Abstract: A method is suggested for providing a response, wherein the method comprises: obtaining a challenge from a host, determining the response based on the challenge, determining an auxiliary value based on the response or the challenge, providing the auxiliary value to the host, obtaining a random value from the host, checking the validity of the challenge based on the random value, and providing the response to the host only if the challenge is valid. Also, according methods running on the host and system are provided. Further, corresponding devices, hosts and systems are suggested.

Abstract: Some embodiments provide a method for performing services on a host computer that executes several machines in a datacenter. The method configures a first set of one or more service containers for a first machine executing on the host computer, and a second set of one or more service containers for a second machine executing on the host computer. Each configured service container performs a service operation on data messages associated with a particular machine. For each particular machine, the method also configures a module along the particular machine's datapath to identify a subset of service operations to perform on a set of data messages associated with the particular machine, and to direct the set of data messages to a set of service containers configured for the particular machine to perform the identified set of service operations on the set of data messages.

Abstract: Techniques for applying context-based security over interfaces in O-RAN environments in mobile networks are disclosed. In some embodiments, a system/process/computer program product for applying context-based security over interfaces in O-RAN environments in mobile networks includes monitoring network traffic on a mobile network at a security platform to identify a GTP-U tunnel session setup message associated with a new session; extracting a plurality of parameters from the GTP-U tunnel session setup message and from F1AP traffic to extract contextual information at the security platform; and enforcing a security policy at the security platform on the new session based on one or more of the plurality of parameters to apply context-based security to the network traffic transported between O-RAN Distributed Unit (O-DU) and O-RAN Centralized Unit Control Plane (O-CU-CP) nodes in an O-RAN environment in the mobile network.

Abstract: An indexable authentication system is provided for authenticating users and/or groups across multiple sessions. The indexable authentication system may include an authentication server, security component, communication component, credential database, authentication credential, credential index medium, origin terminal, access provisioning component, content filtering component, payment processing component, and provider aspects. Authorized sessions may be stored on a user device for future authentication actions. A method for authenticating users across multiple sessions using the indexable authentication system is also provided.

Abstract: In an example aspect, a method includes receiving, using a hardware processing device, a first classification of a network address associated with a login attempt as an account validator actor. The method also includes based on the first classification, updating, using the hardware processing device, a system deny list to include the network address for a first length of time. The method also includes after expiration of the first length of time removing the network address from the system deny list, receiving a second of classification of the network address as an account validator actor, and updating the system deny list to include the network address for a second length of time.

Abstract: Methods for authenticating a genuine presence of a human involve directing one or more modulated probes towards a body part of the human, receiving a response to the probes from the body part, and analyzing the response to determine whether it contains spectral characteristics that match a class of responses to such probes for the human body part in a human population. Replay attacks are countered by varying the modulation of the probe temporally, spatially, and spectrally each time authentication is performed. The probes may include electromagnetic radiation, acoustic beams, or particle beams that generate a detected reflection, absorption pattern, scintillation, or fluorescence response of the body part. The analysis of the response may be directed to one or more of temporal, spatial, and spectral variations in accordance with the nature of the probes and the modulation.

Abstract: Aspects of the subject disclosure include, for example, selecting a first edge device of a first network to provide a part of a service to a communication device, establishing a first session between the first edge device and a device of a second network for a duration of the service, wherein the first session is associated with a first portion of an address, establishing a second session between the first edge device and the communication device in accordance with an access technology to facilitate a transfer of first data associated with the first part of the service to the communication device, wherein the second session is associated with a second portion of the address, and wherein the second portion of the address identifies the access technology, and transferring the first data to the communication device in accordance with the address, wherein the address comprises a third portion that identifies the communication device. Other embodiments are disclosed.

Abstract: An apparatus for managing a security policy of a firewall according to an embodiment includes a rule request module that receives one or more requested rules to be applied to a firewall, a rule merge module that merges a pre-applied rule of the firewall and the one or more requested rules when the number of rules applied to the firewall exceeds a maximum number of rule registrations of the firewall due to the requested rule, and a firewall interface module that receives the pre-applied rule from the firewall and provides the pre-applied rule to the rule merge module, and re-registers a merged rule merged through the rule merge module in the firewall, and the rule merge module is configured to merge the pre-applied rule and the one or more requested rules so that a security vulnerable space occurring due to the merging is minimized.

