公开(公告)号：US20240356896A1

公开(公告)日：2024-10-24

申请号：US18755276

申请日：2024-06-26

Applicant: Level 3 Communications, LLC

Inventor： Christopher Smith ,  Michael Benjamin ,  Peter Brecl

IPC: H04L9/40

CPC classification number: H04L63/0236 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1441

Abstract: Examples of the present disclosure describe systems and methods for providing enhanced security in edge computing environments. A first aspect describes a method for moving security features dynamically applied to an application at a first deployment location to an application at a second deployment location. A second aspect describes a method for locally expanding/contracting an instance of a deployed application. A third aspect describes a method for redirected network traffic associated with detected malicious conduct from a first application deployment environment to a secured second application deployment environment. A fourth aspect describes a method for performing multi-stage network traffic filtering.

公开(公告)号：US20240388567A1

公开(公告)日：2024-11-21

申请号：US18786460

申请日：2024-07-27

Applicant: Level 3 Communications, LLC

Inventor： Peter Brecl ,  Steven Casey ,  Kevin M. McBride

IPC: H04L9/40 ,  H04L12/46 ,  H04L41/14 ,  H04L43/0876 ,  H04L45/74 ,  H04L61/4511 ,  H04L61/5007 ,  H04L67/10

Abstract: Implementations include providing security services to workloads deployed across various types of network environments, such as public networks, private networks, hybrid networks, customer premise network environments, and the like, by redirecting traffic intended for the service device through a security environment of the first network. After application of the security features to the incoming traffic, the “clean” traffic may be transmitted to the service device instantiated on the separate network via a tunnel. Redirection of incoming traffic to the security-providing first network may include correlating a network address of the service device to a reserved network address of a block of reserved addresses and updating a Domain Name Server (DNS) or other address resolving system with the reserved address. The return transmission tunnel may be established between the security environment and the network address of the service device.

公开(公告)号：US12081517B2

公开(公告)日：2024-09-03

申请号：US17524982

申请日：2021-11-12

Applicant: Level 3 Communications, LLC

Inventor： Peter Brecl ,  Steven Casey ,  Kevin M. McBride

IPC: H04L45/00 ,  H04L9/40 ,  H04L12/46 ,  H04L41/14 ,  H04L43/0876 ,  H04L45/74 ,  H04L61/4511 ,  H04L67/10 ,  H04L61/5007

CPC classification number: H04L63/0209 ,  H04L12/4633 ,  H04L41/145 ,  H04L43/0876 ,  H04L45/74 ,  H04L61/4511 ,  H04L63/1416 ,  H04L67/10 ,  H04L61/5007

Abstract: Implementations include providing security services to workloads deployed across various types of network environments, such as public networks, private networks, hybrid networks, customer premise network environments, and the like, by redirecting traffic intended for the service device through a security environment of the first network. After application of the security features to the incoming traffic, the “clean” traffic may be transmitted to the service device instantiated on the separate network via a tunnel. Redirection of incoming traffic to the security-providing first network may include correlating a network address of the service device to a reserved network address of a block of reserved addresses and updating a Domain Name Server (DNS) or other address resolving system with the reserved address. The return transmission tunnel may be established between the security environment and the network address of the service device.

公开(公告)号：US12034698B2

公开(公告)日：2024-07-09

申请号：US17564927

申请日：2021-12-29

Applicant: Level 3 Communications, LLC

Inventor： Christopher Smith ,  Michael Benjamin ,  Peter Brecl

IPC: H04L9/40

CPC classification number: H04L63/0236 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1441

Abstract: Examples of the present disclosure describe systems and methods for providing enhanced security in edge computing environments. A first aspect describes a method for moving security features dynamically applied to an application at a first deployment location to an application at a second deployment location. A second aspect describes a method for locally expanding/contracting an instance of a deployed application. A third aspect describes a method for redirected network traffic associated with detected malicious conduct from a first application deployment environment to a secured second application deployment environment. A fourth aspect describes a method for performing multi-stage network traffic filtering.

公开(公告)号：US20240340318A1

公开(公告)日：2024-10-10

申请号：US18742372

申请日：2024-06-13

Applicant: Level 3 Communications, LLC

Inventor： David Dubois ,  Michael Benjamin ,  Mark Dehus ,  Peter Brecl

IPC: H04L9/40 ,  G08B21/18

CPC classification number: H04L63/20 ,  G08B21/18 ,  H04L63/0263 ,  H04L63/102 ,  H04L63/1416 ,  H04L63/1433

Abstract: Aspects of the present disclosure involve utilizing network threat information to manage one or more security devices or policies of a communication network. The security system may receive threat intelligence data or information associated with potential threats to a communications network and process the threat intelligence data to determine one or more configurations to apply to security devices of a network. The system may then generate a rule or action to respond to the identified attack, such as a firewall rule for a firewall device to block traffic from the source of the attack. The threat intelligence information may include a confidence score indicating a calculated confidence in the identification of the malicious communications, which may be utilized by the system to determine the type of action taken on the security devices of the network in response to the information or data.

