Abstract: Basic Service Set (BSS) resource reservation may be provided. BSS resource reservation may include determining a time window for a to accommodate a transmission of a target Station (STA) in a BSS, wherein the BSS further comprises one or more other STAs. An AP may then transmit a reservation scheduling frame, to claim access of a channel, inform the target STA of the time window, and reserve the channel for a duration defined by the time window.

Abstract: Coordinated Frequency Division Multiple Access (C-FDMA) for the simultaneous transmission of a basic Physical Layer Protocol Data Unit (PPDU) may be provided. C-FDMA may include determining sub-channels of a channel for one or more Access Points (APs). The sub-channels may then be assigned to the one or more APs. Transmit Opportunities (TxOps) may be scheduled for the one or more APs on the sub-channels. It may then be determined that a basic PPDU and an enhanced PPDU will be simultaneously transmitted on adjacent sub-channels. In response to determining the basic PPDU and the enhanced PPDU will be simultaneously transmitted on adjacent sub-channels, one or more Resource Units (RUs) of a sub-channel the enhanced PPDU will be transmitted on may be selected to disable transmission in.

Abstract: Coordinated Frequency Division Multiple Access (C-FDMA) may be provided. C-FDMA may include determining sub-channels of a channel for each of a plurality of Access Points (APs). The sub-channels may then be assigned to the plurality of APs. Transmit Opportunities (TxOps) may be scheduled for the plurality of APs on the sub-channels.

Abstract: In one embodiment, a device obtains topology information for a segment routed network. The device generates, based on the topology information, segment routing label stacks to probe different paths between a source and destination in the segment routed network. The device conducts probing of the different paths during which synthetic probe packets are sent via the segment routed network using the segment routing label stacks. The device presents results of the probing of the different paths for display.

Abstract: Techniques for utilizing a deception service to deploy deceptions at scale in a network, such as, for example, a client network. The deception service may be configured to generate a small number (e.g., 5, 10, 15, etc.) of deceptions of hosts and/or services associated with the network (or emulations of the hosts/services and/or emulations of protocols associated with the hosts/services) and deploy them to a number of deception host computing devices that cover all of the components and/or technologies found in the network. The deception service may map a large number (e.g., 1000, 100,000, 1,000,000, etc.) of IP addresses available in the network to the deceptions, making it appear as though a large number of deceptions exist, when in reality the IP addresses map back to a small number of deceptions. The deception service may assign/unassign IP addresses to and/or from deceptions and/or actual hosts in the network as needed.

Abstract: Techniques are described for enabling a cloud-based IT and security operations application to execute playbooks containing custom code in a manner that mitigates types of risk related to the misuse of cloud-based resources and security of user data. Users use a client application to create and modify playbooks and, upon receiving input to save a playbook, the client application determines whether the playbook includes custom code. If the client application determines that the playbook includes custom code, the client application establishes a connection with a proxy application (also referred to as an “automation broker”) running in the user's own on-premises network and sends a representation of the playbook to the proxy application. The client application further sends to the IT and security operations application an identifier of the playbook and an indication that the playbook (or the custom code portions of the playbook) is stored within the user's on-premises network.

Abstract: Disclosed are embodiments of a installed software program that receive a model from a product management system. The model is trained to select one of a plurality of predefined states based on operational parameter values of the installation of the software program. Each of the plurality of predefined states define configuration values of the installation of the software program. The defined configuration values indicate, in some embodiments, updates to operational parameter values of the installation of the software program.

Abstract: In various embodiments, a natural language (NL) application receives a first incomplete natural language (NL) request, and generates one or more request completion recommendations based on at least the first incomplete NL request and a first recommendation model, where the first recommendation model is generated via a machine learning algorithm applied to a first data dependency model and a first request completion model. The NL application receives a selection of a first request completion recommendation included in the one or more request completion recommendations, generates a complete request based on the first incomplete NL request and the first request completion recommendation, and causes the complete request to be applied to the data storage system.

Abstract: This disclosure describes techniques for performing application-based tagging. An example method includes receiving, at a virtual socket, non-packetized data from an application and generating, by the virtual socket, a label based on the application. One or more data packets are generated by packetizing at least a portion of the non-packetized data. A header field of the one or more data packets includes a tag based on the label.

