Abstract: Various embodiments provide an approach to controlled access of websites based on website content, and profile for the person consuming the data. In operation, machine learning techniques are used to classify the websites based on community and social media inputs, crowdsourced data, as well as access rules implemented by parents or system administrators. Feedback from users/admins of the system, including the instances of allowed or denied access to websites, in conjunction with other relevant parameters, is used for iterative machine learning techniques.

Abstract: A user may access resources within a secure network through an agent stored on a first computing device within the secure network which then opens an outbound secure channel through a firewall of the secure network to a request collector stored on a second computing device outside the secure network. The agent waits until the request collector has rendered available on the outbound secure channel a request from the user for access to the resources in the secure network. The agent then reads the request rendered available on the outbound secure channel by the request collector and causes the request to be executed utilizing the resources within the secure network. The agent responds back to the request collector on the outbound secure channel which then responds to the user.

Abstract: Within a data center, network interfaces may vary greatly. Network controllers from various manufacturers may support different capabilities and may be implemented as different types of hardware devices. Embodiments provide techniques for adaptive configuration of a network interface that is migrated from a source IHS to a target IHS. A network migration tool evaluates discrepancies between the source network interface configuration and the target network interface configuration. Based on the identified discrepancies, the network migration tool determines whether the target network interface may be adapted to be compatible, or at least not incompatible, with the source network interface. Multiple IHSs may be evaluated as potential targets for migration to identify a target IHS that utilizes a target network interface that most closely aligns with the configuration of the source network interface, where this alignment includes adaptive modifications of the target network interface.

Abstract: A network system is provided between at least a first client site and a second client site, the first and the second client site are at a distance from one another. A client site network component is implemented at least at the first client site, the client site network component bonding or aggregating one or more diverse network connections so as to configure a bonded/aggregated connection that has increased throughput. At least one network server component may be configured to connect to the client site network component using the bonded/aggregated connection. A cloud network controller may be configured to manage the data traffic and a virtual edge providing transparent lower-link encryption for the bonded/aggregated connection between the client site network component and the network server component.

Abstract: Various embodiments provide an approach to controlled access to online content. Such control may be based on a multitude of factors including but not limited to website content, profile for the person consuming the data. In operation, machine-learning techniques are used to classify the websites based on community and social media inputs, crowd-sourced data, as well as access rules implemented by parents or system administrators. Feedback from users/admins of the system, including the instances of allowed or denied access to websites, in conjunction with other relevant parameters, is used for iterative machine-learning techniques. Embodiments may also allow for real, or near real-time, approval or denial of access to websites by registered admins.

Abstract: System and methods for communicating across a network comprise: a database containing high level security rules for the network; computing devices communicating on the network; a security rule translation module; event sensors configured to monitor and detect one or more events occurring on or relating to the network, and in response thereto, provide to the security rule translation module an indication of occurrence for each of the one or more security events. The security rule translation module may associate the security rules with the security events corresponding to the received indication, and produce a low-level security rule based on data from the high-level security rule and the received indication of occurrence of the security events. The system may also include switches coupled to receive the low-level security rules from the security rule translation module and enforce the low-level security rules on the network.

Abstract: With exponential growth in virtualized traffic within physical data centers, many end users (e.g., individuals and enterprises) have begun moving work processes and data to cloud computing platforms. However, accessing virtualized traffic traversing the cloud computing platforms for application, network, and security analysis is a challenge. Introduced here, therefore, are visibility platforms for monitoring virtualized traffic traversing a cloud computing platform, such as Amazon Web Services, VMware, and OpenStack. A visibility platform can be integrated into a cloud computing platform to provide a coherent view of virtualized traffic in motion across the cloud computing platform for a given end user. Said another way, a visibility platform can intelligently select, filter, and forward virtualized traffic belonging to an end user to a monitoring infrastructure, thereby eliminating traffic blind sports.

