Meng Xu

20130091264, Apr 11, 2013

Oct 4, 2012

13/645238

Meng Xu - Los Altos CA, US
Yi Sun - San Jose CA, US

VARMOUR NETWORKS, INC. - Santa Clara CA

G06F 15/173

709223

A method and apparatus is disclosed herein for migrating session information between security gateways are disclosed. In one embodiment, receiving, at a first security gateway, session information associated with a session corresponding to a network connection, the session information having been transferred from a second security gateway, the first and second security gateway being separate physical devices; and thereafter performing security processing for the session at the first security gateway.

20130250956, Sep 26, 2013

Mar 20, 2013

13/847881

Yi Sun - San Jose CA, US
Meng Xu - Los Altos CA, US

H04L 12/46

370392, 370401

A method and apparatus is disclosed herein for IP packet tunneling in a network. In one embodiment, the method comprises receiving, at a first network device, a first IP packet of a IP connection; creating a second IP packet by replacing information in a field in the first IP packet with a session ID identifying the IP connection; and forwarding, by the first network device, the second IP packet to the second network device in the distributed network environment.

20130254871, Sep 26, 2013

Mar 22, 2013

13/849315

Yi Sun - San Jose CA, US
Meng Xu - Los Altos CA, US
Lee Cheung - Foster City CA, US
Sean Wang - Santa Clara CA, US

H04L 29/06

726 12, 726 11

A method and apparatus is disclosed herein for distributed zone-based security. In one embodiment, the method comprises: determining an ingress security zone associated with an ingress of a first network device based on a first key and a media access control (MAC) address of a source of a packet; determining an egress security zone of a second network device based on a MAC address of a destination for the packet and a second key; performing a policy lookup based on the ingress security zone and the egress security zone to identify a policy to apply to the packet; and applying the policy to the packet.

20130263245, Oct 3, 2013

Mar 11, 2013

13/794367

Yi Sun - San Jose CA, US
Meng Xu - Los Altos CA, US
Louis Cheung - Foster City CA, US

H04L 29/06

726 12

A method and apparatus is disclosed herein for TCP SYN flood protection. In one embodiment, a TCP SYN flood protection arrangement comprises a first device operable to process packet input and output functions, including performing sender verification with respect to a connection initiation from a sender for a first TCP connection between the sender and a destination server and a second device, separate from the first device, to perform one or more security processing operations on packets of the first TCP connection from the sender after the first device verifies the sender is legitimate.

20130275592, Oct 17, 2013

Apr 10, 2013

13/860404

Meng Xu - Los Altos CA, US
Yi Sun - San Jose CA, US
Hsisheng Wang - Fremont CA, US

H04L 12/56

709225

A network system includes a first network access device having an input/output (IO) module of a firewall to capture a packet of a network session originated from a first node associated with the first network access device, a first security device having a firewall processing module to determine based on the captured packet whether the first node is a destination node that is receiving VM migration from a second node that is associated with a second network access device. The first security device is to update a first flow table within the first network access device. The network system further includes a second security device to receive a message from the first security device concerning the VM migration to update a second flow table of the second network access device, such that further network traffic of the network session is routed to the first node without interrupting the network session.

20130276092, Oct 17, 2013

Apr 11, 2013

13/861220

Yi SUN - San Jose CA, US
Meng XU - Los Altos CA, US

G06F 15/16

726 13

A method and apparatus for dynamic security insertion into virtualized networks is described. The method may include receiving, at a network device from a second network device, a data packet and application data extracted from the data packet. The method may also include generating a routing decision for a network connection associated with the data packet based, at least in part, on the application data. Furthermore, the method may include transmitting the routing decision for the data packet to the second device for the second device to route the data based on the routing decision.

20130291088, Oct 31, 2013

Apr 10, 2013

13/860408

Meng Xu - Los Altos CA, US
Yi Sun - San Jose CA, US

H04L 29/06

726 11

A network system includes a security device and a network access device. The network access device is to receive a packet from a source node destined to a destination node, and to examine a data structure maintained by the network access device to determine whether the data structure stores a data member having a predetermined value, the data member indicating whether the packet should undergo security processing. If the data member matches the predetermined value, the packet is transmitted to a security device associated with the network access device to allow the security device to perform content inspection, and in response to a response received from the security device, the packet is routed to the destination node dependent upon the response. The packet is routed to the destination node without forwarding the packet to the security device.

20220245256, Aug 4, 2022

Jan 29, 2021

17/162761

- Los Altos CA, US
Paul Bigbee - Palo Alto CA, US
Marc Woolward - Bude, GB
Keith Stewart - San Francisco CA, US
Meng Xu - Los Altos CA, US

G06F 21/57

Systems and methods for attributing user behavior from multiple technical telemetry sources are provided. An example method includes determining that the user has logged into the computing device, in response of the determination, collecting log data from a plurality of telemetry sources associated with the computing device, extracting, from the log data, activity data concerning activities of the computing device, analyzing the activity data to determine that the activity data are attributed to the user, generating, based on the activity data, behavior attributes of the user, associating the behavior attributes with a unique identifier of the computing device, and estimating security integrity of the computing device based on a comparison of the behavior attributes to reference behavior attributes. The reference behavior attributes include further behavior attributes determined using log data of at least one further computing device associated with the user.