Abstract: Zero-trust dynamic discovery in provided by identifying a plurality of endpoints, including targets and initiators, connected to a software defined network, wherein the targets are provided on the software defined network according to a network addressable memory standard that lacks a native discovery service; grouping the targets into a plurality of target groups and the initiators into a plurality of initiator groups; and in response to receiving a discovery request from a given initiator grouped in a given initiator group of the plurality of initiator groups, returning addressing information for a target group of the plurality of target groups associated with the given initiator group in a security policy configuration for the software defined network.

Abstract: Techniques for network routing border convergence are described. Backup paths for external connections for a network are established and provide for a temporary path for network traffic during network routing convergence, preventing traffic loss at network border nodes.

Abstract: In one embodiment, a device may obtain a location of an endpoint that communicates with an application service. The device may match the location of the endpoint to a data compliance policy. The device may identify sensitive data within the application service to which the data compliance policy applies. The device may configure the application service to permit the endpoint to at least one of access or send the sensitive data when permitted by the data compliance policy.

Abstract: In one embodiment, a device obtains testing parameters used by a plurality of agents in a network to perform testing with respect to an online application. The device identifies overlapping parameters among the testing parameters and generates a consolidated set of testing parameters for the overlapping parameters. The device configures the plurality of agents such that a singular testing agent performs testing with respect to the online application using the consolidated set of testing parameters instead of multiple testing agents performing testing with respect to the online application using the overlapping parameters.

Abstract: This disclosure describes techniques for providing notifications about events that occur during an online meeting. For instance, a system may establish an online meeting, such as a video conferencing meeting, for users. While in the meeting, a first user may view video of a second user and determine that the second user is experiencing an emergency event. As such, a user device of the first user may receive an input indicating that the emergency event is occurring with the second user. The system may receive the indication from the user device and verify that the emergency event is occurring. Additionally, the system may then send a notification to emergency personnel that indicates at least that the emergency event is occurring and a location of the second user. Furthermore, the system may send notification(s) to contact(s) associated with the second user that indicate at least that the emergency event is occurring.

Abstract: Network traffic interference detection and management may be provided. An infringement event by an infringing Access Point (AP) on a Restricted Target Wake Time (rTWT) transmission opportunity (TxOp) associated with a victim AP may be detected, and information associated with the infringement event may be added to an infringement list, wherein the information includes a MAC address associated with the infringing AP. A controller, may receive the infringement list and notify the infringement event to the infringing AP. The infringing AP may determine whether a transmission associated with the infringement event is low latency and high priority. When the transmission is not low latency and high priority the infringing AP may modify future transmissions based on the notification. When the transmission is low latency and high priority the infringing AP may notify the controller that the transmission is low latency and high priority.

Abstract: A system and method for provisioning devices on respective LTE or 5G network cores using a hierarchical provisioning connector. Maintained by a connectivity management platform, a hierarchical provisioning connector serving as an extension of a single provisioning connector of the customer account, such that the hierarchical provisioning connector may contain an array of single provisioning connectors. A rule processor that is utilized by the hierarchical provisioning connector to classify devices by access technology. Each configured rule may take one or more unique device identifiers as input and return a reference to exactly one configured single provisioning connector.

Abstract: The present disclosure provides systems, methods, and computer-readable media for implementing security polices at software call stack level. In one example, a method includes generating a call stack classification scheme for an application, detecting a call stack during deployment of the application; using the call stack classification scheme during runtime of the application, classifying the detected call stack as one of an authorized call stack or an unauthorized call stack to yield a classification; and applying a security policy based on the classification.

Abstract: Electrical test of optical components via metal-insulator-semiconductor capacitor structures is provided via a plurality of optical devices including a first material embedded in a second material, wherein each optical device is associated with a different thickness range of a plurality of thickness ranges for the first material; a first capacitance measurement point including the first material embedded in the second material; and a second capacitance measurement point including a region from which the first material has been replaced with the second material.

Abstract: Runtime security threats are detected and analyzed for serverless functions developed for hybrid clouds or other cloud-based deployment environments. One or more serverless functions may be received and executed within a container instance executing in a controlled and monitored environment. The execution of the serverless functions is monitored, using a monitoring layer in the controlled environment to capture runtime data including container application context statistics, serverless function input and output data, and runtime parameter snapshots of the serverless functions. Execution data associated with the serverless functions may be analyzed and provided to various supervised and/or unsupervised machine-learning models configured to detect and analyze runtime security threats.