Abstract: A method evaluates whether a web domain is malicious. The method forms a feature vector, including data from web crawling. The features may include: whether the domain is cached from web crawling; the number of unique publicly accessible URIs hosted on the domain; the number of backlinks referencing the domain; the number of unique domain names in referring backlinks; the number of unique IP addresses in the referring backlinks; the number of unique IP address groups in the referring backlinks; and the proportion of hyperlinks to the domain from popular websites. For multiple classifiers, the method computes a probability that the domain is malicious. Each classifier is a decision tree constructed according to a subset of features and a subset of sample feature vectors. The method combines the individual probabilities to form an overall probability and returns the computed overall probability to the client.

Abstract: Systems, computer-implemented methods, and computer program products that facilitate orchestration engine components for a cloud computing environment are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a blueprint component that can, based on one or more dependencies between respective resource components of a cloud-based computing platform, declare a steady state action to be executed in response to a steady state event indicative of an event associated with steady state operation of a resource component of the cloud-based computing platform. The computer executable components can further comprise an orchestration engine component that can, based on the blueprint component, execute the steady state action in response to the steady state event.

Abstract: Systems and methods for receiving information on network firewall policy configurations are disclosed. Based on the received firewall configuration information, a configuration of a firewall and/or subnet of network devices is automatically provisioned and/or configured to control network traffic to and from the subnet.

Abstract: Method and apparatus for creating a second unique identifier for a user in a second system based on a first unique identifier for a user in a first system. A first authentication process is initiated based on a first unique identifier associated with the user in the first system. Responsive to the user successfully authenticating during the first authentication process, the second unique identifier for a user in the second system is generated. The second unique identifier is based on user data associated with the first unique identifier in the first system, and the second unique identifier is different from the first unique identifier.

Abstract: A method, an electronic device, and a computer readable medium for vulnerability detection are disclosed. The method includes generating a mapped dataset of a portion of an OPC UA server by mapping the portion of the server, wherein the server is compatible with OPC UA machine to machine (M2M) protocol communication including transport encodings and services. The method also includes identifying input test data to test the portion of the server based in part on the mapped dataset set in order to detect errors. The method further includes performing a plurality of targeted attacks by loading the input test data onto the portion of the server. In response to loading the input test data into the server, the method includes monitoring responses of the server to detect an error. Further, in response to detecting the error the method includes generating a report that indicates the detect error.

Abstract: The disclosure relates generally to methods, systems, and apparatuses for managing network connections. A system for managing network connections includes a storage component, a decoding component, a rule manager component, and a notification component. The storage component is configured to store a list of expected connections for a plurality of networked machines, wherein each connection in the list of expected connections defines a start point and an end point for the connection. The decoding component is configured to decode messages from the plurality of networked machines indicating one or more connections for a corresponding machine. The rule manager component is configured to identify an unexpected presence or absence of a connection on at least one of the plurality of network machines based on the list of expected connections. The notification component is configured to provide a notification or indication of the unexpected presence or absence.

Abstract: The disclosure is directed towards systems and methods for improving security in a computer network. The system can include a planner and a plurality of controllers. The controllers can be deployed within each zone of the production network. Each controller can be configured to assume the role of an attacker or a target for malicious network traffic. Simulations of malicious behavior can be performed by the controllers within the production network, and can therefore account for the complexities of the production network, such as stateful connections through switches, routers, and other intermediary devices. In some implementations, the planner can analyze data received from the controllers to provide a holistic analysis of the overall security posture of the production network.

Abstract: A method for assisting communication of a source host upon movement from a first Data center (DC) to a second DC is disclosed. The method includes identifying that the source host has moved from the first DC to the second DC, ensuring that packets identifying a source as the source host in the second DC are copied to a control plane network element, and, for a first destination host identified in a first packet copied to the control plane network element and identified as a host that is not in the second DC, updating an Address Resolution Protocol (ARP)/Neighbor Discovery Protocol (NDP) cache of the source host by sending, to the source host, a first ARP message/unsolicited neighbor advertisement specifying a Media Access Control (MAC) address of an edge router associated with the source host in the second DC as a destination MAC address for the first destination host.

