Abstract: A method, system, and computer-usable medium are disclosed for receiving a response, by a security management system, from a site external to an internal network comprising the security management system to an endpoint device of the internal network, and injecting a header into the response by the security management system, the header including security rules, such that when the response is communicated to the endpoint device, the endpoint device responds to the security management system with information regarding subsequent requests made by the endpoint device in connection with the response.

Abstract: A method for migrating a data schema comprising combining a first deterministic finite automaton with a second deterministic finite automaton to generate a modified deterministic finite automation. Identifying a state of the modified deterministic finite automaton without computed followers. Computing a new vector of original states for each state of the modified deterministic finite automaton corresponding to the identified state.

Abstract: A method may include providing a multi-access interface for network traffic, comprising: receiving information regarding topology of a virtual private network and storing the topology in the form of a routing table. A method may include providing an interface for network traffic, comprising: in a virtual private network comprising a plurality of tunnels delivering only information associated with OSI Level 3, receiving a network communication and performing multicast forwarding among the plurality of tunnels using multicast forwarding from OSI Level 2. A method may include providing an interface for network traffic, comprising, in a virtual private network: establishing a connection between a first node of the virtual private network and a second node serving as a virtual private network broker and fetching, by the first node from the virtual private network broker, information regarding one or more other nodes of the virtual private network.

Abstract: A method, system, and computer-usable medium are disclosed for, responsive to receipt at a security device of a webpage request from a client to a server, obtaining a unique user identifier corresponding to a tab of a web browser issuing the webpage request and associating the unique user identifier with network events associated with the tab and the webpage request.

Abstract: A method, system and computer-usable medium for containerized deployment of microservices used to deploy a product or service, such as a software application running on an information handling system is described. Artifacts related to particular versions of the one or more microservices are determined. An immutable container of the artifacts is created and provided to one more environments using the same configuration of the product or service. The container is deployed in the environments during release of the product or service.

Abstract: A method, system and computer-usable medium for performing a security analysis operation within a security environment, comprising: monitoring electronically-observable user behavior about a particular entity; maintaining a state about the particular entity, the state representing a context of a particular event; converting the electronically-observable user behavior into electronic information representing the electronically-observable user behavior; generating a user behavior profile based upon the electronic information representing the electronically-observable user behavior; and, analyzing the event using the state of the entity and the user behavior profile.

Abstract: A system, method, and computer-readable medium are disclosed for performing a distribution of interrelated event features operation. The distribution of interrelated event features includes: receiving a stream of events, the stream of events comprising a plurality of events; extracting features from the plurality of events; constructing a distribution of the features from the plurality of events; analyzing the distribution of the features from the plurality of events; and, dynamically reweighting the distribution of the features to scale a number of events contained within the distribution.

Abstract: A system for providing network data processing, comprising a processor operating one of more algorithms that are configured to interface with one or more clients to receive a client hello data message. A transport layer security extension extraction system operating on the processor and configured to extract an extension from the client hello data message. A transport layer security extension identification system operating on the processor and configured to process the extension from the client hello data message and to identify a data networking session using the extension.

Abstract: A system for data processing, comprising a plurality of data processing systems, each associated with a user and having an anchor certificate, a proxy system operating on a processor and configured to determine whether an expiration associated with the anchor certificate for each data processing system is within a predetermined time of expiration and a certificate expiration monitor operating on the processor and configured to generate a certificate signing request in response to the determination that the expiration associated with the anchor certificate for each data processing system is within the predetermined time of expiration.

Abstract: A method, system, and computer-usable medium are disclosed for: (i) determining if a server response from a server received at a security device and intended for a client includes original encryption key information for encrypting identifying information associated with the server; (ii) if the server response includes original encryption key information for encrypting identifying information associated with the server, determining if a network policy provides for decryption of identifying information associated with the server; and (iii) if the network policy provides for decryption of identifying information associated with the server, replacing the original encryption key information with modified encryption key information associated with the security device and communicating the server response to the client with the modified encryption key information associated with the security device.

Abstract: A system for network configuration, comprising a graphic user interface system operating on a first processor and configured to allow a user to select one or more hardware infrastructure components and one or more software infrastructure components for use with a first infrastructure. A configuration recording system operating on a second processor and configured to receive two or more objects associated with each of the selected one or more hardware infrastructure components and each of the selected one or more software infrastructure components and to store the two or more objects in a template.