Abstract: Disclosed here is a method to determine a user intent when a user device initiates an interactive voice response (IVR) call with a wireless telecommunication network. A processor can detect the IVR call initiated with the network and determine whether the user device is a member of the network. Upon determining that the user device is a member of the network, the processor can obtain user history including interaction history between the user and the network. Based on the user history, the processor can predict the user intent when the user initiates the IVR call. The processor can detect whether user device is a 5G capable device. Upon the determining that the device is 5G capable and based on the predicted user intent, the processor can suggest to the user an application configured to execute on the user device and configured to address the predicted user intent.

Abstract: Methods, apparatus, systems and articles of manufacture to prevent illicit proxy communications from affecting a monitoring result are disclosed. An example method includes accessing a log of communications of a proxy server, the log of communications including a plurality of records, each of the plurality of records corresponding to a requesting device that transmitted a communication to the proxy server, identifying a first internet protocol (IP) address subnet in the log of communications, the first IP address subnet associated with a block of IP addresses, filtering the plurality of records for a first set of records associated with communications originating from the first IP address subnet, and in response to determining the first set of records does not include a record associated with a heartbeat communication, adding the first IP address subnet to a blacklist of the proxy server.

Abstract: The present disclosure is directed to monitoring internal process memory of a computer at a time with program code executes. Methods and apparatus consistent with the present disclosure monitor the operation of program code with the intent of detecting whether received program inputs may exploit vulnerabilities that may exist in the program code at runtime. By detecting suspicious activity or malicious code that may affect internal process memory at run-time, methods and apparatus described herein identify suspected malware based on suspicious actions performed as program code executes. Runtime exploit detection may detect certain anomalous activities or chain of events in a potentially vulnerable application during execution. These events may be detected using instrumentation code when a regular code execution path of an application is deviated from.

Abstract: An information processing apparatus includes a first port, a second port, a storage device, and a determining unit. The first port is to be connected to a first network having a first security level. The second port is to be connected to a second network having a second security level. The second security level is lower than the first security level. The storage device holds first setting information for connection to the first network and second setting information for connection to the second network. The determining unit makes network connection to at least the first port in accordance with the second setting information and determines, on the basis of a result from the network connection to at least the first port in accordance with the second setting information, whether the network connection to the first port is made properly.

Abstract: A firewall service for a cloud computing environment is described that uses an application identifier-based ruleset to process data packets. An application identifier-based rule may provide an action to be taken on a received packet based on the source application identifier, the destination application identifier, and/or an identification token associated with the source application. A firewall controller may verify applications of the computing environment, provide unique application identifiers, and manage the application identifier rules for one or more firewalls of the computing environments.

Abstract: Systems and methods for detecting and mitigating cyber-attacks directed to connected vehicles. A method includes classifying a behavior of a connected vehicle into at least one classification with respect to a location of data transmission relative to the connected vehicle, wherein the at least one classification includes any of local and remote; determining a plurality of vehicle-related cyber-attack indicators related to the behavior of the connected vehicle; performing risk analysis based on a first combination of vehicle-related cyber-attack indicators and the classification, wherein performing the risk analysis further comprises matching the first combination to a plurality of second combinations of cyber-attack indicators of a plurality of known attack patterns, wherein each of the plurality of known attack patterns has at least one classification matching the at least one classification of the connected vehicle; and performing at least one mitigation action based on the risk analysis.

Abstract: Some embodiments provide a method for a gateway datapath that executes on a gateway device to implement logical routers for a set of logical networks and process traffic between the logical networks and an external network. The method receives a data message at the gateway device. To process the data message, the method executes a set of processing stages that includes a processing stage for a particular logical router. As part of the processing stage for the particular logical router, the method (i) uses an access control list (ACL) table to determine whether the data message is subject to rate limiting controls defined for the particular logical router and (ii) only when the data message is subject to rate limiting controls, determines whether to allow the data message according to a rate limiting mechanism for the particular logical router.

