Abstract: System, methods, and apparatuses used to monitor network traffic of a datacenter and report security threats are described. For example, one embodiment selects a first microservice of a first hierarchy, configures the microservices of a second lower-level hierarchy to remove the first microservice from load balancing decisions to the first hierarchy, moves the first microservice to another server, configures data plane connectivity to the first microservice to reflect a change in server, and configures the microservices of the second hierarchy to include the first microservice in load balancing decisions to the first hierarchy.

Abstract: Systems, methods, and apparatuses enable a microservice-based application to dynamically update components of the system without disrupting messaging occurring between microservices in the system. Microservices of a microservice-based application store data indicating mappings between data object versions and message object versions and which is used update system components in a controlled manner. As used herein, a data object generally refers to any data generated by a microservice and that can be sent to one or more other microservices using a publish-subscribe messaging pattern or other messaging architecture. A message object refers to data used to encapsulate one or more data objects and used to send the data object from one component to another in the system.

Abstract: Systems, methods, and apparatuses enable an interface microservice to intercept and filter network traffic generated by virtual machines (VMs) and routed by a virtual switch (vSwitch). A vSwitch receiving network packets from the VMs is configured to route network packets to the interface microservice via a generated VLAN trunk. The interface microservice can retrieve and apply stored packet filters to the network packets intercepted by the microservice. If an intercepted network packet matches any of the applied packet filters, the interface microservice can perform various security operations, send the network packets to another microservice for security processing, or perform any other operations. For network packets which do not match a packet filter, the interface microservice forwards the packets to the originally intended destination.

Abstract: Systems, methods, and apparatuses enable to enable the insertion and configuration of interface microservices at servers or other types of computing devices in a computing environment in response to changes to security policies affecting one or components of the computing environment. In one embodiment, a security application detects servers in a computing environment and generates profile data for the detected servers. The security application assigns detected servers to security policy groups by applying a set of filters to the generated profile data for each server in an order specified by a set of precedence rules. The security policy groups are each associated with one or more security policies that define security rules and other configurations used to provide security services to servers that are members of the corresponding security policy group.

Abstract: A system, method, and non-transitory computer-readable relating to network security are disclosed. In particular, embodiments described generally relate to systems and methods of stateless processing in a fault-tolerant microservice environment. In one example, a method is disclosed, which includes transmitting, by a first microservice, packet data and a context associated therewith; receiving the packet data and the context by a second microservice, the second microservice to: use the context to determine what security processing to perform, perform the security processing over the packet data, and transmit resulting data and the context to a third microservice; and receiving the resulting data and the context by the third microservice, the third microservice to: use the context to determine what security processing to perform, and perform the security processing over the resulting data.

Abstract: System, methods, and apparatuses enable a network security system to more efficiently perform pattern matching against data items. For example, the disclosed approaches may be used to improve the way in which a deep packet inspection (DPI) microservice performs pattern matching against data items (e.g., network traffic, files, email messages, etc.) in order to detect various types of network security threats (e.g., network intrusion attempts, viruses, spam, and other potential network security issues). A DPI microservice generally refers to an executable component of a network security system that monitors and performs actions relative to input data items for purposes related to computer network security.

Abstract: Systems and methods are described herein generally relating to network security, and in particular, embodiments described generally relate to real-time configurable load determination. For example, a method is disclosed, which calls for receiving a request to perform a security service, performing the security service on data included with the request; calculating a service load associated with and during the performing the security service, and transmitting a response to the request, wherein the response includes the calculated service load.

Abstract: System, methods, and apparatuses used to monitor network traffic of a datacenter and report security threats are described. For example, one embodiment selects a first microservice of a first hierarchy, configures the microservices of a second lower-level hierarchy to remove the first microservice from load balancing decisions to the first hierarchy, moves the first microservice to another server, configures data plane connectivity to the first microservice to reflect a change in server, and configures the microservices of the second hierarchy to include the first microservice in load balancing decisions to the first hierarchy.

Abstract: Systems, methods, and apparatuses enable a network security system to more efficiently process and respond to events generated by hypervisors and other associated components of a networked computer system. In this context, a hypervisor event refers broadly to any action that occurs related to one or more components of a hypervisor (including the hypervisor itself, virtual servers hosted by the hypervisor, etc.) and/or to data identifying the occurrence of the action(s) (e.g., a log entry, a notification message, etc.). A security service obtains and analyzes event data from any number of different types of hypervisors, where each different type of hypervisor may represent events differently and/or make event data accessible in different ways, among other differences.

