公开(公告)号：US10091235B1

公开(公告)日：2018-10-02

申请号：US15175568

申请日：2016-06-07

Applicant: Juniper Networks, Inc.

Inventor： Deepak Kushwaha ,  Mohit Joshi ,  Puneet Tutliani

IPC: H04L29/06 ,  H04L12/58

Abstract: The disclosed computer-implemented method may include (1) detecting a request from a computing device of a member of an organization in connection with a communication session between the computing device and at least one additional computing device, (2) identifying, within the request, a URL that the computing device is attempting to access, (3) computing a unique identifier that represents the URL, (4) comparing the unique identifier against a database that includes unique identifiers that represent URLs embedded in emails received by members of the organization, (5) determining, based at least in part on the comparison, that the URL was included in an email received by the member of the organization, and then in response, (6) elevating a threat level of the communication session between the computing device and the additional computing device. Various other methods, systems, and apparatuses are also disclosed.

公开(公告)号：US11516136B2

公开(公告)日：2022-11-29

申请号：US17132171

申请日：2020-12-23

Applicant: Juniper Networks, Inc.

Inventor： Vijay Anand Karuppiah ,  Mohit Joshi ,  Suresh Vishwanathan ,  Sankar Ramamoorthi

IPC: H04L47/22 ,  H04L47/2483 ,  H04L45/50

Abstract: A first network device may receive first traffic of a session that involves a service. The first network device may identify that the service is configured for distributed node processing. The first network device may identify a second network device that is configured for distributed node processing. The first network device may identify a state machine that is associated with the service. The first network device may determine, based on the state machine, a first function and a second function, wherein the first function is identified by a first label and the second function is identified by a second label. The first network device may process the first traffic based on the first function. The first network device may provide, to the second network device, the first traffic and the second label to permit the second network device to process second traffic in association with the second function.

公开(公告)号：US11115391B2

公开(公告)日：2021-09-07

申请号：US16668807

申请日：2019-10-30

Applicant: Juniper Networks, Inc.

Inventor： Avinash Kumar Singh ,  Sachin Mutalik Desai ,  Vaibhav Agarwal ,  Mohit Joshi

IPC: H04L29/06 ,  G06F9/455 ,  H04L12/813

Abstract: A device may receive a packet from a first endpoint that is destined for a second endpoint. The first endpoint may be hosted on the device. The device may determine whether a secure session exists between the first endpoint and the second endpoint. The secure session may permit encrypted traffic to be exchanged between the first endpoint and the second endpoint. The device may process the packet using a set of rules after determining whether the secure session exists between the first endpoint and the second endpoint. The device may encrypt the packet using security information associated with the secure session after determining that the secure session exists, or establishing the secure session when the secure session does not exist. The device may provide the packet toward the second endpoint after encrypting the packet.

公开(公告)号：US11818051B2

公开(公告)日：2023-11-14

申请号：US18050188

申请日：2022-10-27

Applicant: Juniper Networks, Inc.

Inventor： Vijay Anand Karuppiah ,  Mohit Joshi ,  Suresh Vishwanathan ,  Sankar Ramamoorthi

IPC: H04L47/22 ,  H04L47/2483 ,  H04L45/50

CPC classification number: H04L47/22 ,  H04L45/50 ,  H04L47/2483

Abstract: A first network device may receive first traffic of a session that involves a service. The first network device may identify that the service is configured for distributed node processing. The first network device may identify a second network device that is configured for distributed node processing. The first network device may identify a state machine that is associated with the service. The first network device may determine, based on the state machine, a first function and a second function, wherein the first function is identified by a first label and the second function is identified by a second label. The first network device may process the first traffic based on the first function. The first network device may provide, to the second network device, the first traffic and the second label to permit the second network device to process second traffic in association with the second function.

公开(公告)号：US10469461B1

公开(公告)日：2019-11-05

申请号：US15730356

申请日：2017-10-11

Applicant: Juniper Networks, Inc.

Inventor： Avinash Kumar Singh ,  Sachin Mutalik Desai ,  Vaibhav Agarwal ,  Mohit Joshi

IPC: H04L29/06 ,  G06F9/455 ,  H04L12/813

Abstract: A device may receive a packet from a first endpoint that is destined for a second endpoint. The first endpoint may be hosted on the device. The device may determine whether a secure session exists between the first endpoint and the second endpoint. The secure session may permit encrypted traffic to be exchanged between the first endpoint and the second endpoint. The device may process the packet using a set of rules after determining whether the secure session exists between the first endpoint and the second endpoint. The device may encrypt the packet using security information associated with the secure session after determining that the secure session exists, or establishing the secure session when the secure session does not exist. The device may provide the packet toward the second endpoint after encrypting the packet.

公开(公告)号：US10298606B2

公开(公告)日：2019-05-21

申请号：US15400922

申请日：2017-01-06

Applicant: Juniper Networks, Inc.

Inventor： Deepak Kushwaha ,  Mohit Joshi ,  Puneet Tutliani

IPC: G06F21/56 ,  H04L29/06

Abstract: The disclosed apparatus may include a physical processing that (1) receives, at a network device, a packet that is destined for a computing device within a network, (2) performs pattern matching on the packet by (A) comparing at least a portion of the packet with a set of signatures that facilitate pattern matching in connection with network traffic and (B) determining, based at least in part on the comparison, that the portion of the packet matches at least one of the signatures, (3) parses, after performing the pattern matching, at least the portion of the packet to determine whether the packet is malicious based at least in part on the portion of the packet, and then (4) upon determining that the portion of the packet is malicious, performs at least one security action in connection with the packet. Various other apparatuses, systems, and methods are also disclosed.

公开(公告)号：US20180198809A1

公开(公告)日：2018-07-12

申请号：US15400922

申请日：2017-01-06

Applicant: Juniper Networks, Inc.

Inventor： Deepak Kushwaha ,  Mohit Joshi ,  Puneet Tutliani

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  G06F21/564 ,  H04L63/0227 ,  H04L63/1416 ,  H04L63/145

Abstract: The disclosed apparatus may include a physical processing that (1) receives, at a network device, a packet that is destined for a computing device within a network, (2) performs pattern matching on the packet by (A) comparing at least a portion of the packet with a set of signatures that facilitate pattern matching in connection with network traffic and (B) determining, based at least in part on the comparison, that the portion of the packet matches at least one of the signatures, (3) parses, after performing the pattern matching, at least the portion of the packet to determine whether the packet is malicious based at least in part on the portion of the packet, and then (4) upon determining that the portion of the packet is malicious, performs at least one security action in connection with the packet. Various other apparatuses, systems, and methods are also disclosed.