公开(公告)号：US10334039B2

公开(公告)日：2019-06-25

申请号：US15234766

申请日：2016-08-11

Applicant: Symantec Corporation

Inventor： Qing Li ,  Min Hao Chen ,  Haibiao Fan ,  Wenjing Wang ,  Chris Ciborowski

IPC: H04L29/08 ,  H04L12/725 ,  H04L12/927 ,  H04L12/26 ,  H04L12/851 ,  H04L12/715

Abstract: In certain embodiments, a method comprises forming a cluster of peered network devices comprising a plurality of three or more peered network devices and a plurality of control information connections between pairs of the peered network devices. The method further comprises classifying a connection by associating the connection with an application, wherein a first peered network device associated with the cluster classifies the connection based at least in part on sequential payload packets associated with the connection, at least some of which the first device receives from other peered network devices associated with the cluster. The method also comprises sending control information over one of the control information connections between the first peered network device and a second peered network device associated with the cluster, wherein the control information comprises information regarding the classification of the connection.

公开(公告)号：US20170078249A1

公开(公告)日：2017-03-16

申请号：US15359123

申请日：2016-11-22

Applicant: Symantec Corporation

Inventor： Qing Li ,  Ronald A. Frederick ,  Thomas A. Clare

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/0218 ,  H04L63/0245 ,  H04L63/0263 ,  H04L63/0281 ,  H04L63/1425 ,  H04L63/145 ,  H04L67/327

Abstract: A security gateway appliance is configured to evaluate network traffic according to security rules that classify traffic flows according to specifically identified application programs responsible for producing and/or consuming the network traffic and to enforce policies in accordance with network traffic classifications. The appliance includes an on-box anti-virus/anti-malware engine, on-box data loss prevention engine and on-box authentication engine. One or more of these engines is informed by an on-box dynamic real tie rating system that allows for determined levels of scrutiny to be paid to the network traffic. Security gateways of this type can be clustered together to provide a set of resources for one or more networks, and in some instances as the backbone of a cloud-based service.

Abstract translation: 安全网关设备被配置为根据根据专门识别的负责生成和/或消耗网络流量的应用程序对业务流进行分类的安全规则来评估网络流量，并根据网络流量分类来执行策略。 该设备包括一个箱内防病毒/反恶意软件引擎，即插即用数据丢失防护引擎和开箱验证引擎。 这些引擎中的一个或多个通过一个盒内动态真实连接分级系统通知，该系统允许将确定的审查级别支付给网络流量。 这种类型的安全网关可以集群在一起，为一个或多个网络提供一组资源，在某些情况下作为基于云服务的骨干网。

公开(公告)号：US11316901B1

公开(公告)日：2022-04-26

申请号：US16538788

申请日：2019-08-12

Applicant: Symantec Corporation

Inventor： Qing Li ,  Samir Kapuria ,  Wenjing Wang ,  Howard Chen

IPC: H04L29/06 ,  G06F21/53

Abstract: The disclosed computer-implemented method for protecting users may include (i) intercepting, through a cloud-based security proxy service, network traffic originating from a mobile application at a mobile device connected to a local area network protected by the cloud-based security proxy service, (ii) detecting, by the cloud-based security proxy service, a threat indicator indicated by the mobile application, and (iii) modifying the network traffic originating from the mobile application at the mobile device by applying, by the cloud-based security proxy service based on detecting the threat indicator indicated by the mobile application, a security policy to protect the local area network from a candidate threat corresponding to the threat indicator. Various other methods, systems, and computer-readable media are also disclosed.

公开(公告)号：US10958666B1

公开(公告)日：2021-03-23

申请号：US15468391

申请日：2017-03-24

Applicant: Symantec Corporation

Inventor： Brian Witten ,  Qing Li ,  Ronald Frederick ,  Roelof Du Toit ,  Susanta Nanda ,  Saurabh Shintre ,  Darren Shou

IPC: H04L29/06 ,  H04L9/32 ,  H04L12/26

Abstract: The disclosed computer-implemented method for verifying connection integrity may include (i) receiving a request from a client to initiate a connection to a server via a middlebox, (ii) receiving, from the client, via a side protocol executing in parallel with a transport layer security protocol, a request for a certificate for the middlebox, (iii) sending, to the client, via the side protocol, the certificate, (iv) receiving, from the client, via the side protocol, a request for an additional certificate from a device upstream of the middlebox, (v) requesting, from the device upstream of the middlebox, via the side protocol, the additional certificate, (vi) receiving, from the device upstream of the middlebox, via the side protocol, the additional certificate, (vii) sending, to the client, via the side protocol, the additional certificate, and (viii) relaying data via the connection. Various other methods, systems, and computer-readable media are also disclosed.

公开(公告)号：US10708770B1

公开(公告)日：2020-07-07

申请号：US16538763

申请日：2019-08-12

Applicant: Symantec Corporation

Inventor： Qing Li ,  Samir Kapuria

IPC: H04W12/02 ,  H04M1/725 ,  H04L29/06 ,  H04W12/00 ,  H04L29/08

Abstract: The disclosed computer-implemented method for protecting users may include (i) displaying, through a graphical user interface for a third-party security application executing within an operating system environment, a button for a user to select, (ii) displaying, through the graphical user interface, a prompt that prompts the user to select the button in order to receive a reward, (iii) configuring the graphical user interface such that selecting the button triggers both a conspicuous response that provides access to the reward and a more hidden response that initiates application of a security service to protect the user, and (iv) performing, based on receiving a selection of the button, both the conspicuous response and the more hidden response. Various other methods, systems, and computer-readable media are also disclosed.

