Abstract: Systems, devices, and methods are discussed for network security using hardware accelerated network traffic classification capable of classifying network traffic as a first occurrence of a network traffic event or a subsequent occurrence of a network traffic event.

Abstract: Various systems, devices, storage media, and methods are discussed for performing secured access service edge (SASE) processing in a network potentially having multiple SASE processing capable devices.

Abstract: Various systems, devices, storage media, and methods are discussed for selecting communication paths based upon health status in a hub and spoke communication network.

Abstract: Systems, devices, and methods are discussed for detecting and/or mitigating the spread of computer malware in a network environment.

Abstract: Various approaches for providing network maintenance and health monitoring are discussed. In some cases, some approaches include systems, methods, and/or devices that provide for detecting problematic network behavior and deploying countermeasures in relation to the detected behavior without an agent operating on the device where the countermeasures are implemented.

Abstract: Various approaches for identifying possible unsecured devices on a network as set forth. In some cases, approaches discussed relate to systems and methods for identifying possible unsecured devices based upon a host name for each of the discovered devices.

Abstract: The DHCP requests can be sent by endpoints to get first IP addresses. SSO data concerning the endpoints is collected using an identity service. A DHCP fingerprint is generated for of the each endpoints, including the first IP addresses. DHCP fingerprints are stored to an SSO unification database along with corresponding SSO data for the endpoints at the first IP addresses, including a specific endpoint at a first IP address on the wired network. While tracking, the specific endpoint is subsequently detected at a second IP address on the wireless network. The new IP address can be responsive to a transition by the specific endpoint from the wired network to the wireless network, or visa versa. The detection is based on matching a DHCP fingerprint of the specific endpoint to a record of the SSO unification database, and checked to see if the IP addresses are consistent. An SSO authentication transaction is performed to reauthenticate the specific endpoint.

Abstract: An anomalous behavior is detected at an AI server device based on data communications managed by the wireless controller. In response to the detected behavior, a robot module can be deployed to a location of the anomalous behavior for testing. Once at the location, logs can be collected from testing or troubleshooting at the location and involving a remote access point proximate to the anomalous behavior (e.g., sniff and capture at specific channel or multiple channels in real-time). Solutions are generated from AI analysis concerning the anomalous behavior and priority level, including at least one automatically implemented solution to self-remediate the wireless network.

Abstract: Systems, devices, and methods for correlating security policies to received packets are provided. In one example, a network device, maintains information regarding multiple security policies within a dual bitmap based search tree including a first bitmap and a second bitmap formatted as information embedded in a node structure. A packet is received by the network. A first field of the packet is compared with a first range, corresponding to a first bit location in the first bitmap in which the first bit location in the first bitmap is associated with at least a first security policy. After determining the first field is within the first range, the network device accesses a second bit location in the second bitmap, corresponding to the first bit location. Based at least in part upon a value in the second bit location, a set of one or more security policies are applied to the packet.

Abstract: Systems, devices, and methods are disclosed that may be used for identifying potential insider attacks on a computer network.

Abstract: Various approaches for securing networks against access from off network devices. In some cases, embodiments discussed relate to systems and methods for identifying potential threats included in a remote network by a network access device prior to requesting access to a known secure network via the remote network.

Abstract: When a data packet too big frame is received from the access point, activating fragmentation at the station. The data packet too big frame is responsive to a data packet being sent from the station to the access point and then being rejected as too big when sent from the access point to a network device due to the data packet being too large for processing by the network device. The fragmentation activated at the station and configured based on a maximum data packet size allowed by the network device.

Abstract: Systems, devices, and methods are discussed for enhancing security in a container server environment.

Abstract: Responsive to matching a site prefix to IPv6 network traffic from clients, the traffic as intended, and responsive to not matching the site prefix, classifying the corresponding traffic as unintended. An initial rate of packet occurrence and predict load caused by intended traffic and predicting load caused by unintended traffic is calculated, based on an initial rate of packet occurrence. The predicted traffic loads are fed back by configuring behavior of network modules according to the predictions of intended traffic load and unintended traffic load. Packet processing traffic at the network modules is based on traffic classification from the outcome of the AI-neuron.

Abstract: A CRC rule is generated for each CRC parity check circuit from a bank of CRC parity check circuits for mapping a fixed-length CRC output to a signature, each of the CRC parity check circuits servicing a specific string length. The selected CRC parity circuit outputs a fixed-length parity-check data for the specific data packet, and the string mapper maps the fixed-length parity-check data for the specific data packet to one of the string identifiers associated with the group of signatures. If a fixed-length parity-check match is found, outputting a string identifier of the match for a security action.

Abstract: Systems and methods for adjusting the behavior of an endpoint security agent based on a network location are provided. According to an embodiment, an agent of an endpoint device detects whether the endpoint has moved to a new network by monitoring for changes to an IP address associated with the endpoint. When the detecting is affirmative, the agent further determines whether a trusted network determination service associated with a cloud-based security service is reachable. When the determining is affirmative, the agent further identifies whether the new network is among a set of trusted networks that have been previously registered with the cloud-based security service by querying the trusted network determination service. When the identifying is affirmative, a particular security feature on the endpoint is configured for operation within a trusted network and when the identifying is negative, the particular security feature is configured for operation outside of a trusted networks.

Abstract: A change of a user device from a wireless connection to the enterprise network to a wired connection to the enterprise network (or a cellular network) is detected. In response, a snapshot of network conditions relevant to the user device are detected. A health check on the network conditions can identify specific network issues negatively affecting the user device and the issues are remediated. A remediation model is generated with AI that a different user change will occur based on a later health check revealing similar network conditions to the earlier health check. In response, the issues are automatically remediating the specific network issues based on the earlier stored remediation the earlier.

Abstract: Activities within a network environment are monitored (e.g., using agents). At least a portion of the monitored activities are used to generate a logical graph model. The generated logical graph model is used to determine an anomaly. The detected anomaly is recorded and can be used to generate an alert.

Abstract: A compiler (CPL) plugin comprises a TC to, responsive to a new DV test, read configuration settings and selects appropriate plugin processes based on the configuration settings. An API interface can generate images that control the special purpose processor during a stage of a plurality of stages for a CPL-related design verification (DV) test and call selected plugin processes. A common compiler module comprising a common function codebase. A DV specialized support module comprising a DV function only codebase, wherein the DV has access to the common compiler module. An RP specialized support module can comprise an RP function only codebase, wherein the codebase is common for both DV and RP, and wherein top-level APIs are designed for both DV and RP. Responsive to completing the DV test, TC disables the plugins and injects traffic for the DV test, and wherein TC reports testing results.

Abstract: Systems, devices, and methods are discussed that provide for discovering protected data from a code. Such detection provides an ability to discover potentially malicious code and/or datasets obfuscated within a code prior to full execution of the code.