332 results about "Enterprise networking" patented technology

The protection of data on a client mobile computing device by a server computer system such as within an enterprise network or on a separate mobile computing device is described. Security tools are described that provide different security policies to be enforced based on a location associated with a network environment in which a mobile device is operating. Methods for detecting the location of the mobile device are described. Additionally, the security tools may also provide for enforcing different policies based on security features. Examples of security features include the type of connection, wired or wireless, over which data is being transferred, the operation of anti-virus software, or the type of network adapter card. The different security policies provide enforcement mechanisms that may be tailored based upon the detected location and/or active security features associated with the mobile device. Examples of enforcement mechanisms are adaptive port blocking, file hiding and file encryption.

A method and apparatus for concurrently displaying from a single window on a network management station the health status of all network devices and objects of a computer network. The network devices may be categorized according to state or device type, as determined by the network manager. The method and apparatus provides a network manager with the ability to determine the current state of network devices and objects within an enterprise network and invoke further actions such as configuration, performance, fault, and security management tasks. The network manager can drag and drop icons from one network management system application window to another network management system application window to obtain fault information about network devices and objects, thus allowing multiple network management system applications to run concurrently on the same network management station. The network manager is further able to add new network devices and objects by dragging site, folder or device icons from one network management system application window to a second network management system application window for displaying the health status of the new devices. The dragged-in devices are added to the appropriate status panes within the second window according to the method of the present invention.

Embodiments of the present invention provide a cloud gateway system, a cloud hypervisor system, and methods for implementing same. The cloud gateway system extends the security, manageability, and quality of service membrane of a corporate enterprise network into cloud infrastructure provider networks, enabling cloud infrastructure to be interfaced as if it were on the enterprise network. The cloud hypervisor system provides an interface to cloud infrastructure provider management systems and infrastructure instances that enables existing enterprise systems management tools to manage cloud infrastructure substantially the same as they manage local virtual machines via common server hypervisor APIs.

A packet-switched communications device in an enterprise network is provided. The packet-switched communications device has a corresponding unique identifier, such as an address or extension. The device includes a processor operable to (a) establish a secure communications session with a key generating agent in the enterprise network; (b) provide, to the key generating agent through the session, the unique identifier of the communications device; and (c) receive, from the key generating agent through the session, a secret key and a key identifier. An application server authenticates the packet switched device using the secret key. After authentication is successful, secure communications is established between the packet switched device and the application server.

Software architectures, platforms, and data constructs are disclosed which provide a system for enabling a non-technical or lay user to perform discrete technical tasks necessary to build a complete network-based, multiuser application. The system also allows the user to have a uniform user experience throughout development of the application. For example, the platform can be used to construct and maintain an Internet or online Web site capable of handling e-commerce transactions or can be used to develop a customer relationship management system. A software architecture is described that enables many users to perform a variety of tasks via a wide-area network, such as an enterprise network or the Internet. The architecture has several services, systems, and an extensible database for storing data objects. The database has an underlying structure referred to as a schema that can be extended with previously undefined attributes without having to alter the basic format of the schema. The architecture also includes an integrated platform that enables each of the users to perform the tasks by controlling interaction or communication between the services and systems, and the extensible database.

Anomaly detection is disclosed, including: determining a set of anomalous events associated with an enterprise network; and determining a path of interest based at least in part on at least a subset of the set of anomalous events.

A method, system, computer program product, and devices for enterprise network access control and management for Government and Corporate entities, including interagency identity management; connectors and controls; an interagency directory services transformation service; a user/duty position resolving service; role-based encryption key management; role-based business process modeling; and proximity-based access control enabled by user-role-track association.

A printer control and information management system is provided employing numerous individual satellite modules, and providing an enterprise-wide output system capable of receiving all types of input and redirecting of all types of output. Data can be inputted from any location in an enterprise system and coordinated into a coherent format for reporting and forms processing. Forms can be automatically generated based on the data inputted, which forms can be directed to the appropriate personnel. The system provides for notifications to the appropriate personnel in order to resolve problems which may arise from the operation of the various equipment utilized in the enterprise network system. Information can be redirected to anyone within the system, the user identifying the manner and format of the information to be presented. Thus, inbound reports can be received from different systems and outputs delivered in the format that is preferred by the user. Report recognition is provided for any application, with the ability to merge textual information with electronic forms. Additionally, the forms can be completed with bar code information to prevent inadvertent disclosure of sensitive information. Large and contiguous host generated reports can be electronically distributed to users, as well as the ability to automatically fax any type of report directly to any recipient. The system can be accessed via the Internet for ease of inputting and reviewing information at any location.

A video conference system for an enterprise facilitates conferences among participants governed by the policies of the enterprise and other participants. The system includes conference participant stations for use by governed participants and a gateway that facilitates linking through a remote network to conference participant stations used by those external to the enterprise. Further, the system may also include an enterprise network having a gateway to facilitate linking through a remote network to conference participant stations and to other enterprise networks. The system includes barriers to access to data and processes proprietary to the enterprise and external participant. A related method may invoke one of a paid, a prepaid or and unpaid video conferencing on a remote network.

