Real Time Touch



new TOP 200 Companies filing patents this week

new Companies with the Most Patent Filings (2010+)




Real Time Touch

Varmour Networks Inc patents


Recent patent applications related to Varmour Networks Inc. Varmour Networks Inc is listed as an Agent/Assignee. Note: Varmour Networks Inc may have other listings under different names/spellings. We're not affiliated with Varmour Networks Inc, we're just tracking patents.

ARCHIVE: New 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 | Company Directory "V" | Varmour Networks Inc-related inventors


Flexible deception architecture

Methods and systems for are provided. Exemplary methods include: getting an image for the application; creating an instance of the application in a container using the image; receiving a network communication, the network communication including an instruction for the application; processing the instruction using the instance; responding to the network communication using the processing; and monitoring behavior from the processing, the monitoring including intercepting library calls, function calls, messages, and events from the container.. ... Varmour Networks Inc

Systems and methods for continually scoring and segmenting open opportunities using client data and product predictors

Systems and methods for machine learning and adaptive optimization are provided herein. A method includes continually receiving input that is indicative of client events, including client behaviors and respective outcomes of software trials of a product maintained in a database, continually segmenting open opportunities using the client behaviors and respective outcomes, continually scoring and prioritizing the open opportunities using the client behaviors and respective outcomes for targeting and re-targeting, continually adjusting targeted proposals to open opportunities and sourcing in prospects based on a targeting scheme, continually presenting targeted offers to create expansion opportunities and updating a product roadmap of the product using the open opportunities, the product roadmap including technical specifications for the product.. ... Varmour Networks Inc

Data network microsegmentation

Methods and systems for microsegmentation of data networks are provided herein. Exemplary methods include: receiving a high-level declarative policy; getting metadata associated with a plurality of containers from an orchestration layer; determining a low-level firewall rule set using the high-level declarative policy and the metadata; and configuring by a plurality of enforcement points a respective virtual switch of a plurality of virtual switches to process packets in accordance with the low-level firewall ruleset, the virtual switches being collectively communicatively coupled to the plurality of containers, such that network communications between a first group of containers and a second group of containers of the plurality of containers are not permitted, and communications between containers of the first group of containers are permitted.. ... Varmour Networks Inc

Security policy generation for virtualization, bare-metal server, and cloud computing environments

Methods, systems, and media for security in virtualization, bare-metal server, and cloud computing environments are provided herein. Exemplary methods include: receiving network traffic associated with a primary workload; generating first metadata using the network traffic; determining a primary categorization associated with the primary workload, using the first metadata; confirming the primary categorization is reliable; determining a secondary categorization associated with at least one secondary workload, the at least one secondary workload being communicatively coupled to the primary workload; ascertaining the primary categorization and the secondary categorization are consistent with each other and are each stable; producing a model using the primary categorization and the secondary categorization; checking the model for sustained convergence; and generating a high-level declarative security policy associated with the primary workload using the model, the high-level declarative security policy indicating at least an application or service with which the primary workload can communicate.. ... Varmour Networks Inc

Autonomic protection of critical network applications using deception techniques

Methods and systems for autonomously forwarding unauthorized access of critical application infrastructure in a network to a deception point are provided. Exemplary methods include: receiving a high-level security policy including a specification of the critical application infrastructure, prohibited behaviors, and an identification associated with the deception point, the specification including at least one of an application and a protocol; classifying each workload in the network; identifying the critical application infrastructure using the classification and specification of the critical application infrastructure; generating a low-level firewall rule set using the identified critical application infrastructure and the high-level security policy; and providing the low-level firewall rule set to an enforcement point, such that the enforcement point forwards incoming data traffic including prohibited behaviors directed to the critical application infrastructure to the deception point.. ... Varmour Networks Inc

Security policy generation using container metadata

Methods, systems, and media for producing a firewall rule set are provided herein. Exemplary methods may include: receiving metadata about a deployed container from a container orchestration layer; determining an application or service associated with the deployed container from the received metadata; retrieving at least one model using the determined application or service, the at least one model identifying expected network communications behavior of the deployed container; and generating a high-level declarative security policy associated with the deployed container using the at least one model, the high-level declarative security policy indicating at least an application or service with which the deployed container can communicate.. ... Varmour Networks Inc

Recursive multi-layer examination for computer network security remediation

Computer-implemented methods and apparatuses for recursive multi-layer examination for computer network security remediation may include: identifying one or more first communications originating from or directed to a first node; identifying at least one of a protocol and an application used for each of the one or more first communications; examining each of the one or more first communications for malicious behavior; receiving a first risk score for each of the one or more first communications responsive to the examining; determining the first risk score associated with one of the one or more first communications exceeds a first predetermined threshold; and indicating the first node and a second node in communication with the first node via the one of the one or more first communications are malicious. Exemplary methods may further include: providing the identified malicious nodes and communications originating from or directed to the malicious nodes.. ... Varmour Networks Inc

Multi-node affinity-based examination for computer network security remediation

Multi-node affinity-based examination for computer network security remediation is provided herein. Exemplary methods may include receiving a query that includes a selection of internet protocol (ip) addresses belonging to nodes within a network, obtaining characteristics for the nodes, determining communications between the nodes and communications between the nodes and any other nodes not included in the selection, determining a primary affinity indicative of communication between the nodes and a secondary affinity indicative of communication between the nodes and the other nodes not included in the selection, and generating a graphical user interface (gui) that includes representations of the nodes in the range and the other nodes outside the range, placing links between the nodes in the selection and the other nodes not included in the selection based on the primary affinity and the secondary affinity, and providing the graphical user interface to a user.. ... Varmour Networks Inc