Abstract: A flow control method and apparatus are provided. The flow control apparatus groups stored multiple pieces of address information into at least two security groups according to attribute information; arranges the at least two security groups, so that a security group at a high level may completely include a security group at a low level and security groups at a same level are completely independent of each other without overlap; receives a policy configuration instruction; configures a specified rule according to the policy configuration instruction, and configures a storage sequence of the specified rule according to the policy configuration instruction, where the specified rule is generated according to the policy configuration instruction; receives a data packet after the at least two rules are configured; and processes the data packet according to the at least two rules and storage sequences of the rules, to implement flow control.

Abstract: Today's user is facing an ever increasing number of cyber threats from infectious software to scam artist phishing for their passwords and other personal information. Accordingly, a technique is provided to mediate a user's access to electronic resources, which can include malware and sites that trick the user into giving their password. Based on information known about the resource at the time the user accesses it, the technique can warn the user that the resources is suspicious and it is not safe to provide their password. Even if the resource is safe, the technique can warn the user not reuse their password, thereby promoting good password hygiene.

Abstract: A cloud based mobile internet protocol messaging spam defense. Short message service (SMS) messages are analyzed by a cloud based virtual machine to determine if should be considered potentially unwanted messages (e.g., spam). The cloud based virtual machine uses a user specific algorithm for determining if a message should be considered to be a potentially unwanted message. Messages that are determined to be potentially unwanted messages trigger a notification to be sent to a user device associated with the virtual machine. The notification requests confirmation from the user that the potentially unwanted message is an unwanted message. The user's response to a request for confirmation is then used to update an unwanted message database associated with the user and the user device.

Abstract: To prevent un-authorized accesses to data and resources available in workloads on an organization's or enterprise's computer network, various improvements to automated computer network security processes to enable them to enforce network security policies using native network security mechanisms to control communications to and/or from workload units of applications running on different nodes within hybrid computer network infrastructures having both traditional hardware resources and virtual resources provided by private and public cloud infrastructure services.

Abstract: A management server disposed outside a firewall and supporting connection of communications between a control target device disposed inside the firewall and a cloud server disposed outside the firewall, includes a server-side session establishing portion to, based on a request from a relay device disposed inside the firewall, establish a session with the relay device, a device information acquiring portion to acquire device information about the control target device from the relay device via the established session, and an update determining portion to, in response to reception of a request of connecting to the control target device from the cloud server, determine whether to update the device information.

Abstract: Techniques for mobile user identity and/or SIM-based IoT identity and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for mobile user identity and/or SIM-based IOT identity and application identity based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a subscriber identity for a new session; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the subscriber identity and the application identifier.

Abstract: Some embodiments provide a method for identifying unnecessary firewall rules for a distributed firewall of a logical network. The method identifies a firewall policy for network traffic of the logical network. The firewall policy includes a set of firewall rules. The method generates a set of data for implementing the firewall policy on a set of managed forwarding elements that implement the logical network. The method analyzes potential network traffic based on the generated set of data to identify a subset of unnecessary data. The method identifies a subset of unnecessary firewall rules of the set of firewall rules that corresponds to the subset of unnecessary data.

Abstract: A common misconception equates information with intelligence. To transform information into intelligence a number of analytical steps must occur within a framework designed to yield very specific datum associable with other raw or formulated datum, that provides an answer or solution to a sub-problem. Every organization has threats and risks including cyber threats, threats to infrastructure, etc. that can impact the organization on many levels. However, most organizations do not understand how to quantify and assess these risks/threats yet alone assess different preemptive actions for mitigating impact. It would therefore be beneficial to provide organizations with a software based system that provides threat information gathering, incident reporting, and asset identification/valuation as part of its compounded intelligence and supports predictive context specific analysis of risks and countermeasures.

