsequently, the real-time data is written to the first tunneller.

公开(公告)号：US20240314021A1

公开(公告)日：2024-09-19

申请号：US18677426

申请日：2024-05-29

Applicant: Beijing Volcano Engine Technology Co., Ltd.

Inventor： Sai Su

IPC: H04L41/08 ,  H04L9/40 ,  H04L12/46

CPC classification number: H04L41/08 ,  H04L63/0218 ,  H04L63/0272 ,  H04L12/4641

Abstract: The application provides a method, apparatus, electronic device and storage medium for resource operation. When performing a target operation on an elastic network card, according to the elastic network interface, an associated resource having a dependency relationship with the elastic network interface is determined. According to the target operation, a lock parameter for locking the elastic network interface and the associated resource is set. After performing the target operation on the locked elastic network interface, a lock parameter for unlocking the elastic network interface and the associated resource is set. A private network does not need to be locked, but an elastic network card to be operated and an associated resource dependent thereon are locked.

公开(公告)号：US12058102B2

公开(公告)日：2024-08-06

申请号：US16897640

申请日：2020-06-10

Applicant: VMware LLC

Inventor： Zhengsheng Zhou ,  Jianjun Shen ,  Abhishek Raut ,  Yang Liu

IPC: H04L61/50 ,  G06F9/455 ,  G06F9/50 ,  G06F9/54 ,  H04L9/40 ,  H04L12/46 ,  H04L12/66 ,  H04L41/0893 ,  H04L41/18 ,  H04L41/50 ,  H04L41/5041 ,  H04L45/42 ,  H04L45/586 ,  H04L49/00 ,  H04L61/103 ,  H04L67/10 ,  H04L67/1001

CPC classification number: H04L61/50 ,  G06F9/45558 ,  G06F9/5083 ,  G06F9/54 ,  G06F9/547 ,  H04L12/4641 ,  H04L12/66 ,  H04L41/0893 ,  H04L41/18 ,  H04L41/5048 ,  H04L41/5077 ,  H04L45/42 ,  H04L45/586 ,  H04L49/70 ,  H04L61/103 ,  H04L63/0209 ,  H04L63/0218 ,  H04L63/0263 ,  H04L63/0272 ,  H04L63/20 ,  H04L67/10 ,  H04L67/1001 ,  G06F2009/45562 ,  G06F2009/4557 ,  G06F2009/45595 ,  G06F9/5077

Abstract: Some embodiments of the invention provide a method for deploying network elements for a set of machines in a set of one or more datacenters. The datacenter set is part of one availability zone in some embodiments. The method receives intent-based API (Application Programming Interface) requests, and parses these API requests to identify a set of network elements to connect and/or perform services for the set of machines. In some embodiments, the API is a hierarchical document that can specify multiple different compute and/or network elements at different levels of compute and/or network element hierarchy. The method performs automated processes to define a virtual private cloud (VPC) to connect the set of machines to a logical network that segregates the set of machines from other machines in the datacenter set. In some embodiments, the set of machines include virtual machines and containers, the VPC is defined with a supervisor cluster namespace, and the API requests are provided as YAML files.

公开(公告)号：US20240259400A1

公开(公告)日：2024-08-01

申请号：US18423367

申请日：2024-01-26

Applicant: Naveen Kumar SHARMA ,  Apurv BORDIA

Inventor： Naveen Kumar SHARMA ,  Apurv BORDIA ,  Kiran SHARMA ,  Nupur BORDIA ,  Shankar Ganesh Pillaiyar Nattamai Jeyaprakash

IPC: H04L9/40

CPC classification number: H04L63/1416 ,  H04L63/0218

Abstract: Disclosed is a system including a plurality of nodes (102) that includes a first through third sets of nodes (102a-102c). The second set of nodes (102b) detects a type of attack on each node of the first set of nodes (102a), generates a set of attack patterns for the first set of nodes (102b), select one or more attack patterns having a matching score value higher than a pre-defined threshold value, generates a first set of protocols and a second set of protocols. The third set of nodes (102c) checks validity of each protocol of the first set of protocols and the second set of protocols, to generate a set of valid protocols, and distributes the set of valid protocols to each node of the plurality of nodes (102).