Abstract: A method for processing security events by applying a rule-based alarm scheme may be provided. The method includes generating a rule index of rules and an indicator of compromise index for each of the rules. The method includes also processing the incoming security event by applying the rules, increasing a current rule counter relating to a triggered rule, and increasing a current indicator of compromise counter pertaining to the triggered rule. Furthermore, the method includes generating a pseudo security event from received data about known attacks and related indicators of compromise, processing the pseudo security events by sequentially applying the rules, increasing a current rule counter of pseudo security events, and increasing a current indicator of compromise counter for pseudo security events, and sorting the rules and sorting within each rule the indicator of compromise values in the indicator of compromise index.

Abstract: A relay device includes a first communication unit that communicates with an information management apparatus connected to the Internet via a firewall, a second communication unit that performs near field communication with a terminal apparatus, a storage unit that acquires from the information management apparatus, using the first communication unit, information for identifying the terminal apparatus and mode instruction information that is instruction information indicating that an operation is to be performed in a second mode for acquiring data having a larger data amount than in a first mode, and stores the acquired information, and a control unit that in a case where the terminal apparatus connected using the second communication unit is a terminal apparatus that needs to operate in the second mode, performs control so as to transmit mode instruction information for instructing the operation in the second mode, to the terminal apparatus, and transmit data acquired from the terminal apparatus by using the

Abstract: The present disclosure relates to traffic monitoring through one or more access control servers configured configured for (i) routing server resource request messages to resource server(s), (ii) extracting information identifying a target server resource from data packets corresponding to one or more received server resource request messages, and (iii) selectively transmitting the received server resource request message to a resource server. The security server(s) is configured to receive a server resource request message data extracted from a server resource request message and initiate a first security response, wherein the initiated first security response is dependent on analysis of the server resource request message data.

Abstract: Provided is a method of controlling transmission of a packet, the method including generating first group generation information used to generate a plurality of first virtual machine groups by grouping at least one of a plurality of virtual machines in a first host server, based on a network service descriptor related to at least one service provided by a plurality of host servers, transmitting the first group generation information to the first host server, generating a packet transmission rule related to packets transmitted among the plurality of first virtual machine groups, based on the network service descriptor, transmitting the generated packet transmission rule to the first host server, receiving, from the first host server, a notification message notifying about receipt of a packet transmission request that violates the transmitted packet transmission rule, when receiving the violating packet transmission request in the first host server, and outputting the notification message received from the firs

Abstract: Methods and systems for managing data transmissions. The methods disclosed herein may involve receiving requests for a first and a second service, and routing communications with the second service through the first service without requiring the firewall to be reconfigured to allow communications with the second service.

Abstract: Briefly, embodiments, such as methods and/or systems for managing and/or monitoring secure network connections between endpoints without intervening between the endpoints, for example, are described.

Abstract: Unauthorized use of user credentials in a network is detected. Data indicative of text strings being used to access resources in the network is accessed. Regex models are determined for the text strings. Groupings of the regex models are determined based on an optimization of a cumulative weighted function. A regex model having a cumulative weighted function that exceeds a predetermined threshold is identified. An alert is generated when the cumulative weighted function for the identified regex model exceeds the predetermined threshold.

Abstract: Systems, methods, and computer-readable media analyzing memory usage in a network node. A network assurance appliance may be configured to obtain reference concrete level rules for a node in the network, obtain implemented concrete level rules for the node from the node in the network, compare the reference concrete level rules with the implemented concrete level rules, and determining that the implemented concrete level rules are not appropriately configured based on the comparison.

Abstract: A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

Abstract: Disclosed herein are systems and methods of executing scanning software, such an executable software program or script (e.g., PowerShell script), by a computing device of an enterprise, such as a security server, may instruct the computing device to search all or a subset of computing devices in an enterprise network. The scanning software my identify PowerShell scripts containing particular malware attributes, according to a malicious-code dataset. The computing system executing the scanning software may scan through the identified PowerShell scripts to identify particular strings, values, or code-portions, and take a remedial action according to the scanning software programming.

