Abstract: A method of automatic security group generation by a firewall management service. The method may include receiving a security policy definition allowing cloud resource instances labeled by a first tag to communicate to cloud resource instances labeled by a second tag; creating a first security group comprising an inbound firewall rule for the cloud resource instances associated with the first tag, wherein the inbound firewall rule specifies cloud resource instances associated with a second security group as source communication endpoints; creating a second security group comprising an outbound firewall rule for the cloud resources instances associated with the second tag, wherein the outbound firewall rule specifies cloud resource instances associated with the first security group as destination communication endpoints; and causing a firewall service to implement the first security group and the second security group.

Abstract: A method of automatic security group generation by a firewall management service. The method may include receiving a security policy definition allowing cloud resource instances labeled by a first tag to communicate to cloud resource instances labeled by a second tag; creating a first security group comprising an inbound firewall rule for the cloud resource instances associated with the first tag, wherein the inbound firewall rule specifies cloud resource instances associated with a second security group as source communication endpoints; creating a second security group comprising an outbound firewall rule for the cloud resources instances associated with the second tag, wherein the outbound firewall rule specifies cloud resource instances associated with the first security group as destination communication endpoints; and causing a firewall service to implement the first security group and the second security group.

Abstract: According to one embodiment, a computerized method is directed to neutralizing callback malware. This method involves intercepting a message directed to an endpoint device, where the message is in response to a callback message sent from callback malware operating on the endpoint device. Thereafter, a first portion of information within the message is substituted with a second portion of information. The second portion of information includes code that is configured to overwrite at least a portion of the callback malware and cause the callback malware to become inoperable or mitigate its operability.

Abstract: According to one embodiment, a computerized method is directed to neutralizing callback malware. This method involves intercepting an incoming message from a remote source directed to a compromised endpoint device. Next, a first portion of information within the incoming message is substituted with a second portion of information. The second portion of information is designed to mitigate operability of the callback malware. Thereafter, the modified incoming message, which includes the second portion of the information, is returned to the compromised endpoint device.

Abstract: In general, techniques are described by which a path through a network may be selected based on security information. For example, a network device may include one or more interfaces and a control unit. The interfaces may receive security information that describes a security service provided by a network security device. The network security device may couple to another network device. The control unit then determines, based on the security information, a path through the network that includes the other network device. The interfaces may forward at least a portion of the network traffic along the determined path to the other network device such that the network security device coupled to the other network device applies the security service to the portion of the network traffic forwarded via the path. As a result, the network device secures traffic by perform security path selection to forward traffic to network security devices.

Abstract: A mechanism to allow switch manager software to determine bandwidth consumption and cooperate with a VM manager. Counter hardware measures network traffic between the various ports of the switch stack. The switch manager determines the MAC or IP addresses of devices connected to each port, which are provided to the VM manager to correlate VMs to ports. The switch manger collects statistics from the counter hardware to determine traffic flow levels between the various ports. A list of high traffic port pairs is provided to the VM manager. In conjunction with each port is a list of available ports, identified by at least one MAC or IP address associated with that port, having capacity to receive the traffic of the respective ports of each port pair and provided in order of least to most hops, to allow the VM manager to select a closer port to receive a migrated VM.

Abstract: According to one embodiment, a computerized method is directed to neutralizing callback malware. This method involves intercepting an incoming message from a remote source directed to a compromised endpoint device. Next, a first portion of information within the incoming message is substituted with a second portion of information. The second portion of information is designed to mitigate operability of the callback malware. Thereafter, the modified incoming message, which includes the second portion of the information, is returned to the compromised endpoint device.

Abstract: A mechanism to allow switch manager software to determine bandwidth consumption and cooperate with a VM manager. Counter hardware measures network traffic between the various ports of the switch stack. The switch manager determines the MAC or IP addresses of devices connected to each port, which are provided to the VM manager to correlate VMs to ports. The switch manger collects statistics from the counter hardware to determine traffic flow levels between the various ports. A list of high traffic port pairs is provided to the VM manager. In conjunction with each port is a list of available ports, identified by at least one MAC or IP address associated with that port, having capacity to receive the traffic of the respective ports of each port pair and provided in order of least to most hops, to allow the VM manager to select a closer port to receive a migrated VM.

Abstract: In general, techniques are described for performing load balancing across resources of a network device. In one example, upon receiving an initial packet, a load balancer module of the network device is configured to perform a lookup in a routing table based on a subscriber identifier associated with the initial packet, and determine whether a line card is pre-assigned to process the initial packet based at least in part on the lookup result. A packet forwarding engine is configured to when one of the line cards is pre-assigned, direct the initial packet to the pre-assigned line card, and, when one of the line cards is not pre-assigned, dynamically identify one of the line cards to process the initial packet based at least in part on header information of the initial packet, and direct the initial packet to the dynamically identified line card.

Abstract: In general, techniques are described for hierarchical application of security services with a network device. In particular, the network device receives security classification information that maps a security class to one or more computing devices. The security class identifies security capabilities of the computing devices. The network device also receives network traffic associated with the computing device and applies a set of patterns defined by a policy associated with the security class to the network traffic to detect a set of network attacks. Based on the application of the set of patterns, the network device forwards the network traffic. As a result of receiving security classification information, the network device may become aware of the security capabilities of the computing device and only apply those patterns required to augment these detected security capabilities, thereby preventing application of overlapping security services through application of these services in a hierarchical manner.

Abstract: In general, techniques are described for hierarchical application of security services with a network device. In particular, the network device receives security classification information that maps a security class to one or more computing devices. The security class identifies security capabilities of the computing devices. The network device also receives network traffic associated with the computing device and applies a set of patterns defined by a policy associated with the security class to the network traffic to detect a set of network attacks. Based on the application of the set of patterns, the network device forwards the network traffic. As a result of receiving security classification information, the network device may become aware of the security capabilities of the computing device and only apply those patterns required to augment these detected security capabilities, thereby preventing application of overlapping security services through application of these services in a hierarchical manner.