Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor, a memory, and a network interface; and instructions encoded within the memory to instruct the processor to: receive an incoming packet via the network interface; extract from the incoming packet a source port and a source internet protocol (IP) address; correlate the source port and source IP to a device identifier (ID); receive a network policy for the device ID; and apply the network policy to the incoming packet.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; a network interface; an operating system including a native internet protocol (IP) stack; and a security agent, including instructions encoded within the memory to instruct the processor to: establish a split virtual private network (VPN) tunnel with a remote VPN service; receive outgoing network traffic; direct a first portion of the outgoing traffic to the VPN tunnel, including determining that the first portion includes an outgoing domain name service (DNS) request; and direct a second portion of the outgoing traffic to the native IP stack.

Abstract: An apparatus, related devices and methods, having a memory element operable to store instructions; and a processor operable to execute the instructions, such that the apparatus is configured to identify sensitive user data stored in the memory by a first application, determine a risk exposure score for the sensitive user data, apply, based on a determination that the risk exposure score is above a threshold, a security policy to restrict access to the sensitive user data, receive a request from a second application to access the sensitive user data, determine whether the first application and the second application are similar applications, and allow access based on a determination that the first application and the second application are similar applications.

Abstract: There is disclosed in one example a home router, including: a hardware platform including a processor and a memory; a local area network (LAN) interface; a data store including rules for domain name-based services; and instructions encoded within the memory to instruct the processor to: provision a certificate and key pair to provide domain name system (DNS) over hypertext transfer protocol secure (DoH) or DNS over transport layer security (DoT) services; receive on the LAN interface an encrypted DNS request; decrypt the DNS request; query the data store according to the DNS request; receive a rule for the DNS request; and execute the rule.

Abstract: There is disclosed in one example an enrollment over secure transport (EST)-capable gateway device, including: a hardware platform including a processor and a memory; a first network interface to communicatively couple to an external network, including an external DNS server; a second network interface to communicatively couple to a home network; a caching DNS server including a local DNS cache, and logic to provide DNS services to the home network; and an EST proxy to authenticate to a local endpoint on the home network, provision a DNS server certificate on the local endpoint, provision an authentication domain name (ADN) on the local endpoint, and provide encrypted domain name system (DNS) services to the local endpoint.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; an operating system including a priority architecture; a multi-process web browser; and a browser optimizer agent including instructions encoded within the memory to instruct the processor to: inspect a process of the web browser; determine from the inspection that resource utilization for the process can be improved, and adjust resource priority via the operating system to improve resource utilization for the process.

Abstract: The disclosed technology teaches finding contents of one or more virtual machines running on one or more cloud servers. The disclosed technology includes a cloud snapshot metadata manager periodically instantiating indexing virtual machines on the cloud servers. The indexing virtual machines compile metadata of one or more virtual machines on the cloud server from one or more snapshot file systems of the virtual machines. The indexing virtual machines then transmit the compiled metadata to the cloud snapshot metadata manager. The cloud snapshot metadata manager forwards the metadata to a client and causing the client to create an index of the compiled metadata from multiple virtual machine snapshots on multiple clouds and responding to queries from a user using the index of compiled metadata, without requiring the user to instantiate or to attach to the snapshots.

Abstract: System and computer-implemented method for license management of virtual appliances in a computing system uses an activated virtual appliance in the computing system to forward an activation license from a license server on behalf of an unactivated virtual appliance in the computing system.

Abstract: Mechanisms (which can include systems, methods, and media) for securing an Internet of Things (IoT) device are provided, the mechanisms comprising: receiving a DNS request identifying a fully qualified domain name (FQDN) that originated from the IoT device; in response to receiving the DNS request, determining by a hardware processor whether to allow or drop a connection between the IoT device and a target domain corresponding to the FQDN; and responding to the DNS request with instructions to allow or drop the connection based on the determining.

Abstract: Mechanisms for split tunneling are provided, the method comprising: identifying a plurality of user devices; determining that communications for a first device of the plurality of user devices are to be tunneled; receiving a DNS request from a second device of the plurality of user devices; modifying the DNS request to request meta information corresponding to a domain identified in the DNS request; sending the DNS request to a DNS server using the hardware processor; receiving a response to the DNS request including the meta information; determining that communications for the second device are not to be tunneled based at least in part based on the meta information; and causing the communication for the first device to be tunneled and the communications for the second device to not be tunneled.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to verify encrypted handshakes. An example apparatus includes a message copier to clone a client introductory message, the client introductory message is included in a first handshake for network communication between a client and a server, a connection establisher to initiate a second handshake between the apparatus and the server based on the cloned client introductory message, and a decrypter to, in response to the second handshake, decrypt a certificate sent by the server.

Abstract: The disclosed technology teaches finding contents of one or more virtual machines running on one or more cloud servers. The disclosed technology includes a cloud snapshot metadata manager periodically instantiating indexing virtual machines on the cloud servers. The indexing virtual machines compile metadata of one or more virtual machines on the cloud server from one or more snapshot file systems of the virtual machines. The indexing virtual machines then transmit the compiled metadata to the cloud snapshot metadata manager. The cloud snapshot metadata manager forwards the metadata to a client and causing the client to create an index of the compiled metadata from multiple virtual machine snapshots on multiple clouds and responding to queries from a user using the index of compiled metadata, without requiring the user to instantiate or to attach to the snapshots.

Abstract: The disclosed technology teaches recovering a first virtual machine or an instance with an Internet Protocol address, a first root volume and one or more data volumes that are corrupted. The first virtual machine is hosted by a first cloud server that hosts plurality of virtual machines. The disclosed technology includes instructing the first cloud server to launch a recovery virtual machine. The recovery virtual machine launches one or more new data volumes based upon captured file system images in one or more snapshots taken of corrupted data volumes of the first virtual machine prior to becoming corrupted. The recovery virtual machine detaches the corrupted data volumes and attaches the new data volumes launched to the first virtual machine. The Internet Protocol address of the first virtual machine remains unchanged.