Abstract: An outbound packet is detected from a client device of a first spoke destined to a client device of a second spoke over SD-WAN through a hub connecting the first and second spokes with IPSec tunneling. The first spoke is on a local enterprise network, the second spoke is on a remote enterprise network and the hub is on wide area network, and each of the first spoke, the second spoke and the hub are each ADVPN2.0 compatible. Responsive to the detection, a health check is performed on the remote spoke. A path is selected between a local NAT device of multiple NAT devices of the first spoke and a remote NAT device of the multiple remote NAT devices of the second spoke, based on link quality data of the response. A NAT hole is punched between a selected local NAT and a selected inbound NAT and an IPSec tunnel is established, independent of the hub.

Abstract: An Operational Technology (OT) device database is trained by interrogating physical OT devices over the data communication network, and from responses, generating a profile for each interrogated physical OT device, each profile comprising at least data used to set up decoy OT devices that are virtualized to mirror each interrogated physical OT device. A list of local physical OT devices running on a remote private network is received from a specific deception appliance on the remote private network. OT device profiles are selected from the OT device database based on the list of local physical OT devices. The selected OT device profiles are transmitted to the specific deception appliance, at the remote private network. The specific deception appliance maintains VM machines for running decoy OT devices, based on the selected OT device profiles, on the remote private network.

Abstract: Systems and methods for adjusting the behavior of an endpoint security agent based on a network location are provided. According to an embodiment, an agent of an endpoint device detects whether the endpoint has moved to a new network by monitoring for changes to an IP address associated with the endpoint. When the detecting is affirmative, the agent further determines whether a trusted network determination service associated with a cloud-based security service is reachable. When the determining is affirmative, the agent further identifies whether the new network is among a set of trusted networks that have been previously registered with the cloud-based security service by querying the trusted network determination service. When the identifying is affirmative, a particular security feature on the endpoint is configured for operation within a trusted network and when the identifying is negative, the particular security feature is configured for operation outside of a trusted networks.

Abstract: Various embodiments provide systems and methods for reordering processed network traffic.

Abstract: Reducing amounts of data ingested into a data warehouse, including: determining a duration associated with a subject described by event data provided to a data ingestion pipeline; determining, based on the duration, an interval for providing next event data; and providing, based on the interval, the next event data.

Abstract: A SSH (secure shell) public key is received from a client device 120 120 on the enterprise network, and an EMS device 140 is queried based on the SSH public key. Responsive to confirmation of registration from the EMS server, an authentication certificate based on a user and the client device 120 120 is generated. An SSH session is initiated on behalf of the client device 120 120 including submitting the certificate and the SSH public key from the client device 120 120 to the external server.

Abstract: Responsive to receiving uplink traffic from a specific edge client on the edge client table, in-service monitoring for frame retries and collisions associated with the specific edge client is performed. Responsive to detecting that a rate of frame retries and collisions exceed a threshold, a BSS color change announcement frame is transmitted to the specific edge client comprising a second color. The BSS color change announcement directs the specific edge client to contend for medium access based on preambles observed from a specific overlapping BSS associated with the second BSS color rather than its home BSS. The default color can be restored after the uplink.

Abstract: A source node from the cluster of nodes, responsive to receiving the file sharing command from other applications on the same node (e.g., on a virtual machine in the cluster of nodes), copies the shared file to a source workspace directory and compress, and then copy the compressed file to the file sync database. The command comprises a configuration template with file retrieval information. A target node from the cluster of nodes, listens for commands from other nodes in the cluster of nodes. Responsive to receiving the file sharing command, the compressed file is copied from the file sync database to a target workspace directory and decompress, and then copy the shared file to node.

Abstract: A station initiates fast BSS transition by a station from the source access point to the target access point. The target access point detects a failure by the Wi-Fi controller to retrieve a PMK-RO key for a requested PMKROName is detected. The PMKROName is parsed from an authentication request of the station. The failure can result in requiring a fresh BSS connection by the station. Responsive to the failure detection, a PMK-RO key is generated in cooperation with the Wi-Fi controller, to prevent requiring the fresh BSS connection. The PMK-R0 key further helps to support fast transition between access points.

