Abstract: Example systems and methods monitor a cloud compute environment. An example method includes: determining, by an agent deployed in a cloud environment and based on a plurality of data packets transmitted over a plurality of network interfaces of the cloud environment, a set of data packets that are associated with a communication between a first container and a second container; determining, by the agent and based on the set of data packets, communication data associated with the communication; and providing, by the agent, the communication data to a data platform, wherein providing the communication data to the data platform uses less network resources than providing the set of data packets to the data platform.

Abstract: Learning from other cloud deployments to combat security threats, including: identifying, for at least a portion of a first cloud deployment, one or more additional cloud deployments to utilize for cross-customer learning; receiving information describing a security threat to one or more of the additional cloud deployments; receiving information describing configuration settings used to combat the security threat; and identifying, based on the information describing configuration settings used to combat the security threat, one or more configurations to adopt for the first cloud deployment.

Abstract: Leveraging generative artificial intelligence (‘AI’) for securing a monitored deployment, including: receiving natural language input associated with the monitored deployment, the monitored deployment monitored by a monitoring tool; and receiving, from a generative AI application, a response to the natural language input, wherein: the generative AI application accesses publicly available information as well as data sources associated with the monitoring tool; and the response is generated based at least in part on information contained in the data sources associated with the monitoring tool.

Abstract: Methods and systems for AP location based content presentation are provided. According to one embodiment, a web service receives from a widget executing within a web page requested by a wireless computing device of multiple wireless computing devices operating within an enterprise, a unique identifier of the wireless computing device. An access point (AP) identifier is determined for an AP of multiple APs of the enterprise that is servicing the wireless computing device by querying a log database with the unique identifier. AP specific content is displayed within the web page as a result of the web service retrieving the AP specific content from a content database based on the AP identifier and returning the AP specific content to the widget.

Abstract: An illustrative method includes generating, based on log data associated with at least one user session in a network environment associated with a user, a logical graph, wherein the logical graph comprises: (1) a first node corresponding to the user, (2) a plurality of additional nodes, and (3) a set of edges connecting the first node to one or more of the additional nodes, wherein each edge in the set of edges represents a change in behavior of the user; using the logical graph to detect an anomaly, wherein detecting the anomaly includes determining that a change has been made to at least one edge included in the set of edges; and generating, in response to detecting the anomaly, an alert.

Abstract: Various embodiments provide systems and methods for automating an SD-WAN setup process.

Abstract: Various embodiments provide systems and methods for identifying malicious files based upon file structure.

Abstract: Systems, methods, and apparatuses enable one or more security microservices to resolve the disparate impact of security exploits to resources within a resource group. When a resource group is determined to be impacted by a security exploit, the one or more security microservices determines whether the members of the resource group are disparately impacted. In response, the one or more security microservices splits the resource group into an impacted resource group and a non-impacted resource group and applies exploit mitigation to the resource group members in the impacted resource group. When the one or more security microservices determine that the resource group members of the split resource group are no longer disparately impacted, the one or more security microservices combine the impacted resource group and the non-impacted resource group back into a single resource group.

Abstract: Systems, devices, and methods are discussed for identifying possible improper file accesses by an endpoint device. In some cases an agent is placed on each system to be surveilled that records the absolute paths for each file accessed for each user. This information may be accumulated and sent to a central server or computer for analysis of all such file accesses on a user basis. In some cases, a file access tree is created, and in some implementations be pruned of branches and leaves if deemed to be duplicates or very similar to other branched and leaves via a Levenshtein distance threshold. The resulting tree's edges may be scaled in particular implementations based on the deviation of a user's file accesses from their sphere of permissions. A variance metric may be computed from the final tree's form to capture the user's access patterns.

Abstract: A downstream wired port receives network packets over the at least one or more downstream wired port. An upstream routing table, responsive the failure of the at least one of the one or more upstream wired ports, in this embodiment, determines whether a valid route for the network packets exists over the upstream network device. The upstream routing table, responsive to determining that a valid route exists, redirects the network packets for the failed upstream wired port to the upstream Wi-Fi port.

Abstract: An adaptive TTL model is generated from connection events, based on varying flight delay times for connecting the device manager to a plurality of managed devices. During a connection event for any of the plurality of managed devices, a TTL value is automatically chosen for the connection event from the adaptive TTL model.

Abstract: From deep packet inspection, it is determined whether each of the plurality of network devices is part of the IT segment or the OT segment by examining a physical network address, a data type and a network protocol of one or more of the network packets. A network hierarchy is dynamically generated that maps the IT segment with interconnected IT levels having IT devices relative to the OT segment with interconnected OT levels having OT devices. A plurality of security zones is set up from the IT layout and the OT layout. Each of the plurality of security zones has a corresponding one or more security zone policies. The network hierarchy is output and overlaid with the plurality of security zones for display to a user.

Abstract: Various embodiments provide systems and methods for visually displaying an developing attack in a computer network based at least in part on historical information.

Abstract: Various embodiments provide systems and methods for granting/denying access to network security services to a plurality of service requesters.

Abstract: A web request to the web browser is intercepted by the web browser extension to determine whether information is synchronously available to evaluate the web request. Responsive to not having information for synchronous evaluation, the web request is redirected to display a gateway page while asynchronous obtaining information from an external information provider server, the request tracked with a request identifier and storing the asynchronously gathered information for synchronous access along with the request identifier. Responsive to an automated notification from the web browser extension, the web request is reissued to the web browser by the gateway page to replace the gateway page with response content from the web request. The reissued web request is again intercepted by the web browser extension to synchronously evaluate the gathered information. The reissued web request is then based on the fetched.

Abstract: Various embodiments provide systems and methods for identifying malicious network behavior based upon historical analysis.

Abstract: A plurality of access points synch with a first synch event to establish a first predefined time interval for periodically sending STA reports. Responsive to detecting the new access point, each of the plurality of access points is resynched by sending a second sync event to establish a second predefined time interval for periodically sending STA reports. A real-time mapping can be displayed of the station using a first location at a first instance, as initially synched, and a second location at the second instance, as resynched.

Abstract: Web requests are intercepted and it is determined whether information is synchronously available to evaluate the web request. Responsive to not having information for synchronous evaluation, the web request can be redirected to a parking service to asynchronously obtain information to evaluate the web request. A response from the redirected web request including information for evaluation is received and stored. Then, web requests are reissued for synchronously evaluation by the browser. A decision can be made to allow, redirect, or block, based on the retrieved information.

Abstract: Various embodiments provide systems and methods for detecting and/or stopping lateral movement between endpoint devices by malicious actors.

Abstract: Various approaches for providing scalable network access processing. In some cases, approaches discussed relate to systems and methods for providing scalable zero trust network access control.