Abstract: A data processing system performs data processing of raw or preprocessed data. The data includes log files, bitstream data, and other network traffic containing either cookie or device identifiers. The data processing system associates devices with device activity history.

Abstract: Methods, apparatus, systems, and articles of manufacture to remediate ransomware are disclosed. An example malware scanner includes a sinkhole generator to generate a sinkhole directory. The example malware scanner includes a storage device adapted to store a computer file and the sinkhole directory, wherein the sinkhole directory recursively expands when the computer file performs a file listing of the sinkhole directory to occupy the computer file by extending a period of time taken to perform the file listing of the sinkhole directory. The example malware scanner includes an analyzer to monitor execution of the computer file while the computer file is performing the file listing of the sinkhole directory to attempt to identify an indicator of compromise associated with the computer file, the analyzer to classify the computer file as ransomware when the analyzer identifies the indicator of compromise. The example malware scanner includes a cleaner to remediate the ransomware.

Abstract: System and methods for initiating a media streaming device, particularly for devices associated with a guest services environment. Such initiation may include: receiving, at a proxy server, a request from a mobile device to join a guest services network, the request identifying a user of the mobile device; verifying a registration of the user, the registration indicating permission of the user to join the guest services network, to yield a verification; identifying, based on the verification, a media streaming device associated with the registration of the user; and configuring the media streaming device to be controllable by the mobile device, such that control commands are routed from the mobile device through the proxy server to the media streaming device, and streaming content is routed from the Internet to the media streaming device bypassing the proxy server.

Abstract: A system and method to identify and prevent cybersecurity attacks on modern, highly-interconnected networks, to identify attacks before data loss occurs, using a combination of human level, device level, system level, and organizational level monitoring.

Abstract: The innovation disclosed and claimed herein, in one aspect thereof, comprises systems and methods of reconfiguring network settings. The systems and methods monitor a network and detect a hacker on a network. The systems and methods can reconfigure network settings of the network upon detecting the hacker. The systems and methods can analyze the hack for severity; and determine a reconfiguration layer based on the severity of the hack. The reconfiguration layer determines a subset of the network settings to be reconfigured. The systems and methods can dismantle the network and generate a replacement network having the reconfigured set of network settings and replace the network with the replacement network.

Abstract: A disclosed method may include (1) executing a virtual router that services traffic within a network in connection with a specific network consumer and (2) dynamically scaling memory of the virtual router to accommodate a networking need of the specific network consumer by (A) installing, in at least one component of a physical network device that hosts the virtual router, a set of networking objects that facilitate servicing the traffic in connection with the specific network consumer, (B) determining an amount of memory that is consumed by the set of networking objects at the component of a physical network device, and (C) modifying a configuration file of the virtual router such that the memory of the virtual router is scaled to store the set of networking objects via the component. Various other systems and methods are also disclosed.

Abstract: A universal link to extract and classify log data is disclosed. In various embodiments, a set of candidate data values that match a top level pattern that is common to two or more types of data value of interest is identified. The candidate data values are processed through a plurality of successive filtering stages, each stage of which includes determining which, if any, of said candidates match a more specific pattern associated more specifically with a specific data value type. Candidates, if any, which match the more specific pattern are classified as being of a corresponding specific data type and are removed from the set of candidate data values. A structured data record that associates each candidate data value determined to be of a corresponding one of said types of data value of interest with said corresponding one of said types of data value of interest is generated and stored.

Abstract: A server system can receive an assertion of an alarm condition from a security system that processes sensor signals from sensors and that triggers the alarm condition. The server system is can send messages to determined nearby sensors to start sending data back to the server system according to the alarm condition. The server system can analyze sensor data received from the sensors. The analysis includes a verification of the alarm condition, a determination of how often queried data is requested, and a determination of which of selected data received from selected sensors to forward to one or more mixed reality devices. The server system can forward data to the one or more mixed reality.

