Abstract: Techniques for a context-aware secure access service edge (SASE) engine for generating security profile(s) associated with endpoint device(s) accessing the network and using the security profile(s) to evaluate a traffic flow from the endpoint device(s). The SASE engine may execute on an edge device of a computing resource network and may be configured to maintain a security profile database including an endpoint security profile mapping. Endpoint device(s) accessing the network may share endpoint, application, and/or user specific information with the SASE engine so that the SASE engine may generate a security profile specific to the endpoint, application, and/or user. Additionally, an enterprise network, associated with endpoint device(s) accessing the network, may provide default SASE security profile templates to the SASE engine.

Abstract: Techniques for associating manufacturer usage description (MUD) security profiles for Internet-of-Things (IoT) device(s) with secure access service edge (SASE) solutions, providing for automated and scalable integration of IoT devices with SASE frameworks. A MUD controller may utilize a MUD uniform resource identifier (URI) emitted by an IoT device to fetch an associated MUD file from a MUD file server associated with a manufacturer of the IoT device. The MUD controller may determine that a security recommendation included in the MUD file is to be implemented by a cloud-based security service provided by the SASE service and cause the IoT device to establish a connection with a secure internet gateway associated with the cloud-based security service. Additionally, or alternatively, the MUD file may include SASE extensions indicating manufacturer recommended cloud-based security services. Further, cloud-based security services may be implemented if local services are unavailable.

Abstract: Techniques are described herein for implementing and using a secure access service edge (SASE) exchange system to allow SASE providers to share SASE services with other providers. A SASE exchange system may be used by any number of SASE providers to support SASE roaming by user endpoints between different SASE providers. A user endpoint may use SASE roaming to access additional sets of SASE services and capabilities that cannot be provided by a home SASE provider and/or other current SASE provider(s) of the user endpoint. In some examples, a SASE exchange system may be used to transition user endpoints from one SASE provider to another. Additionally or alternatively, the SASE exchange system may determine a combination of SASE providers that can be used to provide different subsets of shared SASE services/capabilities to a user endpoint.

Abstract: In one embodiment, a device may obtain a media topology of nodes involved in a collaboration session. The device may cause each of a plurality of probes to be provisioned to a corresponding node of the nodes involved in the collaboration session to perform a test of a corresponding segment of the media topology, and each of the plurality of probes may be associated to a session identifier of the collaboration session. The device may determine observability information based on results of the plurality of probes for each segment of the media topology, and the results may include an indication of the session identifier. The device may correlate the observability information to the collaboration session based on the indication of the session identifier.

Abstract: In one embodiment, an illustrative method herein may comprise: obtaining, by a device, a plurality of indications of errors experienced by a bot performing tasks, wherein each of the plurality of indications includes contextual information of a corresponding error; determining, by the device, correlated errors among the errors experienced by the bot; aggregating, by the device, contextual information of each of the correlated errors into aggregated contextual data; and providing, by the device, the aggregated contextual data with an error notification for a particular correlated error.

Abstract: A method comprises: by a controller to communicate with devices of a network, storing classifiers assigned to groups of the devices to identify device commonality for each group; associating, to the classifiers, historical probabilities of success with which an automated response executed by one or more of the devices remediates a device alarm event; when a device of the devices reports the device alarm event, identifying each classifier to which the device belongs, each historical probability for each classifier, and a rule with classifier thresholds for the automated response; determining to execute the automated response on the device by evaluating the rule using each historical probability and the classifier thresholds; after the automated response is executed, performing a service test supported across the devices, and monitoring test results from the service test; and after the service test, updating each historical probability using the test results.

Abstract: Techniques for associating manufacturer usage description (MUD) security profiles for Internet-of-Things (IoT) device(s) with secure access service edge (SASE) solutions, providing for automated and scalable integration of IoT devices with SASE frameworks. A MUD controller may utilize a MUD uniform resource identifier (URI) emitted by an IoT device to fetch an associated MUD file from a MUD file server associated with a manufacturer of the IoT device. The MUD controller may determine that a security recommendation included in the MUD file is to be implemented by a cloud-based security service provided by the SASE service and cause the IoT device to establish a connection with a secure internet gateway associated with the cloud-based security service. Additionally, or alternatively, the MUD file may include SASE extensions indicating manufacturer recommended cloud-based security services. Further, cloud-based security services may be implemented if local services are unavailable.

Abstract: A system and method for creating a context-aware, conversational chat bot or agent in multi-party conversations where participants have different levels of security access to information and the bot operates in one or more modes depending on the business context of the multi-user collaboration virtual workspace. The methods include adding a bot, as a participant, to a virtual workspace that is a multi-user collaboration workspace, obtaining, at a bot application server, context of the virtual workspace, setting, by the bot application server, a skill set for the bot from among a plurality of skill sets. The skill set varies based on the context of the virtual workspace. The methods further include configuring, by the bot application server, the bot to perform at least one task in the virtual workspace based on the skill set.

Abstract: This disclosure describes techniques for selectively providing access to a physical space. An example method includes identifying a location of a device associated with an authorized user based on an electromagnetic signal received by at least one sensor from the device. The electromagnetic signal has a frequency that is greater than or equal to 24 gigahertz (GHz). The example method further includes determining that the location of the device is within a threshold distance of a location of a threshold to a secured space and determining that an authentication score indicating that an individual carrying the device is the authorized user is greater than a threshold score. The authentication score is associated with multiple authentication factors identified by the device. Based on determining that the authentication score is greater than the threshold score, the threshold is unlocked and/or opened.