Abstract: Introduced here are computer programs and computer-implemented techniques for producing records of digital activities that are performed with accounts associated with employees of enterprises. Such an approach ensures that records are created for digital activities that are deemed unsafe and for digital activities that are deemed safe by a threat detection platform. At a high level, more comprehensively recording digital activities not only provides insight into the behavior of individual accounts, but also provides insight into the holistic behavior of employees across multiple accounts. These records may be stored in a searchable datastore to enable expedient and efficient review.

Abstract: A distributed data storage system can connect a customization module to at least one host and a second data storage device via a network controller. The customization module may disconnect the first data storage device from the host and second data storage device prior to assessing a security operation of the first data storage device with the customization module, generating an optimization strategy with the customization module based on the assessed security operation, implementing the optimization strategy in the first data storage device to alter at least one security parameter of the first data storage device, and then connecting the first data storage device to the host and second data storage device to allow at least one data access to be executed to the first data storage device with the altered at least one security parameter.

Abstract: When a transformation job of flow logs generated for a cloud environment is triggered, a security service determines a parameterized template for batch data processing operations offered by the cloud service provider (CSP) to use based on the type of transformation job. The security service communicates an indication of the template and the corresponding parameter values to a data processing service/pipeline offered by the CSP. The provisioned processing resources retrieve the flow logs from a designated location in cloud storage, complete the transformation, and store the transformed flow logs in a new storage location. If the CSP does not provide a data processing service/pipeline which can perform bulk data transformation, the security service uses a generic parameterized template specifying a transformation job to be run on a cluster. Upon completion, the security service retrieves and analyzes the transformed flow logs as part of threat detection performed for securing the cloud environment.

Abstract: A novel method for managing firewall configuration of a software defined data center is provided. Such a firewall configuration is divided into multiple sections that each contains a set of firewall rules. Each tenant of the software defined data center has a corresponding set of sections in the firewall configuration. The method allows each tenant to independently access and update/manage its own corresponding set of sections. Multiple tenants or users are allowed to make changes to the firewall configuration simultaneously.

Abstract: A type identification is firstly performed on a to-be-processed access request, and when the to-be-processed access request is identified as a first-type access request, anomaly identification is then performed on the to-be-processed access request by using a machine learning model. The techniques of the present disclosure not only accurately identify an abnormal access request, but also effectively reduce the number of access requests that need to be identified by the machine learning model, thus saving computing resources of the device and improving the operating performance of the device.

Abstract: The present disclosure is directed to systems and methods for dynamic firewall discovery on a service plane. The method includes the steps of identifying a source data packet for transmission from a source machine at a source site to a destination machine at a destination site, wherein the source data packet corresponds to a request for connection between the source machine and the destination machine over a WAN, inspecting the source data packet at a first firewall associated with the source site, marking the source data packet with a marker to indicate inspection by the first firewall, transmitting the marked source data packet to the destination site, determining at the destination site that the source data packet has been inspected based on the marker, and forwarding the source data packet to the destination machine at the destination site, without inspection of the source data packet by a second firewall associated with the destination site.

Abstract: Described herein is a system for automatically capturing configuration changes to the cloud computing resources. The system for automatically capturing configuration changes may detect changes to configurations of cloud computing resources across the geographic regions, in real-time. The changes may be stored in a central data storage device instantiated by a central cloud computing account. Furthermore, a relationship graph indicating the relationships between the different cloud computing resources may be generated.

Abstract: An energy virtualization system may include a physical interface gateway that may include a plurality of common interfaces. The plurality of common interfaces may be coupled to a plurality of energy-producing devices, a plurality of energy-control devices, and a plurality of energy-consuming devices. The system may also include a building network, where the plurality of energy-producing devices, the plurality of energy-control devices, and the plurality of energy-consuming devices can communicate through building network. The system may additionally include a computing device running an energy virtualization layer. The virtualization layer may include a plurality of virtual devices representing the plurality of energy-producing devices, the plurality of energy-control devices; and the plurality of energy-consuming devices. The virtualization layer may also direct energy from the energy-producing devices to the energy-consuming devices according to information received from the energy-control devices.