Abstract: Some embodiments provide a simplified mechanism to deploy and control a multi-segmented application by using application-based manifests that express how application segments of the multi-segment application are to be defined or modified, and how the communication profiles between these segments. In some embodiments, these manifests are application specific. Also, in some embodiments, deployment managers in a software defined datacenter (SDDC) provide these manifests as templates to administrators, who can use these templates to express their intent when they are deploying multi-segment applications in the datacenter. Application-based manifests can also be used to control previously deployed multi-segmented applications in the SDDC. Using such manifests would enable the administrators to be able to manage fine grained micro-segmentation rules based on endpoint and network attributes.

Abstract: A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

Abstract: A method and system for wireless communication between a mobile router in a moving vehicle, such as a train, and one or several external server(s) via at least two types of external wireless networks, a first external wireless network type, trackside network, including a plurality of trackside base stations, such as access points, for communication in compliance with a Wireless Local Area Network (WLAN) standard, said trackside base stations being arranged in the vicinity of a vehicle path of travel, and a second external wireless network type, cellular network, communicating via cellular network standard(s), such as in accordance with 3G, 4G or 5G standards, wherein the mobile router is arranged, at least periodically, to simultaneously communicate with the two types of external wireless networks thereby providing at least two concurrently useable external wireless networks.

Abstract: Example methods are provided for host to implement application-based network segmentation in a virtualized computing environment. The method may comprise detecting an egress packet from a virtualized computing instance supported by the host for transmission to a destination and identifying a source application associated with the egress packet. The source application may be one of multiple applications supported by the virtualized computing instance, the multiple applications being associated with respective target networks. The method may further comprise, based on a network policy configured for the source application, determining a particular target network associated with the source application; and sending, to the destination, the egress packet via a physical network interface controller (NIC) associated with the particular target network.

Abstract: An exemplary computer-implemented method includes obtaining at least one teleportation invite block that records a virtual universe teleportation invite marked by at least one parameter. The teleportation invite identifies a virtual universe user as an invitee. Responsive to the parameter, assess whether the virtual universe teleportation invite is potentially malicious, and alert the invitee in case the virtual universe teleportation invite is potentially malicious.

Abstract: Sensor enrollment management is conducted where features and capabilities for one or more broker computing nodes within the cluster are received by an enrollment service operating within a management system. The enrollment service is configured to receive advertised features and capabilities for computing nodes that are part of a cluster and provide address information associated with the enrollment service to the sensor. Based on information supplied by the sensor, the enrollment service authenticates the sensor, and upon authentication, forwards keying material associated with the sensor to a computing node selected that is selected for supporting communications to the cluster from the sensor. Also, the enrollment service provides a portion of the advertised features and capabilities associated with the computing node to the sensor to enable the sensor to establish a secure communication path with the computing node for malware analysis of suspicious objects within network traffic monitored by the sensor.

Abstract: Method, product and device for selective traffic blockage. In one embodiment, in response to a detection that a computing device cannot connect to a predetermined server, the blockage policy is applied to an outgoing packet, whereby selectively blocking outgoing packets when the computing device has limited connectivity to the predetermined server. In another embodiment, in response to an attempt to transmit a packet, invoking a local Virtual Private Network (VPN) service that is configured to apply a blockage policy, wherein the local VPN service provides an Application Programming Interface (API) of a VPN service. As a result, selective blockage is implemented using the local VPN service.

Abstract: A medical device for facilitating data direction to storage in a patient-specific electronic record is provided herein. In embodiments, the medical device visually presents patient data received from devices that more directly capture physiological data. The medical device is associated with a patient corresponding to the physiological data, and communicates the patient data to a centralized server for processing and forwarding to a database, which includes an electronic record that is specific to the patient. Then, the medical device may be dissociated from the patient.

