Abstract: Described embodiments provide systems and methods for steering network traffic using dynamically generated configuration scripts. A first device may generate a configuration script for an application on the client for connecting with a server. The configuration script may specify the application to establish a direct connection or an indirect connection with the server. The first device may provide the configuration script to be invoked by the application to identify a first address to access the server based on a determination to establish the direct connection or the indirect connection. The first device may receive, from the client, an initiation request to connect with the server including the first address. The first device may determine second address by applying a routing policy to the first address. The first device may establish one of the direct connection or the indirect connection using the second address.

Abstract: Systems and methods for autonomous program management include a device which may transmit data to a client in response to a first request from the client. The data may include a response to the first request and a copy of data available to the device corresponding to the first request or the client. The device may receive a second request including the copy of data from the client. The device may determine that the second request is from an autonomous program rather than a user of the client based on the copy of data from the second request. The device may block at least one subsequent request from the client in response to the determination that the second request is from an autonomous program.

Abstract: Described embodiments provide systems and methods for detection of the degradation of a virtual desktop environment. A computing device may receive data from a plurality of client devices. The computing device may identify a subset of client devices from the plurality of client devices with at least one characteristic in common based on the received data. The computing device may determine a ratio of the identified subset of client devices, the ratio being a comparison of client devices of the subset with a value above a first threshold to a total number of client devices of the subset, and the value being indicative of a characteristic of performance for that client device. The computing device may identify a cause of an anomaly in the performance of the application based on the ratio exceeding a second threshold.

Abstract: Described embodiments provide systems and methods for morphing or regenerating validation information. A client can receive, via a device, an authentication cookie for access to a server. The device may maintain a sequence number and a cryptographic secret. The client may use the cryptographic secret and a cookie engine to generate validation cookie information with an updated sequence number. The client may send the authentication cookie to the device via a hypertext transfer protocol (HTTP) message to validate the authentication cookie.

Abstract: A computing system may perform a method that involves receiving, from a first computing device, a request for a file, where the request identifies at least one user who has access to the file and includes information indicative of the file. The method further includes identifying, based at least in part on the received request, the file within a repository of files, sending, to a second computing device, a first indication of the request to access the file, receiving, from the second computing device, a second indication that the file is to be made accessible via the first computing device, and causing the file to be transferred from the repository to the first computing device.

Abstract: Disclosed herein includes a system, a method, and a device for preventing replay attacks in a cluster. A first node in the cluster having a plurality of nodes can receive an indication of a node event. The first node can access a first sequence number from a storage corresponding to a previous communication between the plurality of nodes. The first node can adjust the first sequence number by a delta indicative of an average number of communications between the plurality of nodes in the cluster in a determined time period to generate a second sequence number. The first node can transmit a packet including the second sequence number to the plurality of nodes in the cluster. The second sequence number can be used by the plurality of nodes to reset a starting sequence number for communications between the plurality of nodes to prevent replay attacks in the cluster.

Abstract: Systems and methods for applying an application layer policy to a transport layer security request are provided. A device, intermediary to one or more clients and one or more servers, can receive a transport layer security (TLS) request to establish a TLS connection between a client of the one or more clients and a server of the one or more servers. The TLS request can include an application layer request to a resource of the server. The device can apply an application layer policy to the application layer request of the TLS request. The device can determine, responsive to applying the application layer policy, whether to one of accept or reject at least the application layer request of the TLS request.

Abstract: Described herein are systems and methods for managing releases of an application in a controlled manner. A computing environment may include a first and second release of an application service, a message broker, a deployment management service and an application management service. The deployment management service may receive settings for the second release, configure the application management service in the computing environment with the settings, and transmit a request to the message broker to cause the application management service to receive messages published to a first category of the message broker. The application management service may receive a message from the message broker, identify a second category of the message broker corresponding to one of the first release or the second release, and publish the message to the second category of the message broker for consumption by one of the first release or the second release of the application service.

Abstract: A method may involve receiving, by a computing system, an input indicative of an individual with whom a user of a client device is to communicate. The computing system may determine data of a plurality of applications, the data being indicative of the individual being available with at least one of the plurality of applications. The computing system may select, based at least in part on the data, a first application, from among the plurality of applications, for communication with the individual, and may cause the client device to output an indication that the first application can be used to communicate with the individual.

Abstract: In accordance with one disclosed method, a first computing system may receive a message from an application hosted on a second computing system, the message being indicative of an event of the application. In response to receiving the message, the first computing system may generate a notification indicative of the event and send the generated notification to a client device. The first computing system may receive a response to the notification from the client device, and may process the response so as to cause the application to take an action responsive to the event.

Abstract: A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory. The at least one processor is configured to scan session data representative of operation of a user interface comprising a plurality of user interface elements; detect, at a point in the session data, at least one changed element within the plurality of user interface elements; classify, in response to detecting the at least one changed element, the at least one changed element as either indicating or not indicating an error; store an association between the error and the point in the session data; and provide access to the point in the session data via the association.