Abstract: Devices, computer-readable media, and methods are disclosed for establishing a secure tunnel having a path that includes an untrusted link between a wireless access point and a gateway device. For example, a processor may detect a security event associated with a wireless access point that is in communication with a gateway device of the telecommunication network via a trusted link, establish a secure tunnel between the gateway device and an endpoint device that is accessing the telecommunication network via the wireless access point and the gateway device, and transport payload traffic between the endpoint device and the gateway device via the secure tunnel. A path of the secure tunnel may include an untrusted link between the wireless access point and the gateway device. In addition, the payload traffic that is transported via the secure tunnel may be indecipherable by the wireless access point.

Abstract: Disclosed is a method and a system for using techniques to stitch cybersecurity, generate network risks and predictive mitigations. The method includes collecting data from several data sources and labeling events. The method includes creating a profile for each entity observed in the data with the behavior of the profile determined through the analytical analysis of the events in which the entity participates including the transference of labels from events to the entity. One or more profiles of an organization are identified that have changed and the change is processed using specific attack sequence detection to identify one or more risks associated with each profile. The method further includes notifying one or more users associated with the one or more profiles based on the one or more risks.

Abstract: Systems and methods can support surveying mobile wireless base stations. One or more radio frequency antennas can be positioned within an electromagnetic environment where user equipment devices are serviced by base stations. One or more radio frequency receivers can electrically couple signals from the radio frequency antennas. The signals can be scanned by the radio frequency receivers for synchronization with one or more of the base stations. Downlink channels from the identified base stations may be decoded. Performance metrics may be collected regarding the decoded downlink channels. Optimization parameters may be established to improve effective monitoring of the base stations under constraints associated with the radio frequency antennas and the radio frequency receivers.

Abstract: A host computer system may be configured to connect to a network. The host computer system may be configured to implement a workspace and an isolated computing environment. The host computer system may be configured to isolate the isolated computing environment from the workspace using an internal isolation firewall. The internal isolation firewall may be configured to prevent data from being communicated between the isolated computing environment and the workspace, for example, without an explicit user input. When malware is received by the isolated computing environment, the internal isolation firewall may be configured to prevent the malware from accessing data on the workspace of the host computer system. The host computer system may be configured to implement one or more mechanisms that prevent malware received by the host computer system from exfiltrating, to a network destination, data from the host computer system and data from other devices on the network.

Abstract: In a method for data collection by means of a vehicle fleet and a control center, the control center produces data collection tasks for data collection and transmits at least one of the data collection tasks (6) to at least one vehicle in the vehicle fleet, the vehicles in the vehicle fleet being identifiable by means of vehicle attributes. The control center links each data collection task with an objective, wherein the vehicle attributes of the vehicles logged in to the control center are compared with the objectives of the data collection tasks, after which, if the objective of one of the data collection tasks matches the vehicle attributes of one of the vehicles, the corresponding data collection task is transmitted to the corresponding vehicle, after which a data collection device in the vehicle acquires task-specific data and transmits it to the control center.

Abstract: A method, system, and computer-usable medium are disclosed for managing network communication by, responsive to an attempted connection from a client to a server, receiving information regarding the connection from the client, determining if the information regarding the connection matches an entry of a reputation cache, and responsive to determining that the information regarding the connection matches an entry of the reputation cache, undertaking a remedial action in accordance with a security policy.

Abstract: The invention comprises a playing memory management method, comprising: Step S1, creating a contiguous memory area: Step S2, dividing a contiguous first memory range from the memory area when digital rights management playing information is received; Step S3, setting, by a secure operating system, an access permission for the first memory range; Step S4, performing, by the secure operating system, a decoding operation in the first memory range until the decoding operation is completed; and Step S5, clearing, by the secure operating system, data in the first memory range, releasing the access permission for the first memory range, and releasing the first memory range. The present invention has the beneficial effects that the memory sharing is realized by creating one memory area, setting the access permission during use and clearing data and releasing the access permission after use, so that the manufacturing cost is reduced.

Abstract: A method selectively installs a particular signature on a particular gateway based on the type of signature and the type of computer asset that is protected by that particular gateway. A system and/or analyst receives multiple signatures, where different signatures from the multiple signatures are specific for different types of computer assets. The system and/or analyst identifies and extracts a particular signature, from the multiple signatures, that will protect, if implemented on the appropriate gateway, a particular computer asset. The system and/or analyst identifies the appropriate gateway that protects the particular computer asset, and installs only the extracted particular signature from the multiple signatures on that appropriate gateway.