Abstract: A transmitted transport communication protocol (TCP) packet in an established TCP connection is intercepted and resent with a modified IP layer to determine network nodes within a network path. No new connection is required, and the data may be transmitted to its intended location as part of the existing connection, bypassing firewalls and other obstacles commonly affecting ping commands. The change to the IP layer may include a modified TTL value. Address location and response time may be determined for each node in a network path.

Abstract: System and method for managing firewall rules for hierarchical entities modify a processing order of the firewall rules to be executed in a distributed computer system based on hit counts of the firewall rules and direct descendent relationships of destination entities of the firewall rules.

Abstract: A method, apparatus and program product utilize Domain Name Service (DNS) prefetching in a recursive DNS server, e.g., to mitigate Distributed Denial of Service (DDoS) attacks on a DNS service.

Abstract: A system, method and computer program product for detecting distributed denial-of-service (DDoS) attacks is provided. Current aggregated flow information for a defined period of time is analyzed. It is determined whether network flow increased above a defined flow threshold value to a second data processing system connected to a network within the defined period of time based on analyzing the current aggregated flow information. In response to determining that the network flow has increased above the defined flow threshold value to the second data processing system connected to the network within the defined period of time, it is determined that the second data processing system is under a DDoS attack.

Abstract: A method, apparatus and program product utilize Domain Name Service (DNS) prefetching in a recursive DNS server, e.g., to mitigate Distributed Denial of Service (DDoS) attacks on a DNS service.

Abstract: A mobile device application executing on a mobile device as an operating system extension that uses a virtual private network (VPN) stack of the operating system intercepts a first Internet protocol (IP) packet for delivery to a remote computer system. The application determines that the intercepted first IP packet is associated with sensitive information. In response creates a VPN tunnel between the remote computer system to securely send data from the mobile device to the remote computer system.

Abstract: Systems and methods for providing multi-perimeter firewalls via a virtual global network are disclosed. In one embodiment the network system may comprise an egress ingress point in communication with a first access point server, a second access point server in communication with the first access point server, an endpoint device in communication with the second access point server, a first firewall in communication with the first access point server, and a second firewall in communication with the second access point server. The first and second firewalls may prevent traffic from passing through their respective access point servers. The first and second may be in communication with each other and exchange threat information.

Abstract: Methods and systems for protecting a secured network are presented. For example, one or more packet security gateways may be associated with a security policy management server. At each packet security gateway, a dynamic security policy may be received from the security policy management server, packets associated with a network protected by the packet security gateway may be received, and at least one of multiple packet transformation functions specified by the dynamic security policy may be performed on the packets. Performing the at least one of multiple packet transformation functions specified by the dynamic security policy on the packets may include performing at least one packet transformation function other than forwarding or dropping the packets.

Abstract: Embodiments herein provide methods and apparatus for monitoring and/or protecting property or other area is presented. Aspects of invention provide devices, software, systems, and methods for property and area monitoring that detect the presence of wireless devices on or over a property or in a particular geographical area. In some embodiments the detected wireless device and/or owner of a detected device can be identified. Embodiments provide methods and system for detection of wireless devices, identifiers, record time and duration that detected device was active on a property or within an area, record and transmit information to remote storage, and/or alert authorized individuals of activity within a monitored area. Embodiments of the invention allow systems and methods to work independent or with remote sensors to perform pre-programmed functions upon detection of a wireless device. Embodiments present a method for mobile configuration for scanning an area.

Abstract: In an example, metrics that cause a deviation in data may be identified by collecting the data for selected metrics stored in a plurality of tables. A metric vector is constructed based on the data for the selected metrics. A probability density may be calculated for the metric vector that indicates a deviation value for the metric vector relative to other metric vectors. Moreover, an outlier metric from the metric vector that causes the deviation value for the metric vector may be identified.

Abstract: A system, method and computer program product are provided for sending, to a central system, information associated with unwanted activity. In use, information associated with unwanted activity is identified utilizing a plurality of different types of security systems. Further, the information is sent to a central system.