Conditional declarative policies

Methods, systems, and media for producing a firewall rule set are provided herein. Exemplary methods may include receiving a declarative policy associated with a computer network security policy; collecting information from at least one external system of record; generating a firewall rule set using the declarative policy and information, the firewall rule set including addresses to or from which network communications are permitted, denied, redirected or logged, the firewall rule set being at a lower level of abstraction than the declarative policy; and provisioning the firewall rule set to a plurality of enforcement points of a distributed firewall, the firewall selectively policing network communications among workloads using the firewall rule set.. ... Varmour Networks Inc

Distributed service processing of network gateways using virtual machines

A network gateway device includes an ingress interface, an egress interface, and a load balancing module coupled to the ingress and egress interfaces. The load balancing module configured to receive a packet from the ingress interface, determine a set of a plurality of processes corresponding to a connections session associated with the packet based on a policy. ... Varmour Networks Inc

Deception using distributed threat detection

Methods and systems for deception using distributed threat detection are provided. Exemplary methods by an enforcement point, the enforcement point communicatively coupled to a first data network and a second data network, the enforcement point not providing services in the second data network, include: receiving, from a first workload in the second data network, a data packet addressed to a second workload in the second data network, the data packet requesting a service from the second workload; determining the data packet is for unauthorized access of the second workload, the determining using at least some of a 5-tuple of the data packet; identifying a deception point using the service, the deception point being in the first data network and including a decoy for the service; and redirecting the data packet to the deception point in the first data network.. ... Varmour Networks Inc

Directing data traffic between intra-server virtual machines

Systems and methods for improving data communications between intra-server virtual machines are described herein. An example method may commence with receiving, from a first virtual machine, a data packet directed to a second virtual machine, routing the data packet via an external routing environment, and receiving the data packet allowed for delivery to the second virtual machine. ... Varmour Networks Inc

Segmented networks that implement scanning

Systems for providing scanning within distributed services are provided herein. In some embodiments, a system includes a plurality of segmented environments that each includes an enforcement point that has an active probe device, and a plurality of workloads that each implements at least one service. ... Varmour Networks Inc

Deception techniques using policy

Methods and systems for diversifying coverage of a deception point are provided. Exemplary methods include: receiving, by a first enforcement point in a first data network segment, a first data packet addressed to a first workload in the first data network segment; forwarding the first data packet to the deception point using a first low-level security rule set, the deception point logging the first data packet to produce a first log, receiving, by a second enforcement point in a second data network segment, a second data packet addressed to a second workload in the second data network segment, forwarding the second data packet to the deception point using a second low-level security rule set, the deception point logging the second data packet to produce a second log, the deception point providing the first and second logs to a security director for analysis.. ... Varmour Networks Inc

04/20/17 / #20170111272

Determining direction of network sessions

Systems and methods for determining a direction of a network session are described herein. An example method may commence with receiving a data packet by a network device. ... Varmour Networks Inc

03/16/17 / #20170078247

Delivering security functions to distributed networks

Systems and methods for delivering security functions to a distributed network are described herein. An exemplary method may include: processing a data packet received from a switch, the data packet directed to the at least one network asset; selectively forwarding the data packet using the processing and a rule set; inspecting the forwarded packet; directing the enforcement point to at least one of forward the data packet to the at least one network asset and drop the data packet, using the inspection and the rule set; accumulating data associated with at least one of the data packet, the processing, and the inspection; analyzing the at least one of the data packet, the processing, and the inspection; and initiating compilation of a high-level security policy by the compiler using the analysis to produce an updated rule set.. ... Varmour Networks Inc

03/02/17 / #20170063933

Context aware microsegmentation

Context aware microservice networks and contextual security policies for microservice networks are provided herein. In some embodiments, a system includes a plurality of microservices, each of the plurality of microservices having a plurality of distributed microservice components. ... Varmour Networks Inc

03/02/17 / #20170063795

Conditional declarative policies

Methods, systems, and media for producing a firewall rule set are provided herein. Exemplary methods may include receiving a declarative policy associated with a computer network security policy; collecting information from at least one external system of record; generating a firewall rule set using the declarative policy and information, the firewall rule set including addresses to or from which network communications are permitted, denied, redirected or logged, the firewall rule set being at a lower level of abstraction than the declarative policy; and provisioning the firewall rule set to a plurality of enforcement points of a distributed firewall, the firewall selectively policing network communications among workloads using the firewall rule set.. ... Varmour Networks Inc

03/02/17 / #20170063791

Segmented networks that implement scanning

Systems for providing scanning within distributed services are provided herein. In some embodiments, a system includes a plurality of segmented environments that each includes an enforcement point that has an active probe device, and a plurality of workloads that each implements at least one service. ... Varmour Networks Inc

02/23/17 / #20170052827

Using multiple central processing unit cores for packet forwarding in virtualized networks

Systems and methods for using a plurality of processing cores for packet processing in a virtualized network environment are described herein. An example system can comprise a scheduler operable to initiate a processing core of the plurality of processing cores. ... Varmour Networks Inc








ARCHIVE: New 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009



###

This listing is an abstract for educational and research purposes is only meant as a recent sample of applications filed, not a comprehensive history. Freshpatents.com is not affiliated or associated with Varmour Networks Inc in any way and there may be associated servicemarks. This data is also published to the public by the USPTO and available for free on their website. Note that there may be alternative spellings for Varmour Networks Inc with additional patents listed. Browse our Agent directory for other possible listings. Page by FreshPatents.com

###