Abstract: A system and method for creating a context-aware, conversational chat bot or agent in multi-party conversations where participants have different levels of security access to information and the bot operates in one or more modes depending on the business context of the multi-user collaboration virtual workspace. The methods include adding a bot, as a participant, to a virtual workspace that is a multi-user collaboration workspace, obtaining, at a bot application server, context of the virtual workspace, setting, by the bot application server, a skill set for the bot from among a plurality of skill sets. The skill set varies based on the context of the virtual workspace. The methods further include configuring, by the bot application server, the bot to perform at least one task in the virtual workspace based on the skill set.

Abstract: Methods are provided in which a collaboration server connects at least two participants via respective user devices to a collaboration session. The collaboration server further distributes, to the respective user devices, media stream data and one or more customized graphical items that are distinguishably displayed in the collaboration session. The one or more customized graphical items are displayed in a foreground or a background associated with a collaboration space of first participant of the at least two participants. The collaboration server further detects a selection, by one of the respective user devices, of a graphical item from the one or more customized graphical items displayed in the collaboration space and performs at least one action associated with the graphical item during the collaboration session based on detecting the selection of the graphical item.

Abstract: Presented herein are techniques to geographically track and monitor an unpowered device. A method includes during a powered off state of the device, and upon detecting a predetermined event, enabling a radio frequency monitoring tag affixed to the device to collect, via radio frequency reception, information indicative of a geographical location of the radio frequency monitoring tag, storing the information indicative of the geographical location of the radio frequency monitoring tag in memory of the radio frequency monitoring tag, and upon powering up of the device, sending by the device, to a remote server, the information indicative of the detected geographical location of the radio frequency monitoring tag.

Abstract: Techniques for orchestrating a machine learning (ML) system on a distributed network. Determined performance levels for a ML system, determined from performance data received from the distributed network, are compared to performance requirements from the ML system. An orchestration module for the ML system then determines adjustments for the ML system that will improve the performance of the ML system and executes the adjustments for the ML system.

Abstract: Systems, methods, and computer-readable media for orchestrating data center resources and user access to data. In some examples, a system can determine, at a first time, that a user will need, at a second time, access to data stored at a first location, from a second location. The system can identify a node which is capable of storing the data and accessible by a device from the second location. The system can also determine a first service parameter associated with a network connection between the device and the first location and a second service parameter associated with a network connection between the device and the node. When the second service parameter has a higher quality than the first service parameter, the system can migrate the data from the first location to the node so the device has access to the data from the second location through the node.

Abstract: Methods are provided in which a collaboration server connects at least two participants via respective user devices to a collaboration session. The collaboration server further distributes, to the respective user devices, media stream data and one or more customized graphical items that are distinguishably displayed in the collaboration session. The one or more customized graphical items are displayed in a foreground or a background associated with a collaboration space of first participant of the at least two participants. The collaboration server further detects a selection, by one of the respective user devices, of a graphical item from the one or more customized graphical items displayed in the collaboration space and performs at least one action associated with the graphical item during the collaboration session based on detecting the selection of the graphical item.

Abstract: In one embodiment, an illustrative method herein comprises: determining, by a process, for each group of policies configured across a plurality of network devices in a computer network, an information set having a list of all policy components used for each group and which policies within each group have which particular policy components of the list of all policy components used for that group; performing, by the process, a comparative analysis of similarity and component variance on policies within each group based on the information set; deriving, by the process, an overall complexity indicator for each group based on the comparative analysis; and providing, from the process to an assessment interface, a ranking of each group as compared to other groups of policies within the computer network based on their respective overall complexity indicator.

Abstract: A device associated with an enterprise receives, from a user device, a message indicating that a user of the user device has requested a service level for accessing a service while performing teleworking activities for the enterprise. The user device accesses the service via a network that includes a portion controlled by an Internet Service Provider (ISP). The enterprise has established an agreement with the ISP indicating that the ISP is to provide service levels for users who are performing teleworking activities for the enterprise via the ISP. The ISP associated with the user device is identified based on the message. A request is transmitted to the ISP to provide the service level for the portion of the network that is controlled by the ISP and the ISP provides the service level for accessing the service based on the request.

Abstract: Methods are provided in which a collaboration server connects at least two participants via respective user devices to a collaboration session. The collaboration server further distributes, to the respective user devices, media stream data and one or more customized graphical items that are distinguishably displayed in the collaboration session. The one or more customized graphical items are displayed in a foreground or a background associated with a collaboration space of first participant of the at least two participants. The collaboration server further detects a selection, by one of the respective user devices, of a graphical item from the one or more customized graphical items displayed in the collaboration space and performs at least one action associated with the graphical item during the collaboration session based on detecting the selection of the graphical item.

Abstract: Methods are provided in which a network device hosts distinct network access resources that are managed by different entities. The method includes obtaining a request for partitioning one or more network resources of an on-premise network device for connecting one or more endpoints to a first network managed by a first entity. The on-premise network device connects one or more endpoints to a second network managed by a different entity. The method further involves partitioning, based on the request, the one or more network resources and connecting the one or more endpoints to the first network using the one or more network resources. The one or more network resources are managed by the first entity while at least one other network resource of the on-premise network device is managed by the different entity and is associated with connecting the one or more endpoints to the second network.

Abstract: A device associated with an enterprise receives, from a user device, a message indicating that a user of the user device has requested a service level for accessing a service while performing teleworking activities for the enterprise. The user device accesses the service via a network that includes a portion controlled by an Internet Service Provider (ISP). The enterprise has established an agreement with the ISP indicating that the ISP is to provide service levels for users who are performing teleworking activities for the enterprise via the ISP. The ISP associated with the user device is identified based on the message. A request is transmitted to the ISP to provide the service level for the portion of the network that is controlled by the ISP and the ISP provides the service level for accessing the service based on the request.