Abstract: A method for managing data includes obtaining, by a local data manager, an actuation command request, performing a metadata analysis on confidence metadata associated with the actuation command request, making a determination that the actuation command request is valid, and in response to the determination, sending an actuation command to an actuation device based on the actuation command request.

Abstract: A media flow transport security manager of a hybrid cloud-based media production system having a network orchestrator and an extensible resource manager (ERM) includes a firewall communicatively coupled to a computing platform having a hardware processor and a memory storing a security software code. The hardware processor executes the security software code to communicate with the network orchestrator to identify multicast production media flow(s) for processing in a cloud-based virtual production environment, and to communicate with the ERM to obtain an identifier of each cloud-based resource used for processing cloud production media flow(s) corresponding to the identified multicast production media flow(s).

Abstract: The present disclosure combines Software Defined Networks (SDN) concepts with Security concepts. The coordination between SDN and Security provides a myriad of advantageous use cases. One exemplary use case involves providing a fast path at network speeds using SDN by routing network traffic to bypass a security appliance once the security appliance determines that the security appliance no longer needs to inspect the network traffic. Another exemplary use case involves remote provisioning of security zones.

Abstract: The present disclosure provides a modem and a communication method. The modem includes a processor. The processor scans a first network channel of a plurality of network channels provided by the modem. The processor enters an idle scan time period and performs a packet forwarding operation during the idle scan period upon completion of scanning the first network channel. The processor scans a second network channel of the plurality of the network channels after the scanning idle period.

Abstract: User input is collected that is received by a client device, where the client device provides access to a remotely hosted application. The client device analyzes the collected user input received by the client device in order to detect collected user input indicative of machine behavior that simulates inputs provided by a user. The client device prevents subsequent access to the hosted application through the client device in response to detection of collected user input received by the client device indicative of machine behavior that simulates inputs provided by a user, in order to protect the remotely hosted application from malicious attacks.

Abstract: Solution management systems and methods are presently disclosed that enable receiving, compiling, and analyzing vendor solutions, determining the vendor solutions that address a target vulnerability of a client network and/or client devices, determining additional vulnerabilities of the client network and/or client devices that the vendor solutions address, and selecting a vendor solution to remediate the target vulnerability. The presently disclosed systems and methods also enable scoring, risk evaluation, and additional metrics to facilitate determining the vendor solution(s) that have the largest impact and/or benefit to the various vulnerabilities of the client network and/or client devices.

Abstract: Systems and methods are described for scanning or monitoring of Domain Name System (DNS) records of an entity for identifying anomalous changes to the DNS records that may be indicative of possible DNS hijacking. According to one embodiment, DNS monitoring engine running on a network security appliance protecting a private network, or implemented as a cloud-based service can be used for monitoring DNS records of the entity. Any modification in the monitored DNS record(s) can be detected within a pre-defined or configurable time-frame. The detected modification can be determined to be anomalous or not, by assigning a criticality value based on current value and previous value of one or more fields of the DNS record, one or more attributes of the DNS record and one or more derived attributes based on the DNS record.

Abstract: A method for configuring, via a website, a device to provide printing services to a local network is described. The method includes creating, via a website, a service host object that comprises a network address of a device on a local network and a service host name. The method also includes configuring, via the website, one or more printing settings for one or more printing services. The method further includes sending an indication to the device on the local network to run a service manager. The method additionally includes sending an indication to the service manager to run the one or more printing services on the local network based on the one or more printing service settings.

Abstract: Presented herein are methodologies for implementing multi-domain cloud security and ways to partition end-points in data center/cloud network topologies into hierarchical domains to increase security and key negotiation efficiency. The methodology includes receiving, from a first endpoint, at a cloud security protocol stack, a packet encrypted in accordance with a cloud security key negotiated between the first endpoint and a second endpoint; extracting a cloud security globally unique domain-id from the packet; querying a cloud security domain repository using the cloud security globally unique domain-id as an index to identify a first cloud security domain, among a plurality of cloud security domains, to which the first endpoint and the second endpoint belong; and selecting the first cloud security domain to process the packet.