公开(公告)号：US20190238636A1

公开(公告)日：2019-08-01

申请号：US15885762

申请日：2018-01-31

Applicant: Symantec Corporation

Inventor： Qing Li ,  Min Hao Chen ,  Wenjing Wang

IPC: H04L29/08

CPC classification number: H04L67/1095 ,  G06F9/5088 ,  G06F16/27 ,  H04L67/20

Abstract: The disclosed computer-implemented method for synchronizing microservice data stores may include (i) establishing, at a first network node, an instance of a first microservice for an application and an instance of a distinct second microservice, (ii) establishing, at a distinct second network node, an additional instance of the first microservice and an additional instance of the distinct second microservice, (iii) establishing a single network channel for synchronizing, between the first network node and the distinct second network node, a first data store for the first microservice and a second data store for the distinct second microservice, and (iv) synchronizing the first data store for the first microservice and the second data store for the distinct second microservice. Various other methods, systems, and computer-readable media are also disclosed.

公开(公告)号：US20190235979A1

公开(公告)日：2019-08-01

申请号：US15928770

申请日：2018-03-22

Applicant: Symantec Corporation

Inventor： Qing Li ,  Min Hao Chen ,  Wenjing Wang

IPC: G06F11/20 ,  G06F9/48 ,  G06Q20/02

CPC classification number: G06F11/2033 ,  G06F3/0617 ,  G06F9/4856 ,  G06F11/2069 ,  G06F11/2092 ,  G06Q20/02

Abstract: The disclosed computer-implemented method for performing computing cluster node switchover may include (i) detecting an indication to switch an assignment of a transaction task away from a first network node in a computing cluster, (ii) executing, in response to detecting the indication, by each network node in a set of multiple network nodes within the computing cluster, a switchover algorithm to select a second network node, (iii) switching over the assignment of the transaction task from the first network node to the second network node, and (iv) performing, by the second network node, at least part of a remainder of the transaction task in response to switching over the assignment of the transaction task from the first network node to the second network node. Various other methods, systems, and computer-readable media are also disclosed.

公开(公告)号：US10367744B1

公开(公告)日：2019-07-30

申请号：US15793730

申请日：2017-10-25

Applicant: Symantec Corporation

Inventor： Qing Li ,  Mark Molnar ,  Joseph Chen ,  Ron Frederick

IPC: H04L12/813 ,  G06F9/50 ,  H04L12/803 ,  H04L12/707 ,  H04L12/911 ,  H04L12/851 ,  H04L12/721

Abstract: The disclosed computer-implemented method for network traffic routing to reduce service congestion at a server may include (1) receiving, by the computing device and from the cloud server, a traffic routing policy, (2) identifying, for a transaction and using at least one hook inserted into an operating system of the computing device, metadata describing a traffic type, (3) comparing the metadata with the traffic routing policy to determine the transaction is bypass traffic, and (4) sending the bypass traffic from the computing device to a destination other than the cloud server. Various other methods, systems, and computer-readable media are also disclosed.

公开(公告)号：US20190132288A1

公开(公告)日：2019-05-02

申请号：US15799032

申请日：2017-10-31

Applicant: SYMANTEC CORPORATION

Inventor： Qing Li ,  Joseph H. Chen ,  Qu Bo Song ,  Ying Li ,  Zhicheng Zeng ,  Jiang Dong

IPC: H04L29/06 ,  H04L12/46

Abstract: Application identification and control in a network device. In one embodiment, a method may include establishing, at a network device, a Virtual Private Network (VPN) tunnel through which all Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) traffic sent from or received at the network device is routed. The method may also include monitoring, at the network device, all TCP and UDP traffic sent from or received at the network device through the VPN tunnel. The method may further include extracting, at the network device, payload data from the monitored TCP and UDP traffic. The method may also include analyzing the extracted payload data to identify applications executing on the network device that sent or received the monitored TCP and UDP traffic. The method may further include taking, at the network device, a security action on the network device based on the identified applications.

公开(公告)号：US09973540B2

公开(公告)日：2018-05-15

申请号：US15359123

申请日：2016-11-22

Applicant: Symantec Corporation

Inventor： Qing Li ,  Ronald A. Frederick ,  Thomas A. Clare

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/20 ,  H04L63/0218 ,  H04L63/0245 ,  H04L63/0263 ,  H04L63/0281 ,  H04L63/1425 ,  H04L63/145 ,  H04L67/327

Abstract: A security gateway appliance is configured to evaluate network traffic according to security rules that classify traffic flows according to specifically identified application programs responsible for producing and/or consuming the network traffic and to enforce policies in accordance with network traffic classifications. The appliance includes an on-box anti-virus/anti-malware engine, on-box data loss prevention engine and on-box authentication engine. One or more of these engines is informed by an on-box dynamic real tie rating system that allows for determined levels of scrutiny to be paid to the network traffic. Security gateways of this type can be clustered together to provide a set of resources for one or more networks, and in some instances as the backbone of a cloud-based service.