公开(公告)号：US12039036B2

公开(公告)日：2024-07-16

申请号：US18194790

申请日：2023-04-03

Applicant: Sophos Limited

Inventor： Richard S. Teal

IPC: G06F21/54 ,  G06F12/0813 ,  G06F21/44 ,  G06F21/50 ,  G06F21/51 ,  G06F21/55 ,  G06F21/57 ,  G06F21/60 ,  H04L9/08 ,  H04L9/32 ,  H04L9/40 ,  H04L43/028 ,  H04L43/045 ,  H04L43/062 ,  H04L47/2475 ,  H04L9/30 ,  H04L43/026 ,  H04L43/10 ,  H04L67/568

CPC classification number: G06F21/54 ,  G06F12/0813 ,  G06F21/44 ,  G06F21/50 ,  G06F21/51 ,  G06F21/55 ,  G06F21/554 ,  G06F21/57 ,  G06F21/602 ,  G06F21/606 ,  H04L9/0891 ,  H04L9/321 ,  H04L9/3247 ,  H04L9/3268 ,  H04L43/028 ,  H04L43/045 ,  H04L43/062 ,  H04L47/2475 ,  H04L63/02 ,  H04L63/0218 ,  H04L63/0227 ,  H04L63/0236 ,  H04L63/0263 ,  H04L63/14 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/168 ,  H04L63/20 ,  H04L63/205 ,  G06F2212/1052 ,  G06F2212/60 ,  G06F2212/62 ,  H04L9/30 ,  H04L43/026 ,  H04L43/10 ,  H04L63/145 ,  H04L67/568

Abstract: A kernel driver on an endpoint uses a process cache to provide a stream of events associated with processes on the endpoint to a data recorder. The process cache can usefully provide related information about processes such as a name, type or path for the process to the data recorder through the kernel driver. Where a tamper protection cache or similarly secured repository is available, this secure information may also be provided to the data recorder for use in threat detection, forensic analysis and so forth.

公开(公告)号：US11966482B2

公开(公告)日：2024-04-23

申请号：US17216825

申请日：2021-03-30

Applicant: Sophos Limited

Inventor： Chris Douglas Kraft

IPC: G06F21/60 ,  G06F12/0813 ,  G06F21/44 ,  G06F21/50 ,  G06F21/51 ,  G06F21/54 ,  G06F21/55 ,  G06F21/57 ,  H04L9/08 ,  H04L9/32 ,  H04L9/40 ,  H04L43/028 ,  H04L43/045 ,  H04L43/062 ,  H04L47/2475 ,  H04L9/30 ,  H04L43/026 ,  H04L43/10 ,  H04L67/568

CPC classification number: G06F21/606 ,  G06F12/0813 ,  G06F21/44 ,  G06F21/50 ,  G06F21/51 ,  G06F21/54 ,  G06F21/55 ,  G06F21/554 ,  G06F21/57 ,  G06F21/602 ,  H04L9/0891 ,  H04L9/321 ,  H04L9/3247 ,  H04L9/3268 ,  H04L43/028 ,  H04L43/045 ,  H04L43/062 ,  H04L47/2475 ,  H04L63/02 ,  H04L63/0218 ,  H04L63/0227 ,  H04L63/0236 ,  H04L63/0263 ,  H04L63/14 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/168 ,  H04L63/20 ,  H04L63/205 ,  G06F2212/1052 ,  G06F2212/60 ,  G06F2212/62 ,  H04L9/30 ,  H04L43/026 ,  H04L43/10 ,  H04L63/145 ,  H04L67/568

Abstract: An enterprise security system is improved by managing network flows based on an application type. When a network message having an unknown application type is received at a gateway, firewall, or other network device/service from an endpoint, the endpoint that originated the network message may be queried for identifying information for the source of the network message and the application type may be determined, or the endpoint may periodically communicate application type information to the network device in a heartbeat or other periodic communication or the like. The network message may be managed along with other network traffic according to the application type.

