Abstract: Methods, non-transitory computer readable media, anomaly detection apparatuses, and network traffic management systems that generate, based on the application of one or more models and for a first flow associated with a received first set of network traffic, one or more likelihood scores and at least one flow score based on the likelihood scores. One or more of the one or more models are associated with one or more browsing patterns for a web application to which the first set of network traffic is directed. A determination is made when the flow score exceeds a threshold. A mitigation action is initiated, based on a stored policy, with respect to the first set of network traffic, when the determining indicates that the flow score exceeds the established threshold.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that generate a duration corresponding to a current one of a plurality of states in a TCP connection. The duration is generated based on a difference between a stored time recorded at a previous transition to the current one of the states and a current time. The duration is stored or output as associated with the current one of the states. The stored time recorded at the previous transition to the current one of the states is then replaced with the current time. A determination is made when one or more TCP configurations should be modified based on the duration for the current one of the states. The one or more TCP configurations are automatically modified to improve TCP performance, when the determining indicates that the one or more TCP configurations should be modified.

Abstract: Methods, non-transitory computer readable media, access policy management apparatuses, and enterprise network systems that facilitate adaptive organization of web application access points in webtops are disclosed. With this technology, access points for web applications are more effectively presented in webtops to facilitate more efficient access to web applications by clients. In particular, this technology utilizes historical application access pattern data to determine a subset of allowed web applications most likely to be accessed in a current session, and generates and provides a webtop with access points for web applications organized based on the determined subset of the allowed web applications. Thereby, this technology facilitates adaptive webtops that reduce the amount of time required to locate access points for web applications and improve user productivity.

Abstract: Methods, non-transitory computer readable media, and security management apparatus that retrieves a web page in response to a request for the web page received from a client device. Remote access trojan (RAT) malware detection source code is injected into the web page and the web page is sent to the client device in response to the request. The RAT malware detection client-side source code is configured to, when executed by a web browser of the client device, output an alert when a possible attack is detected based on monitored movement of a mouse pointer, key events, or executing animations. A determination is made when the alert has been received from the client device. A security action is initiated according to an established policy, when the determining indicates that the alert has been received from the client device.

Abstract: Embodiments are directed to managing communication over a network with traffic management computers (TMCs). If network traffic that is statelessly monitored is selected for stateful monitoring, the TMCs may perform operations to transition from stateless monitoring to stateful monitoring with minimal disruption of users/clients. TMCs may receive the network traffic that include network packets. If the network packets are statelessly monitored by the TMCs one or more stateless network management operations may be performed on the network packets. If the network packets may be statefully monitored the TMCs may perform stateful network management operations on the network packets.

Abstract: Performance of connection flow management between a hardware-based network interface and a software module of a network traffic management device is disclosed. A flow connection setup for a flow connection is established between a client device and a server at the network traffic management device. It is then determined if the flow connection is symmetrical or asymmetrical in nature. A flow signature entry and a transformation data entry for the flow connection is generated, by software executed by the network traffic management device, in opposing first and second symmetric or asymmetric flow directions. The flow signature entry and the transformation data entry for the first and second flow directions is sent from the software module to the network interface. The network interface stores and utilizes the flow signature entry and the transformation data entry to perform acceleration on data packets in the first and second flow directions.

Abstract: Methods, non-transitory computer readable media, and mobile application manager apparatus that assists with deterministic enforcement of compliance policy includes receiving one or more compliance policy changes. An estimated time to enforce the received one or more compliance policy changes on one or more enrolled mobile devices is identified. It is determined whether the identified estimated time to enforce the received one or more compliance policy changes is acceptable based on one or more stored parameters. The received one or more compliance policy changes on the one or more enrolled mobile devices is enforced when the identified estimated time is determined to be acceptable and updating existing one or more compliancy policies with the received one or more compliance policy changes.

Abstract: Embodiments are directed towards managing name service communications using traffic management computers (TMCs). TMCs may extract values from a name service reply received from one or more name service computers. TMCs may provide a name service key based on the values extracted from the name service reply. Accordingly, if a new flow may be detected further actions may be performed, including: TMCs may extract values from a network packet associated with the new flow; TMCs may provide a flow key based on one or more values from one or more fields of a network packet associated with the new flow; TMCs may compare the flow key to one or more name service keys; and if the comparison may be affirmative, TMCs may apply one or more traffic management policies associated with the affirmative comparison.

Abstract: Methods, non-transitory computer readable media, and security management computing devices are disclosed herein. With this technology, an executable code is sent to a client. The executable code is configured to obtain information associated with the client, assemble the information into a fingerprint, and return the fingerprint. A determination is made when the fingerprint is returned from the client. When the determining indicates that the fingerprint has been returned, a determination is made when a record of a reputation database matches the fingerprint. Historical data in the record is updated to include information associated with the request and an action is initiated based on the historical data or other data included in the record. The action includes blocking an access request or providing access to a requested resource to the client, when the determining indicates that the record of the reputation database matches the fingerprint.

Abstract: A system for accelerating web page loading in a user client is provided. The system includes computing platform being in communication with the user client and being configured for changing object delivery/loading order or object rendering at the web browser, or bundling the objects into one or more bundles according to object use and change frequency.

Abstract: A method, non-transitory computer readable medium, and application management computing device that obtains a segment of streaming video content from a server device in response to a request for the segment received from a client device. One or more static or dynamic parameter values associated with the streaming video content are determined. A segment quality of experience (QOE) score is generated for the segment based on one or more of the static or dynamic parameter values. A session identifier is extracted from the request or from a response from the server device that includes the segment. A video QOE score is generated for the streaming video content based on the segment QOE score and another segment QOE score for another segment of the streaming video content retrieved from a record of a session database associated with the session identifier. The video QOE score is output.

