Abstract: A set of attributes of a particular asset of a computing environment is identified that are determined from data collected by one or more utilities in the computing environment. A criticality rating is automatically determined for the particular asset based at least in part on the set of attributes. A security activity is caused to be performed relating to the particular asset based on the automatically determined criticality rating of the particular asset.

Abstract: Systems, methods, and apparatuses enable a machine learning model to determine a risk probability of a URL. A query configurator receives a URL in a query and normalizes the URL. The normalized URL is segmented into a plurality of segments. The plurality of segments is serially provided to the machine learning model trained to provide an indication of risk associated with the URL. The indication of risk associated with the URL can be a probability value based on one or more risk probabilities determined for segment-segment transitions of the URL. A security service compares the probability value of the URL to a threshold value and performs a security action based on a result of comparing the probability value to the threshold value.

Abstract: Systems, methods, and apparatuses enable one or more security microservices to optimize a security configuration of a networked environment by applying security policies to resource groups passively to determine whether network sets, resource groups, or security policies should be modified, prior to active enforcement. When security policies are applied passively, security actions that are performed in response to a violation of security policy do not impact network traffic. The one or more security microservices evaluate the results of the passive application of security policies to determine whether there is at least one recommended modification to network sets, resource groups, or security policies. When there is at least one recommended modification, the modification is applied.

Abstract: Systems, methods, and apparatuses enable a machine learning model to determine a risk probability of a URL. A query configurator receives a URL in a query and normalizes the URL. The normalized URL is segmented into a plurality of segments. The plurality of segments is serially provided to the machine learning model trained to provide an indication of risk associated with the URL. The indication of risk associated with the URL can be a probability value based on one or more risk probabilities determined for segment-segment transitions of the URL. A security service compares the probability value of the URL to a threshold value and performs a security action based on a result of comparing the probability value to the threshold value.

Abstract: A method in one example implementation includes extracting a plurality of data elements from a record of a data file, tokenizing the data elements into tokens, and storing the tokens in a first tuple of a registration list. The method further includes selecting one of the tokens as a token key for the first tuple, where the token is selected because it occurs less frequently in the registration list than each of the other tokens in the first tuple. In specific embodiments, at least one data element is an expression element having a character pattern matching a predefined expression pattern that represents at least two words and a separator between the words. In other embodiments, at least one data element is a word defined by a character pattern of one or more consecutive essential characters. Other specific embodiments include determining an end of the record by recognizing a predefined delimiter.

Abstract: Systems and methods are described herein generally relating to network security, and in particular, embodiments described generally relate to real-time configurable load determination. For example, a method is disclosed, which calls for receiving a request to perform a security service, performing the security service on data included with the request; calculating a service load associated with and during the performing the security service, and transmitting a response to the request, wherein the response includes the calculated service load.

Abstract: Systems, methods, and apparatuses enable a security orchestrator to detect a virtual machine deployed in a virtual environment. The virtual machine includes a tag storing information associated with the virtual machine. The security orchestrator determines that the tag contains one or more security elements, the security elements indicating information for determining security settings and policies to be applied to the virtual machine. The security orchestrator determines the security settings and policies associated with the one or more security elements. The security orchestrator then assigns or applies the security settings and policies for the virtual machine based on values of the one or more security elements.

Abstract: Systems, methods, and apparatuses enable one or more security microservices to optimize a security configuration of a networked environment by applying security policies to resource groups passively to determine whether network sets, resource groups, or security policies should be modified, prior to active enforcement. When security policies are applied passively, security actions that are performed in response to a violation of security policy do not impact network traffic. The one or more security microservices evaluate the results of the passive application of security policies to determine whether there is at least one recommended modification to network sets, resource groups, or security policies. When there is at least one recommended modification, the modification is applied.

Abstract: Systems, methods, and apparatuses enable one or more security microservices to resolve the disparate impact of security exploits to resources within a resource group. When a resource group is determined to be impacted by a security exploit, the one or more security microservices determines whether the members of the resource group are disparately impacted. In response, the one or more security microservices splits the resource group into an impacted resource group and a non-impacted resource group and applies exploit mitigation to the resource group members in the impacted resource group. When the one or more security microservices determine that the resource group members of the split resource group are no longer disparately impacted, the one or more security microservices combine the impacted resource group and the non-impacted resource group back into a single resource group.

Abstract: System, methods, and apparatuses used to monitor network traffic of a datacenter and report security threats are described. For example, one embodiment selects a first microservice of a first hierarchy, configures the microservices of a second lower-level hierarchy to remove the first microservice from load balancing decisions to the first hierarchy, moves the first microservice to another server, configures data plane connectivity to the first microservice to reflect a change in server, and configures the microservices of the second hierarchy to include the first microservice in load balancing decisions to the first hierarchy.