A technique dynamically creates and utilizes a plurality of multi-homed Virtual Private Network (VPN) tunnels from a client node of one spoke network to a client node of another spoke network in a computer network. According to the technique, a VPN client node, e.g., a “spoke,” creates at least one VPN tunnel with an enterprise network, e.g., a “hub.” Once the spoke-to-hub tunnel is established, the spoke may dynamically create a plurality of VPN tunnels with a peer spoke network, e.g., a “peer spoke.” The spoke designates (e.g., for a prefix) one of the tunnels as a primary tunnel and the other tunnels as secondary tunnels, and monitors the quality (e.g., loss, delay, reachability, etc.) of all of the dynamic tunnels, such as, e.g., by an Optimized Edge Routing (OER) process. The spoke may then dynamically re-designate any one of the secondary tunnels as the primary tunnel for a prefix based on the quality of the tunnels to the peer spoke. Notably, the spoke may also dynamically load balance traffic to the peer spoke among the primary and secondary tunnels based on the quality of those tunnels.

An authentication process in a network environment provides a remote user with secured access to an enterprise network based on recognition of a third-party security token. The method includes authenticating the user against a plurality of third-party security tokens, wherein the third-party security tokens originate from a range of different partner home sites. The remote user, prior to obtaining secured access to the enterprise network, is not known to the enterprise network, and does not need to be associated with any security tokens previously originating from the enterprise network. The enterprise network is provided with the ability to rely upon third-party security tokens to authenticate the remote user.

A method, apparatus, and system are provided for a monitor viewer in an enterprise network monitoring system. In one embodiment, upon selecting a monitor service tree node, a monitor tree (e.g., a graphical representation of one or more monitored/managed resources) is displayed in a graphical user interface. The displayed monitor tree may have one or more selectable monitor tree nodes, wherein each of the monitor tree nodes is a graphical representation of a monitored/managed resource. In an embodiment, a monitor tree node may be selected and configured in the graphical user interface.

An electronic message management system, including in one embodiment, servers disposed at boundary points of an enterprise network, and employment of phrases of various message classifications, is disclosed and described herein.

The present invention is a system and method to improve the reliability and performance of existing enterprise IP networks which have dual-homed (or multi-homed) network architectures. In one aspect of the invention packets related to a selected category of transmission (e.g., VoIP) are duplicated at an edge router and sent over both (multiple) service providers. After traversing the service provider networks, only the first-to-arrive packets are kept and the later-arriving copies are discarded. In so doing, the result is better protection against node failures, link failures, and packet errors, and also better QoS performance under normal (fault-free) operation.

A technique dynamically utilizes a plurality of multi-homed Virtual Private Network (VPN) tunnels from a client node to one or more enterprise networks in a computer network. According to the technique, a VPN client node, e.g., a “spoke,” creates a plurality of multi-homed VPN tunnels with one or more servers/enterprise networks, e.g., “hubs.” The spoke designates (e.g., for a prefix) one of the tunnels as a primary tunnel and the other tunnels as secondary (backup) tunnels, and monitors the quality (e.g., loss, delay, reachability, etc.) of all of the tunnels, such as, e.g., by an Optimized Edge Routing (OER) process. The spoke may then dynamically re-designate any one of the secondary tunnels as the primary tunnel for a prefix based on the quality of the tunnels to the enterprise. Notably, the spoke may also dynamically load balance traffic to the enterprise among the primary and secondary tunnels based on the quality of those tunnels.

A system includes a memory to store network-related security policies and procedures associated with an enterprise, a display and at least one device. The device is configured to monitor enterprise activity associated the enterprise's networked and determine, based on the enterprise activity, whether the enterprise is complying with the security policies and procedures. The device is also configured to calculate a risk exposure metric for an asset of the enterprise based on the enterprise activity and whether the enterprise is complying with the security policies and procedures, and output, to the display, a graphical user interface (GUI) identifying the risk exposure metric. The device may also be configured to receive, via the GUI, an input to initiate a change with respect to at least one of the enterprise's networked devices or initiate the generation of a plan to make a change to at least one of the networked devices.

A distributed security system and method are disclosed that enable access to known threat events from threat intelligence feeds when the system includes public cloud components. A cloud-based security policy system stores observable events for security incidents detected by and sent from user devices within an enterprise network. The observable events include observable indicators for characterizing the observable events. The threat events within the feeds include threat indicators for characterizing the threat events. An on-premises connector within the enterprise network downloads the observable indicators from the security policy system and the threat indicators from the feeds. In response to determining that any observable indicators match any threat indicators, the on-premises connector provides access to the threat events and/or the observable events having the matching indicators. In one example, the on-premises connector generates opaque query strings for users on user devices to access the threat events/observable events having the matching indicators.

A system and method are described for managing session lifecycles within a multi-tiered enterprise network. In one embodiment, a plurality of session objects are generated at different layers of the enterprise network in response to a client request. Each of the session objects store session data defining a state of interaction with the client. In addition, one embodiment of the invention manages the lifecycle of a first session object based on corresponding lifecycles of one or more related session objects and also the type of relationship existing between the first session object and the one or more related session objects. In one embodiment, the defined relationship types include strong references, weak references, and soft references.

A computer system includes an enterprise gateway server and a remote gateway server connected via a data network, such as the Internet, that is relatively inefficient compared to typical private networks. The remote gateway server interfaces the enterprise gateway server to corporate messaging and collaboration data stored locally relative to the remote gateway server. The enterprise gateway server converts multiple data requests for the messaging and collaboration data into a single higher-level data request that is transmitted across the data network. The remote gateway server receives the request and converts the single high level request back into the original multiple request format for presentation to the messaging and collaboration database.

An enterprise network has a plurality of applications or resources and an identity management (IDM) system for provisioning of users at those resources. The IDM system uses handlers and rules libraries for provisioning. The handlers organize provisioning tasks that are common to all the resources. The rules libraries have a library for each resource, within each library a rule set for each handler, and within each rule set a rule subset for each provisioning transaction type. Any number of different transactions types are permitted, such create a new employee account, terminate an account, disable an account, and create a new contractor account.