Abstract: Methods, non-transitory computer readable media, attack mitigation apparatuses, and network security systems that maintain an application context model for a protected application based on ingested logs. The application context model includes a map of network infrastructure associated with the protected application. Using the application context model, potential attack(s) against the protected application are identified and possible mitigation action(s) to take in response to one or more of the identified potential attack(s) are scored. A stored policy is executed to evaluate the possible mitigation action(s) based on the scoring. One or more of the possible mitigation action(s) are initiated on the identified potential attack(s) based on the evaluation. With this technology, malicious network activity can be more effectively and quickly detected and mitigated resulting in improved network security.

Abstract: Technology related to processing network packets with returnable values is disclosed. In one example, a method includes intercepting a Domain Name System (DNS) request including returnable request values in respective request packet fields. A hash function can be used to characterize or modify the intercepted returnable request values. The intercepted DNS request can be forwarded to a DNS server. A DNS response including returnable response values in respective response packet fields can be received. The returnable response values and the hash function can be used to determine whether the DNS response is legitimate. A legitimate DNS response can be forwarded to a client.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that identify a first service based on inspection of a message received from a server. The message is associated with a flow between a client and the server. The first service is incorporated in, or removed from a service chain associated with the flow. The message, or other received network traffic associated with the flow, is then steered according to the service chain. With this technology, network traffic can advantageously be processed and steered according to services within a service chain that more accurately reflect the communications occurring within particular flows with this technology. In particular, service chains for flows can advantageously be established or modified to account for server-speaks-first protocols, as well as protocols that may be used inside secure or encrypted connections.

Abstract: A server is dynamically reconfigured by storing a plurality of server configurations in a configuration store. Requests, received by the server, are routed to one of a plurality of workers for processing the requests. Each request is associated with a current configuration of the plurality of configurations that a worker uses to process the request. The number of workers using each configuration of the plurality of configurations is counted. Responsive to the counting, it is determined that a prior configuration of the plurality of configurations is not being used by the workers. The prior configuration is deleted from the configuration store responsive to the determination that the prior configuration is not being used.

Abstract: A method, non-transitory computer readable medium, and access policy manager (APM) device that provides access to applications hosted by server computing devices to client computing devices each associated with an authenticated user. Interactions of the client computing devices with the applications are monitored to obtain usage statistics. The usage statistics are correlated with identifying information for each of the authenticated users or an indication of each of the applications. Notification rule(s) or parameter(s) of a request for information are applied to the correlated usage statistics. Based on the applying, a notification is sent to one or more of the client computing devices or at least a portion of the correlated usage statistics is sent to at least one of an application administrator or an APM administrator.

Abstract: Methods, non-transitory computer readable media, access policy management apparatuses, and network traffic management systems that send a request received from a client to an application server along with an access token. A determination is made when a received response to the request comprises an unauthorized HyperText Transfer Protocol (HTTP) response status code. The access token is refreshed using a stored refresh token, when the determining indicates that the response is an unauthorized HTTP response status code. The request is resent to the application server along with the refreshed access token. With this technology, an intermediary access policy management apparatus can refresh access tokens automatically and without sending any unauthorized HTTP response status codes received from application servers to client devices, or requiring user re-authorization at the client devices thereby improving the user experience in single sign-on (SSO) federated identity environments.

Abstract: Methods, non-transitory computer readable media, rendezvous gateway (RG) apparatuses, and network security systems that send an RG synchronization message (SYN) to an application in a secure domain following receipt, from a client, of a client SYN comprising an indication of the application. A rendezvous agent (RA) SYN is received, via a firewall coupled to the security domain and in response to the RG SYN, from an RA in the secure domain. A first RG synchronization-acknowledgement message (SYN+ACK) is sent to the client in response to the client SYN. A second RG SYN+ACK is sent, via the firewall, to the RA in response to the RA SYN. The RA is notified of receipt of a client acknowledgement message (ACK) from the client. An RA ACK is received, from the RA and via the firewall, in response to the notification, to thereby establish a full connection between the client and the application.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that obtain a dictionary comprising a plurality of credentials and populate a probabilistic data structure based on the dictionary. A login request is received from a client and one or more credentials are extracted from the received login request. A determination of when the probabilistic data structure indicates that the extracted credentials are included in the dictionary is made. A mitigation action is initiated with respect to the client, when the determination indicates that the probabilistic data structure indicates that the extracted credentials are included in the dictionary. This technology more efficiently and effectively detects and mitigates brute force credential stuffing attacks advantageously using a reduced amount of resources.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that receive a directory service authentication request from an application. The directory service authentication request comprising a first password. The first password is compared to a stored second password received from a previously-authenticated client to determine when there is a match. A positive authentication result is returned to the application in response to the directory service authentication request, when the determining indicates that there is a match. This technology advantageously facilitates client certificate authentication for applications that only support password-based login.

Abstract: The disclosed technology includes accessing a first network application programming interface exposed by a first cloud provider of the plurality of cloud providers to identify a first pricing profile, the first pricing profile associated with the first Cloud provider. Upon identifying the first pricing profile, accessing a second network application programming interface exposed by a second cloud provider of the plurality of cloud providers to identify a second pricing profile, the second pricing profile associated with the second Cloud provider. A load balancing decision is determined comparing the identified first pricing profile with the identified second pricing profile. Next, the determined load balancing decision is executed on a monitored computing-traffic.

