`Case 3:17-cv-05659-WHA Document 423-29 Filed 04/11/19 page 1of3
`REDACTED VERSION OF DOCUMENT SOUGHT TO BE SEALED
`
`DKT. 127-10
`DKT. 127-10
`(REDACTED)
`(REDACTED)
`
`REDACTED VERSION OF DOCUMENT SOUGHT TO BE SEALED
`
`
`
`Case 3:17-cv-05659-WHA Document 423-29 Filed 04/11/19 Page 2 of 3
`Case 3:17-cv-05659-WHA Document 423-29 Filed 04/11/19 Page 2 of 3
`
`
`
`
`EXHIBIT 2
`EXHIBIT 2
`
`UNREDACTED VERSION OF
`UNREDACTED VERSION OF
`DOCUMENT SOUGHT TO BE
`DOCUMENT SOUGHT TO BE
`SEALED
`SEALED
`
`
`
`
`
`
`
`Case 3:17-cv-05659-WHA Document 423-29 Filed 04/11/19 Page 3 of 3
`Case 3:17-cv-05659-WHA Document 423-29 Filed 04/11/19 Page 3 of 3
`
`SRX Space
`
`Spaceto Store SRX related Items
`Argon SRXfile hash lookup
`
`Sky-Advance Threat Prevention solution comprises of content extraction, policy enforcement on multi-services security gateway (SRX) and
`state-of-art malware analysis performed in the Cloud.
`
`Use-case #1: Lookup digest alone
`
`Problem statement: Current implementation does not offer selectively sending the content to Cloud based on content
`category filter.
`
`Several customers are requesting for administrative control over what content categories they would like to NOT send to Cloud, based ontheir
`enterprise content policy. For e.g. customer A want to send executables and not send documents to Cloud.
`
`No changesto Meta-data being submitted and reported. PLM doesnot see sensitivity around URL.
`
`Support for HTTP(S) protocol.
`
`Implementation notes on SRX:
`
`1. Like for a normal submission SRXstarts transaction by sending START message with sample metadata. Sample metadata includes
`flag indicating it's going to be hash-lookup only with no data transferred(hash_only top level property in sample metadata
`JSON).
`2. SRX computesfile digest (cryptographic hash with SHA256algorithm) on file completion and send a message to Sky-ATP cloud for hash
`lookup. This message is expected to be delivered on the existing MsgPack/Websocket/TLS session on service plane.
`3. SRX receives verdict from Sky-ATP cloud and associated policy is enforced. If there is no verdict, a configured policy action is enforced.
`4. SHA256is defacto in Sky-ATP for object ID and will be the same algorithm used to create digeststring in the initial implementation. The
`request and response messagesindicates the type of algorithm used for extensibility.
`5. Digest is computed on SRX using OpenSSL SW Crypto. Though the JSF libcrypto library has HW acceleration for crypto via Intel QAT or
`Cavium/Nitrox on SRX High-end, the incremental nature of updating data andfinalizing the digest isn’t supported in JSF libcrypto library
`6. Hash Lookup is done after sample rate limit checks. For now, Cloud treats hash lookups as sample submission with content, hence the
`same rate limit applies to hash lookups. We needto revisit the logic after discussing user experience/solution behavior.
`7. Any partial content (content range) with File ID done, for a category that is marked for Hash Lookup only, will not be submitted to Cloud.
`That mean, Cloud will receive parts ofthe file via separate sessions but will not be able to fully assemble the sample.
`8. "show services advanced-anti-malwarestatistics" op command on SRXdisplays File hash lookup statistics as follows. Total samples
`eligible are 11, some samplestook fallback action due to resource/ratelimit/other errors, 5 samples are known(hit on the cloud cache)
`and 1
`is unknown.
`
`i command shows muchelaborated
`
`Lookup statistics:
`
`Advanced-anti-malware hash
`Samples total:
`ae
`Samples known:
`ic
`Reetech sLAsis]ee
`
`version as follows.
`
`
`
`
`
`
`
`
`
`
`Hy]
`[GHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
`
`JNPR-FNJN29017 00552580
`
`
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