公开(公告)号：US20240259433A1

公开(公告)日：2024-08-01

申请号：US18539640

申请日：2023-12-14

Applicant: Level 3 Communications, LLC

Inventor： Peter Brecl

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/0263 ,  H04L63/0815

Abstract: Novel tools and techniques are provided for implementing management of edge network protection service. In various embodiments, a computing system may receive a request from a customer to manage edge network protection services for at least one Internet circuit. Based on a determination that the customer has been provisioned one or more circuits that are capable of implementing edge network protection services, the computing system may present, or cause to be presented, options to select a circuit, from among the one or more circuits, for which edge network protection service should be provisioned or managed. When a selection of a first circuit is received from the customer, the computing system may automatically cause the selected first circuit to be configured to provision a new service instance of the edge network protection service or reconfigured to modify an existing service instance of the edge network protection service.

公开(公告)号：US20190058729A1

公开(公告)日：2019-02-21

申请号：US15998457

申请日：2018-08-15

Applicant: Level 3 Communications, LLC

Inventor： Peter Brecl

IPC: H04L29/06

Abstract: Implementations described and claimed herein provide systems and methods for mitigating network threats. In one implementation, a provider edge device of a telecommunications network is configured to accept distributed denial of service mitigation rule propagation from a customer edge device of a customer network in communication with the provider edge device. A distributed denial of service mitigation rule for the customer network is received at the provider edge device from the customer edge device. The distributed denial of service mitigation rule includes one or more routing parameters and a mitigation action. The distributed denial of service mitigation rule is implemented locally on the provider edge device of the telecommunications network. A broadcasting of the distributed denial of service mitigation rule in the telecommunications network is prevented beyond the provider edge device.

公开(公告)号：US12015644B2

公开(公告)日：2024-06-18

申请号：US16845799

申请日：2020-04-10

Applicant: Level 3 Communications, LLC

Inventor： David Dubois ,  Michael Benjamin ,  Mark Dehus ,  Peter Brecl

IPC: H04L9/40 ,  G08B21/18

CPC classification number: H04L63/20 ,  G08B21/18 ,  H04L63/0263 ,  H04L63/102 ,  H04L63/1416 ,  H04L63/1433

Abstract: Aspects of the present disclosure involve utilizing network threat information to manage one or more security devices or policies of a communication network. The security system may receive threat intelligence data or information associated with potential threats to a communications network and process the threat intelligence data to determine one or more configurations to apply to security devices of a network. The system may then generate a rule or action to respond to the identified attack, such as a firewall rule for a firewall device to block traffic from the source of the attack. The threat intelligence information may include a confidence score indicating a calculated confidence in the identification of the malicious communications, which may be utilized by the system to determine the type of action taken on the security devices of the network in response to the information or data.

公开(公告)号：US20230396584A1

公开(公告)日：2023-12-07

申请号：US18327953

申请日：2023-06-02

Applicant: Level 3 Communications, LLC

Inventor： Peter Brecl ,  David Sanford

IPC: H04L9/40 ,  H04L61/4511

CPC classification number: H04L63/0236 ,  H04L61/4511 ,  H04L63/101

Abstract: The present application describes systems and methods for automatically provisioning a domain name system (DNS) firewall service for an Internet circuit. In examples, customer premises equipment and a DNS firewall system are automatically configured to work with the Internet circuit without requiring technical knowledge or intervention by a customer.

公开(公告)号：US20220210124A1

公开(公告)日：2022-06-30

申请号：US17564927

申请日：2021-12-29

Applicant: Level 3 Communications, LLC

Inventor： Christopher Smith ,  Michael Benjamin ,  Peter Brecl

IPC: H04L9/40

Abstract: Examples of the present disclosure describe systems and methods for providing enhanced security in edge computing environments. A first aspect describes a method for moving security features dynamically applied to an application at a first deployment location to an application at a second deployment location. A second aspect describes a method for locally expanding/contracting an instance of a deployed application. A third aspect describes a method for redirected network traffic associated with detected malicious conduct from a first application deployment environment to a secured second application deployment environment. A fourth aspect describes a method for performing multi-stage network traffic filtering.