Abstract: Systems, methods, and apparatuses enable deploying and executing a security policy on endpoints in a network. In an embodiment, a security orchestrator determines a set of endpoints in a network and determines transformed endpoints from the determined set of endpoints through an endpoint transformation process. The security orchestrator determines a connectivity vector for at least a first transformed endpoint and a second transformed endpoint, where the connectivity vector includes properties associated with the corresponding transformed endpoint. Using the properties from the connectivity vector of the first transformed endpoint, a security policy is generated and deployed to the first transformed endpoint. Based on a comparison of the connectivity vectors of the first and second transformed endpoints indicating a similarity between the first and second transformed endpoints, the security policy is further deployed to the second transformed endpoint.

Abstract: Systems, methods, and apparatuses enable a microservice to identify server-to-server communication paths between servers in a networked environment. The system identifies a server connected to a security microservice managed by a management microservice. The system deploys a security policy on the identified server, and identifies the server-to-server communication paths between the identified server and one or more of a plurality of servers. The system identifies the active communication paths from the identified server to one or more of a plurality of servers, or a subset of communication paths determined based on search criteria. When the system identifies servers of the one or more of the plurality of servers without an existing security policy, the system processes the identified server. In one embodiment, processing the identified servers includes applying a security policy to the identified servers.

Abstract: Systems, methods, and apparatuses enable a microservice-based application to dynamically update components of the system without disrupting messaging occurring between microservices in the system. Microservices of a microservice-based application store data indicating mappings between data object versions and message object versions and which is used update system components in a controlled manner. As used herein, a data object generally refers to any data generated by a microservice and that can be sent to one or more other microservices using a publish-subscribe messaging pattern or other messaging architecture. A message object refers to data used to encapsulate one or more data objects and used to send the data object from one component to another in the system.

Abstract: Systems, methods, and apparatuses enable a security service configurator to configure security policies for network traffic sent from internal resources of a secure environment. The security service configurator receives an indication of intrusion activity in network activity directed to a first internal resource of the secure environment. The security service configurator determines the occurrence a pivot of an intrusion between the first internal resource and a second internal resource within the secure environment. In response, the security service configurator configures an extrusion detection policy for the second internal resource. When the security service configurator receives an indication of extrusion activity in network activity directed from the second internal resource to a system external to the secure environment, the security service configurator performs a security process on the network activity.

Abstract: Systems, methods, and apparatuses enable a security microservice to provision security services to a resource (e.g., a virtual machine) by assigning the virtual machine to an island virtual switch. An island virtual switch is a virtual switch that does not have a direct connection to a physical link, and instead interfaces with a network traffic interceptor having a connection to a virtual switch with a connection to a physical link, to direct network traffic to and form the assigned virtual machine. The network traffic interceptor performs intercept operations on at least a portion of network traffic between the virtual switch and the island virtual switch associated with the virtual machine in order to perform security operations of the portion of network traffic.

Abstract: Systems, methods, and apparatuses enable agent-less network traffic interception using an overlay network. The system creates an inspection namespace on a server computer and clones namespace properties of a default namespace on the server computer to the inspection namespace. The system creates an overlay network in the inspection namespace connecting the server computer to a security service. The system creates a namespace bridge between the default namespace and the inspection namespace to pass server traffic between the namespaces. The system then transmits server traffic to the security service using the overlay network and an encapsulation protocol.

Abstract: A set of attributes of a particular asset of a computing environment is identified that are determined from data collected by one or more utilities in the computing environment. A criticality rating is automatically determined for the particular asset based at least in part on the set of attributes. A security activity is caused to be performed relating to the particular asset based on the automatically determined criticality rating of the particular asset.

Abstract: Systems, methods, and apparatuses enable a machine learning model to determine a risk probability of a URL. A query configurator receives a URL in a query and normalizes the URL. The normalized URL is segmented into a plurality of segments. The plurality of segments is serially provided to the machine learning model trained to provide an indication of risk associated with the URL. The indication of risk associated with the URL can be a probability value based on one or more risk probabilities determined for segment-segment transitions of the URL. A security service compares the probability value of the URL to a threshold value and performs a security action based on a result of comparing the probability value to the threshold value.

Abstract: A set of attributes of a particular asset of a computing environment is identified that are determined from data collected by one or more utilities in the computing environment. A criticality rating is automatically determined for the particular asset based at least in part on the set of attributes. A security activity is caused to be performed relating to the particular asset based on the automatically determined criticality rating of the particular asset.

Abstract: A method in one example implementation includes extracting a plurality of data elements from a record of a data file, tokenizing the data elements into tokens, and storing the tokens in a first tuple of a registration list. The method further includes selecting one of the tokens as a token key for the first tuple, where the token is selected because it occurs less frequently in the registration list than each of the other tokens in the first tuple. In specific embodiments, at least one data element is an expression element having a character pattern matching a predefined expression pattern that represents at least two words and a separator between the words. In other embodiments, at least one data element is a word defined by a character pattern of one or more consecutive essential characters. Other specific embodiments include determining an end of the record by recognizing a predefined delimiter.