Abstract: Multiple types of lines are made simultaneously available, including a Wi-Fi link, a cell link and a wired link. A list of running cloud applications is identified by monitoring A quality of each available link for each running cloud application is periodically tested, including measurements of latency, jitter and packet loss. A first link is selected for a first application and a second link is selected for a second application. Data packets related to the first application are transmitted over a first link and data packets related to the second application over the second link.

Abstract: Scan reports are received by a Wi-Fi controller from a plurality of access points. Each scan report identifies neighboring BSSIDs with associated BSS-color within radio range and corresponding RSSI measurements. An OBSS can be detected by cross referencing scan reports. BSS color us modified to avoid a potential BSS collision. A station associated the potential BSS collision reports actual color collisions. An indication of the BSS color change is transmitted to one or more access points for local implementation.

Abstract: Techniques relate generally to computer networks, and more specifically, for a web browser having a web browser extension for evaluating web requests using internal coordination to make asynchronous information synchronously available, prior to dispatching the web requests.

Abstract: A secure connection is established between an IAM server on a data communication network and an on-premises active directory using a zero trust tunnel based on TCP forwarding. An authentication request is received from a gateway device, for the user to access a service provider hosting applications, responsive to a user request for access to the service provider hosting applications. Responsive to recognizing the user of the authentication request being associated with the established SSO session, an assertion is returned to the gateway that the user is authenticated to access the service provider. An authentication request is received from the service provider, for access to a specific application. Responsive to the group information associated with the user, an assertion is returned to the service provider that user is authenticated for use of the specific application.

Abstract: During an initial bootup in a bootloader of an SOC, a random number that is unique to the device is stored in secured storage. During a first bootup, a two-dimensional random key is stored in secure storage for encoding the ENV parameters. During a second (subsequent) bootup, the ENV parameters that are current in unsecured storage are compared against the ENV parameters that previously existed in order to identify a mismatch. A remediation security action can be taken responsive to a mismatch between the baseline digest and a dynamic digest.

Abstract: Native Browser Isolation (NBI) distributes resource requirements over the network of clients that will be hosting a web browser. This works over the assumption that modern machines have the spare resources to run an isolated browser environment themselves, thus, not requiring a central mainframe to run the browser isolation (BI) system. The framework will provide means to run the browser in a separate environment from the host OS, provide graphic rendering for the isolated environment, as well as a mean to display the isolated graphics to the user as if it was a native application of the host OS.

Abstract: An uplink utilization is monitored for each station connected to an access point over a wireless network, including jitter, latency, and dropped packets. Uplink utilization is monitored for access points that are neighbors to the access point, as determined from neighbor reports. An AI model is generated from monitoring data. When an uplink threshold of the access point has been exceeded at the access point. A new access point is selected from the AI model for at least one of the stations based at least on a least used uplink in addition to RF parameters.

Abstract: Real-time statistics of station RU needs are received. Additionally, real-time statistics of access point RU allocation are received. Real-time statistics for stations and access point history are stored. An artificial intelligence (AI) predictive model is generated for each station based on historical traffic needs. AI model to allocate access point RUs for specific stations in real-time.

Abstract: A processor has hardware acceleration enabled during passive link quality measurement. The processor comprises a forwarding engine to passively gather link quality details from existing network sessions concerning a plurality of links. The link quality details comprise latency, jitter and packet loss. An SD-WAN path selection module identifies a link from the plurality of links for data packets of a current session using the link quality details.

Abstract: A specific container is spawned by a docker module responsive to Kebernetes control instruction. Network connectivity is provided for the specific container to a data communication network through a networking bridge and a security policy is configured. After configuration, inbound or outbound data packets concerning the specific container are received and forwarded to a security policy KVM for scanning against security policies. Those that pass security scanning are forwarded to containers and external destinations.

Abstract: Using user feedback for attack path analysis in an anomaly detection framework, including: performing an attack path analysis for a cloud deployment; receiving, from a user, user feedback for an attack vector of the attack path analysis; and initiating, based on the user feedback, a workflow for modifying one or more parameters for generating the attack path analysis.