Abstract: This disclosure describes techniques for migrating nodes from a first communication protocol to a second communication protocol. An example method is performed by a software-defined wide area network (SDWAN) controller. The example method includes identifying nodes in a network; identifying features associated with the nodes; identifying Internet Protocol version 6 (IPv6)-incompatible features among the features; and outputting, to a user, a list of the IPv6-incompatible features. The example method further includes receiving, from the user, a selection of nonessential features including at least one of the IPv6-incompatible features; identifying at least one of the nodes corresponding to the selection; and causing migration of the at least one of the nodes to IPv6.

Abstract: In one embodiment, a videoconference service determines a selection of a virtual background for a videoconference from a particular participant of a plurality of participants in the videoconference. The videoconference service determines an audio context filter that is associated with a visual context of the virtual background. The videoconference service modifies an audio stream of the videoconference into a modified audio stream according to the audio context filter. The videoconference service presents, to the plurality of participants during the videoconference, the particular participant using the virtual background and the modified audio stream. In an embodiment, the videoconference service ascertains the visual context of the virtual background based on applying a machine learning model to the virtual background.

Abstract: The disclosed technology relates to a network agent for reporting to a network policy system. A network agent includes an agent enforcer and an agent controller. The agent enforcer is configured to implementing network policies on the system, access data associated with the implementation of the network policies on the system, and transmit, via an interprocess communication, the data to the agent controller. The agent controller is configured to generate a report including the data and transmit the report to a network policy system.

Abstract: This disclosure describes techniques and mechanisms for determine a change window of least impact based on the type of activity, urgency, and preference, and highlighting risk(s) of choosing a change window. The techniques streamline and automate change window technology and provide customized and personalized change window option(s) to an administrator of a network.

Abstract: Techniques are described for providing a software-based platform used to collect and analyze data artifacts generated during software development processes and to display results of the analyses as actionable information. The software development observability platform is a software-based agent (also referred to as an “artifact collector”) capable of capturing output from a wide variety of software development tools including compilers, test frameworks, code coverage and type checker tools, and the like. The artifact collector stores the data in an event data format and forwards the data to a data intake and query system or other destination for further analysis. In some examples, the software development observability platform further includes graphical user interfaces (GUIs) and other analysis tools that enable users to obtain insights into their software development processes.

Abstract: According to one or more embodiments of the disclosure, an example process herein may comprise: receiving a request into an extensibility platform from an entity, the extensibility platform configured in part by one or more solution packages; determining a type of the request and a particular corresponding solution package of the one or more solution packages; performing role-based access control on the request based on a corresponding role-based access control configuration for the type of the request as configured within the particular corresponding solution package; and forwarding, in response to appropriate access of the entity based on role-based access control, the request to a particular representational state transfer endpoint for the type of request as defined by the particular corresponding solution package, wherein the particular representational state transfer endpoint processes the request.

Abstract: The present technology provides for altering an authentication technique in response to a detection of a possible attack to which the authentication technique is vulnerable. An authentication provider can receive an authentication request to authenticate to a first resource, where the authentication to the first resource is permitted using a particular authentication technique, includes contextual information associated with the first access device and information identifying the first resource. Based on the contextual information, the authentication provider can determine that the authentication request is subject to an ongoing attack, and determine, an alternative authentication technique that is less vulnerable to the ongoing attack than the particular authentication technique.

Abstract: Techniques are described for providing data such as, for example, keys, connection identifiers, and hashes to network devices using a secure database in order to facilitate client devices remaining connected or reconnecting with network sites when the client device moves among networks and to prevent replay attacks. For example, a method may include receiving, by a network device of a first network, encrypted traffic destined for a network site via the first network from a client device. The method may also include retrieving, by the network device from a database, data related to a previously established connection via a second network of the client device to the network site. In configurations, the data is received by the database from a proxy on the client device. The method may further include based at least in part on the data, passing, by the network device, the encrypted traffic to the network site.

Abstract: In one embodiment, a request may be received from a first cloud network of a hybrid cloud environment to transmit data to a second cloud network of the hybrid cloud environment, wherein the request can include a security profile related to the data. The security profile may be automatically analyzed to determine access permissions related to the data. Based at least in part on the access permissions, data can be allowed to access to the second cloud network.

Abstract: Disclosed are a system and method of establishing secure communications between nodes in a cloud environment. The method includes receiving a registration of a first user at a quantum processor service provider, receiving at the quantum processor service provider a request for authentication of the first registered user, the request comprising at least the password and the registration number, when the password and registration number match stored data at the quantum processor service provider for the first registered user, generating an EPR entangled pair and transmitting the EPR entangled pair to a first computing device of the first registered user, wherein the first registered user utilizes the EPR entangled pair in order to communicate with a second computing device associated with a second registered user. The quantum processor service provider can include a quantum EPR (Einstein Podoslky and Rosen) processor (QEP) and a logically co-located computer server.