Abstract: A computer system is provided. The computer system includes a memory, a network interface, and at least one processor configured to monitor a user interface comprising a plurality of user interface elements; detect at least one changed element within the plurality of user interface elements; classify, in response to detecting the at least one changed element, the at least one changed element as either indicating or not indicating an error; generate, in response to classifying the at least one changed element as indicating an error, an error signature that identifies the at least one changed element; identify, using the error signature, a remediation for the error; and provide the remediation in association with the at least one changed element.

Abstract: Described embodiments provide systems and methods for providing data loss prevention via an embedded browser. An interprocess communication (IPC) manager may interface with an embedded browser to control the transfer of data from a first application to a second application in accordance with a policy. The IPC manager may detect a command to store data accessed on the first application via the embedded browser and store the data onto a secure container. The secure container may be dedicated to the embedded browser. The IPC manager may subsequently detect a command to retrieve data from the secure container and to replicate the data onto the second application. The IPC manager may determine a policy to apply to the data. The policy may specify whether the data from the first application is permitted to be replicated onto the second application. The IPC manager may subsequently replicate the data on the second application.

Abstract: Described embodiments provide systems and methods for learning across multiple application delivery controllers and updating settings across the application delivery controllers. A profile can be generated based on selection of a set of intermediary devices managed by a device. The set of intermediary devices configured to load balance data of an application hosted in different computing environments. Activity can be identified at the intermediary devices with use of a firewall. The activity having an appearance of a malicious attack on at least one intermediary device of the set. The device can determine if the activity is permissible or a violation based on a comparison of an aggregation of data records for the identified activity and a threshold. The device can provide a notification to at least one intermediary device of the set to configure the at least one intermediary device to allow the activity or prevent the activity.

Abstract: Systems and methods including notification techniques for sharing information related to detected dialogs on secondary computing devices associated with a user are provided. For example, a system can include a user interface (UI) monitor on a first client computing device configured to detect a dialog and send an indication of the dialog to a workspace backend. The workspace backend can facilitate communication between the first client computing device and one or more secondary computing devices associated with the user such that the user receives notifications of dialogs displayed on the first client computing device on the one or more secondary computing devices. The user has the option of responding to the dialog on a secondary computing device, and the workspace backend facilitates transmission of the user response on the secondary computing device back to the first client computing device.

Abstract: Embodiments described include systems and methods for receiving push notifications for Software-as-a-Service (SaaS) applications. Push notifications may be received by an agent or notification listener provided by a client application of a client device. The listener may receive and display notifications for a large plurality of SaaS applications, regardless of whether the SaaS applications are currently active in a browser of the client device. The listener agent may be lightweight, consuming very little memory or processor resources, while being able to handle very large numbers of notifications. This may free up resources on the client device, consume less battery for mobile devices, and provide notification functionality for SaaS applications using native notification techniques without requiring the SaaS application developers to rewrite notification systems or switch to an operating system-provided notification system.

Abstract: A system that comprises a microapp server includes a memory and at least one processor coupled to the memory. The microapp server is configured to generate a recommendation to modify a set of one or more subscribed microapps. The microapp server is configured to gather observational data that characterizes interactions of a user with an endpoint. The user is associated with the set of one or more subscribed microapps. The microapp server is further configured to identify, based on the observational data, a modification to the set of one or more subscribed microapps. The microapp server is further configured to send, to an administration console, the recommendation to modify the set of one or more subscribed microapps in accordance with the identified modification.

Abstract: Methods and systems for protecting sensitive data using conversational history are described herein. An enterprise data validation server may receive conversation snippets and create a topic model. The enterprise data validation server may detect a message is being sent from a first user to a second user, determine a topic distribution between the first user and the second user, and a topic distribution of the message. The enterprise data validation server may determine a bias value associated with the message by comparing the topic distribution of the message and the topic distribution between the first user and the second user. Accordingly, based on a determination that the bias value exceeds a threshold, the enterprise data validation server send an alert containing a warning message.

Abstract: A technique for providing access to protected resources uses personal authentication tags (PATs) and enforces a requirement that a workstation sending an authentication request be trusted by a server that receives the request. Accordingly, the server allows an authentication request to proceed only when the request is received from a workstation having a trust relationship with the server. Otherwise, the server denies the authentication request. By restricting PAT-type authentication requests to trusted workstations, risks posed by malicious users are greatly reduced.

Abstract: Described embodiments provide systems and methods for controlling loading of web content with scrolling. A scroll manager of a web browser may determine a ratio of a first dimension of a portion of a webpage visible within a viewport of the web browser to a second dimension of an entirety of the webpage. Prior or to loading any other portion of the webpage, the scroll manager may set a scroll thumb dimension within a scroll bar of the web browser based on the ratio. The scroll manager may receive an interaction on the scroll bar of the web browser to arrive at a position within the webpage relative to the second dimension to be displayed within the viewport. Responsive to the interaction, the scroll manager may select a requested portion of the webpage corresponding to the first dimension about the position to render in the viewport.