Abstract: Network traffic management apparatuses, systems, methods, and computer-readable media for automatically detecting attack signatures and generating attack signature identifications, involving: collecting a stable dataset during a stable time; determining whether a cyber-attack is detected; when a cyber-attack is detected, periodically generating attack signatures and updating an enforcer with the attack signatures, the attack signatures representing dynamic rules to be enforced; validating the dynamic rules via a long-time validation mechanism, validating involving considering behavior of each dynamic rule after the cyber-attack and during a new cyber-attack and ranking each dynamic rule using the stable dataset, thereby generating persistent rules having a dynamic rule; exporting the persistent rules to a security enforcer; introducing the persistent rules to a persistent rule revocater; determining whether export of an unrevoked persistent rule is requested; and if requested, exporting the unrevoked persiste

Abstract: Methods, non-transitory computer readable media, security management apparatuses, and network traffic management systems that send a web page to a client device in response to a received request for a web resource. The web page comprises injected capability analysis client-side code that is configured to obtain and return capability data for a web browser identified in a user agent header of the request. A response comprising the returned capability data is received and the returned capability data is compared with expected capability data for the web browser identified in the user agent header of the request. A score is generated based at least in part on the comparison and a determination is made when the score exceeds an established threshold. The web resource is retrieved and provided to the client device, when the determining indicates that the score exceeds the established threshold.

Abstract: Embodiments are directed towards overprovisioning IP addresses among a plurality of traffic management devices (TMDs). A plurality of IP addresses may be distributed among a plurality of available TMDs. A corresponding mirror TMD may be determined for each IP address. The corresponding mirror TMD for an IP address may be different than the available TMD currently associated with the IP address. In various embodiments, connections associated with each IP address may be mirrored at their corresponding mirror TMDs. The available TMDs may be employed to perform traffic management tasks on received packets based on at least a destination IP address of the received packets and the IP addresses associated with the available TMDs. If a TMD becomes unavailable, the IP addresses associated with the unavailable TMD may be redistributed to at least one remaining available TMD.

Abstract: A system, medium and method for dynamically constructing a service principal name is disclosed. A client request from a user to access a service is received at a network traffic management device which identifies an internet protocol (IP) address of a selected backend server to provide the requested service to the client. The network traffic management device identifies a hostname of the selected backend server based at least on the identified IP address and dynamically generates a service principal name (SPN) of the selected backend server based on the determined host name. The network traffic management device obtains a service ticket from a domain controller server using at least the generated SPN of the selected backend server. The network traffic management device uses the obtained service ticket along with the client request to provide the user access to the selected backend server for the client request.

Abstract: A method, non-transitory computer readable medium, and traffic management computing device that allocates a subset of tokens to active subscribers based on an estimated number of subscribers that will be active in a next sampling period. A request to transmit a first packet is received from one of the active subscribers. A determination is made when a current time is prior to an expiration of the allocated subset of the tokens. Another determination is made when a length of the first packet is less than a size corresponding to an available portion of the allocated subset of the tokens when the current time is determined to be prior to the expiration of the allocated subset of the tokens. The first packet is transmitted when the length of the first packet is determined to be less than a size corresponding to an available portion of the allocated subset of the tokens.

Abstract: A method, non-transitory computer readable medium and an application management computing device that assists with progressive image delivery includes obtaining one or more webpages requested by a client computing device. One or more images are identified in the obtained one or more webpages. The identified one or more images are prioritized based on a position of each of the identified one or more images in the obtained one or more webpages. The prioritized one or more images are progressively delivered to the requesting client computing device. By progressively delivering images over multiple passes, the technology is able to quickly convert the low quality images initially provided to high quality images. Additionally, by converting the low quality images to high quality images over multiple passes, the technology utilizes very less bandwidth thereby providing the requested content to the requesting one of the plurality of client computing devices quickly.

Abstract: A method, non-transitory computer readable medium and device that assists with scaling infrastructure in a mobile application environment obtaining a number of mobile application installations of a mobile application on a plurality of mobile devices. A number of mobile application installations corresponds with a number of backend enterprise web applications online on one or more web applications servers is determined where the backend enterprise web applications are associated with the mobile application. The number of backend enterprise web applications online on the one or more web application servers is modified when the determining indicates the number of mobile application installations does not correspond with the number of backend enterprise web applications.

Abstract: The present invention is a method, circuit and system for detecting, reporting and preventing an attempted security breach of a commercial website (for example a banking website), such as identity theft, website duplication (mirroring/Phishing), MITB (man in the browser) attacks, MITM (man in the middle) attacks and so on.

Abstract: Network traffic management systems, apparatuses, and methods involving a load balancer, responsive to a processor operable by the set of executable instructions storable in relation to a memory device, configured to: monitor computing-traffic for each Cloud provider of a plurality of Cloud providers to determine a traffic profile for each Cloud provider of the plurality of Cloud providers; access a first network application programming interface exposed by a first Cloud provider of the plurality of Cloud providers to identify a first pricing profile, the first pricing profile associated with the first Cloud provider; access a second network application programming interface exposed by a second Cloud provider of the plurality of Cloud providers to identify a second pricing profile, the second pricing profile associated with the second Cloud provider; and compare the first pricing profile with the second pricing profile to influence a load balancing decision, whereby a pricing profile comparison is providable.