Abstract: Methods, non-transitory computer readable media, session director apparatuses, and network traffic management systems that facilitate packet data network (PDN) service slicing with microsegmentation in an evolved packet core are disclosed. With this technology, a create session request (CSR) general packet radio service (GPRS) tunneling protocol (GTP) control (GTP-c) message is intercepted. A lookup key is then determined based on content of the intercepted CSR GTP-c message. A PDN gateway (PGW) identifier for a PGW is obtained using a slice name obtained using the lookup key. The intercepted CSR GTP-c message is modified to include the obtained PGW identifier. Subsequently, the modified CSR GTP-c message is steered based on the obtained PGW identifier, such as directly to the PGW or to a serving gateway (SGW) module associated with the PGW.

Abstract: Network traffic management apparatuses, systems, methods, and computer-readable media for automatically detecting attack signatures and generating attack signature identifications, involving: collecting a stable dataset during a stable time; determining whether a cyber-attack is detected; when a cyber-attack is detected, periodically generating attack signatures and updating an enforcer with the attack signatures, the attack signatures representing dynamic rules to be enforced; validating the dynamic rules via a long-time validation mechanism, validating involving considering behavior of each dynamic rule after the cyber-attack and during a new cyber-attack and ranking each dynamic rule using the stable dataset, thereby generating persistent rules having a dynamic rule; exporting the persistent rules to a security enforcer; introducing the persistent rules to a persistent rule revocater; determining whether export of an unrevoked persistent rule is requested; and if requested, exporting the unrevoked persiste

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that receives a client access request to access content at one or more server devices. Fingerprint attributes associated with the client device are collected and utilized to identify potential fingerprints. Potential fingerprints are identified based on the collected fingerprint attributes. Previously validated fingerprints stored in a database are utilized to determine when the one of the potential fingerprints matches with one of a previously validated fingerprints stored in the database. The client device is authorized to access content requested in the client access request when the determination indicates that the one of the potential fingerprints matches with one of the plurality of previously validated fingerprints stored in the database.

Abstract: A method, non-transitory computer readable medium, and device includes monitoring a session layer and transport layer network traffic data received from a plurality of client computing devices and plurality of servers. A plurality of network traffic anomaly threshold values and a plurality of server health anomaly threshold values for the monitored session layer and the transport layer network traffic data are estimated. Whether a plurality of current network traffic anomaly values and a plurality of current server health anomaly values for the monitored network traffic data exceeds each of the corresponding estimated plurality of network traffic anomaly threshold values and the estimated plurality of server health anomaly threshold values, and whether the current plurality of network traffic anomaly values and the current plurality of server health anomaly values are not a false anomaly is determined. A mitigation action is initiated based on the determination.

Abstract: A method, non-transitory computer readable medium, and device that assists with SSL protected NTLM reauthentication includes receiving a connection reset message from a web application server. The received connection reset message is forwarded to the client computing device. A recent request including connection data to access a web application is received on a new connection as a response to the forwarded connection reset message from the client computing device. Next, it is determined whether the received recent request to access the web application including the connection data is identical to a stored connection data. The client computing device is re-authenticated and granted access to the requested web application to when the connection data is determined to be identical to the stored connection data.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that send a server response to a client request from a requesting client device to a service chaining device. A modified server response from the service chaining device is received based on a correlation of the server response to one or more service policies. A determination is made on whether the modified server response requires additional processing by one or more additional service chaining devices based on the modified server response. The processed server response is received from the one or more additional service chaining devices when the determination indicated processing was required. The processed server response is transmitted to the requesting client device.

Abstract: Methods, non-transitory computer readable media, and network traffic manager apparatus that assists managing security tokens based on security violations includes monitoring network traffic data between a client and a web application server. Next, the monitored network traffic data is determined for at least one security violation. One or more access tokens associated with the client is modified when the at least one security violation is detected in the monitored network traffic data. The client is restricted from accessing one or more web applications based on the modified one or more access tokens.

Abstract: Methods, non-transitory computer readable media, and mobile application manager apparatus that assists secured SCEP enrollment of client devices includes receiving a certificate signing request and an encrypted device key from an enrolled mobile device. The received certificate signing request is forwarded to a simple certificate enrollment protocol server upon determining a validity of the received encrypted device key. A signed device certificate is received from the simple certificate enrollment protocol server as a response to the forwarded certificate signing request. The secured simple certificate enrollment protocol enrollment is completed forwarding the signed device certificate to the enrolled mobile device.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that obtain an assigned Internet Protocol (IP) address from a DHCP server in response to an address request received from a client. One of a plurality of processing cores, on which a traffic management process is executing, is identified. The assigned IP address is modified based on the identified processing core. The modified IP address is sent to the client in response to the received address request. With this technology, connections associated with a same subscriber can advantageously be disaggregated to the same traffic management process.

Abstract: A method and system for improving the security and control of internet/network web application processes, such as web applications. The invention enables validation of requests from web clients before the request reaches a web application server. Incoming web client requests are compared to an application model that may include an allowed navigation path within an underlying web application. Requests inconsistent with the application model are blocked before reaching the application server. The invention may also verify that application state data sent to application servers has not been inappropriately modified. Furthermore, the invention enables application models to be automatically generated by employing, for example, a web crawler to probe target applications. Once a preliminary application model is generated it can be operated in a training mode. An administrator may tune the application model by adding a request that was incorrectly marked as non-compliant to the application model.