公开(公告)号：US20240121218A1

公开(公告)日：2024-04-11

申请号：US18391016

申请日：2023-12-20

Applicant: Real Innovations International LLC

Inventor： Andrew S. THOMAS

IPC: H04L9/40

CPC classification number: H04L63/029 ,  H04L63/0218 ,  H04L63/108

Abstract: Methods, systems, and computer products facilitate access to historical data via a real-time tunnel within an architectural framework that encompasses an operational technology (OT) network, a de-militarized zone (DMZ), and an information technology (IT) network. Real-time data is retrieved from a data source using a first connector, which comprises a first tunneller, a first history-writer, and a first history-tunneller. The mechanisms involve interleaving real-time data and historical data over a first tunnel connection, a first firewall, and a second firewall by (a) executing pull replication of the historical data, (b) daisy-chaining the historical data, or (c) a combination of both (a) and (b). Subsequently, the real-time data is written to the first tunneller.

公开(公告)号：US11936619B2

公开(公告)日：2024-03-19

申请号：US17526360

申请日：2021-11-15

Applicant: Sophos Limited

Inventor： Dirk Bolte ,  Sven Schnelle ,  Emanuel Taube ,  Jonas Bernd Freiherr von Andrian-Werburg

IPC: H04L29/06 ,  H04L9/40 ,  H04W12/037 ,  H04W12/06 ,  H04W12/08 ,  H04W12/088 ,  H04W24/08 ,  H04W28/02 ,  H04L9/32 ,  H04W76/10 ,  H04W88/08

CPC classification number: H04L63/02 ,  H04L63/0218 ,  H04L63/18 ,  H04L63/20 ,  H04W12/037 ,  H04W12/06 ,  H04W12/068 ,  H04W12/08 ,  H04W12/088 ,  H04W24/08 ,  H04W28/0252 ,  H04L9/3247 ,  H04L63/0272 ,  H04W76/10 ,  H04W88/08

Abstract: A method includes establishing a wireless link between a wireless interface of an endpoint and a WAP; exchanging, through the wireless link, network traffic associated with execution of an application at the endpoint; executing, at the endpoint, a security routine to monitor a security status of the endpoint; establishing, through the wireless link, a secure channel that shares the wireless link with the network traffic of the application, the secure channel to extend from the security routine to a supervisor through the wireless link and the WAP; conveying, from the security routine and through the secure channel, an indication of the security status; receiving, at the security routine and through the secure channel, a command to change a setting of the wireless interface associated with a characteristic of the wireless link; and accessing, from the security routine, the wireless interface to effect the change in response to receiving the command.

公开(公告)号：US20240039889A1

公开(公告)日：2024-02-01

申请号：US18231139

申请日：2023-08-07

Applicant: Palo Alto Networks, Inc.

Inventor： Yanhui Jia ,  Christian Elihu Navarrete Discua ,  Durgesh Madhavrao Sangvikar ,  Ajaya Neupane ,  Yu Fu ,  Shengming Xu

IPC: H04L9/40

CPC classification number: H04L63/0218

Abstract: Techniques for Cobalt Strike Beacon HTTP C2 heuristic detection are disclosed. In some embodiments, a system/process/computer program product for Cobalt Strike Beacon HTTP C2 heuristic detection includes monitoring HyperText Transfer Protocol (HTTP) network traffic at a firewall; prefiltering the monitored HTTP network traffic at the firewall to select a subset of the HTTP network traffic to forward to a cloud security service; determining whether the subset of the HTTP network traffic is associated with Cobalt Strike Beacon HTTP C2 traffic activity based on a plurality of heuristics; and performing an action in response to detecting the Cobalt Strike Beacon HTTP C2 traffic activity.

公开(公告)号：US11863524B2

公开(公告)日：2024-01-02

申请号：US18046232

申请日：2022-10-13

Applicant: Juniper Networks, Inc.

Inventor： Antony Ruban Alexis ,  Sai Prashanth Ramanathan ,  Ramasubramaniam Ganesan

IPC: H04L9/40 ,  G06F9/455 ,  H04L41/0823 ,  H04L41/08 ,  H04L41/0895

CPC classification number: H04L63/0218 ,  G06F9/45558 ,  H04L41/0823 ,  H04L41/0886 ,  H04L41/0895 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: A device may receive an input associated with deploying a virtual firewall on a computing device. The device may determine a first set of characteristics associated with the virtual firewall and a second set of characteristics associated with a hypervisor associated with the computing device. The device may automatically tune the virtual firewall based on the first set of characteristics and the second set of characteristics. The device may deploy the virtual firewall after tuning the virtual firewall.