Abstract: A Wi-Fi controller receives notification of a probe request of a station that was received from each at least two of the at least two of the two or more Wi-Fi 7 access points of a multiple access point coordination group. The probe requests are each sourced from the station while within the at least partially overlapped radio signal coverage area. The Wi-Fi controller selects one of the at least two of the two or more access points to respond to the probe request with a probe response with a single probe response to the station, in response to the multiple probe requests, by notifying the selected access point to send the single probe response including an RNR (reduced neighbor report) data providing connection information for the at least two access points. The other of the at least two Wi-Fi 7 access points refrain from sending additional probe responses to the station.

Abstract: A method is disclosed. The method comprises receiving data for a virtual private cloud (VPC), receiving, via a graphical user interface (GUI), a request to access the VPC data and displaying, at the GUI, a resource page providing a filter view of VPC resources including in the VPC data.

Abstract: Systems, devices, and methods are disclosed that may be used for identifying potential insider attacks on a computer network.

Abstract: Time series anomaly detection, including: gathering data associated with a particular event type and a particular user; generating, based on the data, a time series analysis; detecting an anomaly based on the time series analysis; and generating information describing the anomaly.

Abstract: Systems, devices, and methods are discussed for automatically determining a risk-based focus in determining zero trust network access policy on one or more network elements.

Abstract: The DHCP requests can be sent by endpoints to get first IP addresses. SSO data concerning the endpoints is collected using an identity service. A DHCP fingerprint is generated for of the each endpoints, including the first IP addresses. DHCP fingerprints are stored to an SSO unification database along with corresponding SSO data for the endpoints at the first IP addresses, including a specific endpoint at a first IP address on the wired network. While tracking, the specific endpoint is subsequently detected at a second IP address on the wireless network. The new IP address can be responsive to a transition by the specific endpoint from the wired network to the wireless network, or visa versa. The detection is based on matching a DHCP fingerprint of the specific endpoint to a record of the SSO unification database, and checked to see if the IP addresses are consistent. An SSO authentication transaction is performed to reauthenticate the specific endpoint.

Abstract: Responsive to matching a site prefix to IPV6 network traffic from clients, the traffic as intended, and responsive to not matching the site prefix, classifying the corresponding traffic as unintended. An initial rate of packet occurrence and predict load caused by intended traffic and predicting load caused by unintended traffic is calculated, based on an initial rate of packet occurrence. The predicted traffic loads are fed back by configuring behavior of network modules according to the predictions of intended traffic load and unintended traffic load. Packet processing traffic at the network modules is based on traffic classification from the outcome of the AI-neuron.

Abstract: Systems, devices, and methods are disclosed in relation to a vector space model that may be used to characterize a category of messages. In one of many possible implementations, the frequency of words found within a piece of text is determined. These frequencies are compared against the frequencies of words within a given corpus like the Oxford English Corpus by first converting the frequencies to probabilities via the inverse cumulative distribution function assuming a normal distribution of frequencies then via taking the absolute difference in frequencies. A small difference reduces the weight of the given word whereas a large weight increases the weight of the word, leading to excellent word ranking for automated feature selection filtering without the need for a negative corpus.

Abstract: A rogue Wi-Fi 6E access points are identified by on-wire data traffic of authorized Wi-Fi 6E access points. Data traffic is monitored across all access points for the rogue Wi-Fi 6E access points according to an SSID/BSSID scan table. In response, modified CSA values are sent from spoofed action frames that have a source BSSID of the rogue access points rather than the authenticated access point that transmits.

Abstract: Systems, devices, and methods are disclosed for encoding behavioral information into an image format to facilitate image based behavioral identification.

Abstract: Various embodiments provide systems and methods systems and methods for dynamically attracting malicious network behavior.

Abstract: A change of a user device from a wireless connection to the enterprise network to a wired connection to the enterprise network (or a cellular network) is detected. In response, a snapshot of network conditions relevant to the user device are detected. A health check on the network conditions can identify specific network issues negatively affecting the user device and the issues are remediated. A remediation model is generated with AI that a different user change will occur based on a later health check revealing similar network conditions to the earlier health check. In response, the issues are automatically remediating the specific network issues based on the earlier stored remediation the earlier.

Abstract: To check for phishing, text from a screenshot of the web page and a feature vector describing the text are generated and recognized with OCR. If OCR text is on keyword list, it is determined if web page is suspicious for phishing by inputting features of the web page text in a keyword feature model trained from keyword features of known phishing web pages and/or known legitimate web pages. Responsive to a suspicious web page, web search results are generated from the keywords. Responsive to the suspicious web page not appearing within top web search results, the suspicious web page can be flagged as a phishing web page.

Abstract: Systems, devices, and methods are discussed for mitigating security threats due to web-domain characteristic changes.

Abstract: Using activity monitored by multiple data sources to identify shadow systems, the method comprising: gathering first information describing access to one or more resources by one or more user devices of a user; gathering, from at least a subset of the one or more user devices, second information describing access to the one or more resources; and identifying one or more shadow systems based on a discrepancy between the first information and the second information.

Abstract: Various systems, devices, storage media, and methods are discussed for performing secured access service edge (SASE) processing in a network potentially having multiple SASE processing capable devices.

Abstract: Various approaches for providing network maintenance and health monitoring are discussed. In some cases, some approaches include systems, methods, and/or devices that provide for detecting problematic network behavior and deploying countermeasures in relation to the detected behavior without an agent operating on the device where the countermeasures are implemented.

Abstract: Systems, devices, and methods are discussed for detecting and/or mitigating the spread of computer malware in a network environment.

Abstract: Various systems, devices, storage media, and methods are discussed for selecting communication paths based upon health status in a hub and spoke communication network.

Abstract: Systems, devices, and methods are discussed for network security using hardware accelerated network traffic classification capable of classifying network traffic as a first occurrence of a network traffic event or a subsequent occurrence of a network traffic event.