Abstract: Techniques for generating a per-packet initialization vector for high bandwidth encryption engines in a multipathing IP network are described herein. In examples, a network switch of a first datacenter site may receive a data packet to be sent to a second datacenter site over a network. The data packet may be encrypted according to a virtual extensible LAN (VxLAN) protocol and to be transmitted in a VxLAN tunnel created for the first datacenter site and the second datacenter site. An encryption engine implemented at the network switch may generate an initialization vector (IV) for the data packet based on a packet number (PN) associated with the data packet. The encryption engine may use the IV and information associated with a security association (SA) assigned to the packet to encrypt the data packet. In some examples, a full 64-bit PN may be used to compute the IV for the data packet.

Abstract: The present disclosure describes a system and method for secure energy harvesting. An access point includes a memory and a processor communicatively coupled to the memory. The processor receives, from a wireless device, a token and an identifier for a first access point that generated the token and requests the first access point to validate the token. The processor also, in response to the first access point validating the token, wirelessly communicates a first charging frame to the wireless device.

Abstract: Disclosed are systems, apparatuses, methods, and computer-readable media for secure network routing. A method includes: receiving, at a network node, an advertisement message for a network route including an IP address prefix; receiving, at the network node, a route origin authorization associated with the IP address prefix, the route origin authorization including a digital signature and a security requirement of a route to a destination that corresponds to the IP address prefix; determining, by the network node, one or more network nodes satisfies the security requirement to yield a determination; and determining, by the network node, to route network traffic to the IP address prefix based on the determination. In one example, the method can include, when the one or more network nodes satisfies the security requirement, advertising the route to the one or more network nodes that satisfies the security requirement.

Abstract: In part, the disclosure relates to an optical coupler. The optical coupler may include two ridge waveguides that include a first waveguide and a second waveguide. One or more segments of the two waveguides extend over a coupling length or other distance. One or more sections of each ridge waveguide is at least partially defined by a set of cross-sectional profiles, a plurality of sections of each ridge waveguide have a width that tapers along a length of the two ridge waveguides. Within the coupling length, a subset of the set of cross-sectional profiles may define a first pair of transition regions and a second pair of transition regions. The coupler may include a coupling region between the two ridge waveguides and spanning at least a section of the coupling length.

Abstract: Techniques for summarizing a set of alert logs associated with a computer system using a generative machine learning model are described herein. In some cases, an example system receives a set of alert logs, such as logs associated with a detected security incident. The system generates a summarization prompt that includes the set of alert logs, instructions to summarize the logs, and one or more output constraints. The system then provides the summarization prompt to a generative machine learning model M times to determine M summarization outputs. The system determines N of the M summarization prompts that satisfy the output constraint(s) and are thus determined to be valid. The system then determines N scores for the N validated summarization outputs and determines an aggregated summarization output based on a subset of the N summarization outputs as determined based on the corresponding N output scores.

Abstract: This disclosure describes techniques for an email security system to detect a malicious email and take remedial actions in response to the detected malicious email. The techniques described herein may enable the email security system to detect whether an email is malicious based on whether one or more files attached to the email are malicious. In some cases, the email security system determines whether an email attachment file is malicious based on a set of features that are specific to both a classification of the email (e.g., a semantic classification of the email) and a format of the email attachment file.

Abstract: Adaptive channel aging detection to determine channel sounding intervals in a wireless network is provided. A station may receive data packets from an Access Point (AP) over a channel established between the AP and the station. The station may estimate a channel condition of the channel based on Legacy Long Training Field (L-LTF) symbols in the data packets. The station may determine an amount of variation in the channel condition estimated so far from a latest Channel Sounding Information (CSI) report. The station may determine whether the latest CSI report is still valid based on the variation.

Abstract: Network Allocation Vector (NAV) protection in a relay may be provided. Providing NAV protection in a relay can include determining a frame sequence for sending a data signal to a destination Station (dSTA). A Multi-User Request to Send (MU-RTS) is transmitted, the MU-RTS comprising a MU-RTS user information field with a plurality of available bits, the plurality of available bits including one or more frame sequence bits of indicating the frame sequence. One or more Clear to Send (CTS) signals is received, and the data signal is transmitted in response to receiving the CTS. One or more acknowledge signals are received based on the frame sequence.

Abstract: A method to continue Stream Classification Service (SCS) in roaming across Access Points (APs) in an Extended Service Set (ESS) may be provided. A first AP of the ESS may receive a SCS request from a station for a SCS flow. The SCS request may include a SCS identifier for the SCS flow and Quality of Service (QoS) resources requested for the SCS flow. The first AP may configure the QoS resources for the SCS flow at the first AP. A second AP of the ESS may receive a re-association request from the station in response to the station roaming to the second AP. The second AP may configure the QoS resources for the SCS flow at the second AP based on the re-association request.