Abstract: A method, system and computer-usable medium for collecting and scanning data (i.e., web POST data) before the data is sent. A POST request is sent from a client device to server. The request is through a web browser running a script language listing. The script language listing is paused, while the data is held and scanned. A determination is made to allow or block the data before the data is sent through the POST request.

Abstract: A method, system and computer-usable medium for identifying communications received from potentially untrustworthy entities. More specifically, in one embodiment the invention relates to a computer-implemented method comprising: receiving an electronic communication for a receiving entity from a sending entity; accessing social media profile information for the sending entity from a social media network; and analyzing the social media profile information of the sending entity pursuant to determining whether the received electronic communication is from a potentially untrustworthy entity. Certain embodiments use the determination as to whether the received electronic communication is from a potentially untrustworthy entity to assess whether the received electronic communication is a reconnaissance communication, such as a phishing email.

Abstract: A system, for managing application specific configuration data, that receives, from a local server, a standardized configuration object, at a configuration engine, for a configurable entity, generates at least one configuration object file for the configuration entity, wherein the standardized configuration object is generated based on the application specific configuration data according to a system wide metadata specification. The system can further write each configuration object file to a shared memory structure associated with a configuration file of a configurable entity. The system receives the configuration object, compares the configuration object with another standardized configuration object, and interfaces the configuration object with the configuration engine. The interfaced configuration object can be a piece of configuration. The system permits read access to the configuration engine to the configuration object, permits read and write access to the management server to the configuration object.

Abstract: A method, system and computer-usable medium for generating a user behavior profile, comprising: monitoring user interactions between a user and an information handling system; converting the user interactions and the information about the user into electronic information representing the user interactions; generating a unique user behavior profile based upon the electronic information representing the user interactions and the information about the user; storing information relating to the unique user behavior profile within a user behavior profile repository; and, storing information referencing the unique user behavior profile in a user behavior blockchain.

Abstract: A method, system and computer-usable medium for providing security friction to a request for access to a resource based on whether the access request is atypical. In certain embodiments, a request to access the resource based on a user identity is received electronically. The system determines whether the request is typical or atypical. If the request is typical, access to the requested resource is granted. However, if the request is atypical, access to the requested resource is only allowed if the correct information is provided in response to one or more access control methods that provide an amount of security friction that would otherwise not have been asserted if the resource request was typical. In certain embodiments, an elapsed time between access requests based on the user identity is used to determine whether the access request is atypical.

Abstract: A method, system and computer-usable medium for using pseudonyms to identify entities and their corresponding security risk factors is disclosed. In certain embodiments, a computer-implemented method for identifying security risks associated with a plurality of different entities is disclosed, wherein the method comprises: receiving a stream of events, the stream of events comprising a plurality of events associated with the plurality of different entities; pseudonymizing events of the plurality of events by replacing entity names in the plurality of events with corresponding entity pseudonyms to thereby provide a plurality of pseudonymized events; executing security analytics operations on the plurality of pseudonymized events to identify user behaviors presenting security risks; and using the entity pseudonyms to anonymously identify entities engaging in security risk related behaviors.

Abstract: A method, system, and computer-usable medium are disclosed for: (i) communicating, from a client device to a security device via a metadata connection, metadata regarding a data connection to be established by the client device, the metadata comprising a connection identifier uniquely identifying the data connection; and (ii) communicating, from the client device to the security device via the data connection, network traffic comprising a packet that includes the connection identifier, such that the security device may use the connection identifier to index an entry associated with the metadata that the security device has stored in a metadata cache.

Abstract: A method, system, and computer-usable medium are disclosed for providing a multi-access interface for network traffic, comprising: receiving information regarding topology of a virtual private network and storing the topology in the form of a routing table. A method, system, and computer-usable medium are disclosed for providing an interface for network traffic, comprising: in a virtual private network comprising a plurality of tunnels delivering only information associated with Open Systems Interconnect stack Level 3, receiving a network communication and performing multicast forwarding among the plurality of tunnels using multicast forwarding from Open Systems Interconnect stack Level 2.

Abstract: A method, system, and computer-usable medium are disclosed for, responsive to an attempted connection from a client to a server for establishing communications between the client and the server, redirecting the connection to a proxy and injecting protocol-independent header information into a datagram of the traffic between the client and the server, the protocol-independent header information including information based upon which the proxy enforces a security policy.