Abstract: Systems, methods, and apparatuses enable optimizing a size of computer threat signature libraries used by computer security applications to detect potential occurrences of computer and network security threats. In an embodiment, a threat signature is a pattern used by a computer security application to detect instances of potential security threats. A threat signature library is a collection of individual threat signatures, the library used in conjunction with a threat library to enable detecting a range of threats to computing devices and networks (e.g., various known viruses, malware, spam, types of network-based attacks, etc.). Based on profile information collected for a computing device, a security orchestrator optimizes the size of security threat signature libraries to be used to provide security services to the device.

Abstract: Systems and methods are described herein generally relating to network security, and in particular, embodiments described generally relate to systems and methods for selecting microservices to process protocol data streams. For example, a method is disclosed, which calls for receiving a protocol packet, the protocol packet comprising a sequence number, generating a difference by subtracting a protocol message base from the sequence number, generating a first quotient by dividing the difference by a protocol common message length, generating a second value using the first quotient, determining a Transmission Control Protocol (TCP) reassembly resource using the generated second value, and transmitting the protocol packet to the determined TCP reassembly resource.

Abstract: Systems and methods are described herein generally relating to network security, and in particular, embodiments described generally relate to real-time configurable load determination. For example, a method is disclosed, which calls for receiving a request to perform a security service, performing the security service on data included with the request; calculating a service load associated with and during the performing the security service, and transmitting a response to the request, wherein the response includes the calculated service load.

Abstract: A system, method, and non-transitory computer-readable relating to network security are disclosed. In particular, embodiments described generally relate to systems and methods of stateless processing in a fault-tolerant microservice environment. In one example, a method is disclosed, which includes transmitting, by a first microservice, packet data and a context associated therewith; receiving the packet data and the context by a second microservice, the second microservice to: use the context to determine what security processing to perform, perform the security processing over the packet data, and transmit resulting data and the context to a third microservice; and receiving the resulting data and the context by the third microservice, the third microservice to: use the context to determine what security processing to perform, and perform the security processing over the resulting data.

Abstract: System, methods, and apparatuses enable a network security system to more efficiently perform pattern matching against data items. For example, the disclosed approaches may be used to improve the way in which a deep packet inspection (DPI) microservice performs pattern matching against data items (e.g., network traffic, files, email messages, etc.) in order to detect various types of network security threats (e.g., network intrusion attempts, viruses, spam, and other potential network security issues). A DPI microservice generally refers to an executable component of a network security system that monitors and performs actions relative to input data items for purposes related to computer network security.

Abstract: System, methods, and apparatuses enable a network security system to more efficiently perform pattern matching against data items. For example, the disclosed approaches may be used to improve the way in which a deep packet inspection (DPI) microservice performs pattern matching against data items (e.g., network traffic, files, email messages, etc.) in order to detect various types of network security threats (e.g., network intrusion attempts, viruses, spam, and other potential network security issues). A DPI microservice generally refers to an executable component of a network security system that monitors and performs actions relative to input data items for purposes related to computer network security.

Abstract: System, methods, and apparatuses used to monitor network traffic of a datacenter and report security threats are described. For example, one embodiment selects a first microservice of a first hierarchy, configures the microservices of a second lower-level hierarchy to remove the first microservice from load balancing decisions to the first hierarchy, moves the first microservice to another server, configures data plane connectivity to the first microservice to reflect a change in server, and configures the microservices of the second hierarchy to include the first microservice in load balancing decisions to the first hierarchy.

Abstract: Systems and methods are disclosed that relate to network security to monitor and report threats in network traffic of a datacenter. For example, one embodiment discloses a method of receiving, by a first security microservice, a first channel data encapsulation packet encapsulating a first encapsulation context and a first encapsulated data, performing a security service on the first encapsulated data using the first encapsulation context, transmitting by the first security microservice a second channel data encapsulation packet to a second security microservice, wherein the second channel encapsulation packet comprises a request for security services, receiving by the first security microservice a response from the second security microservice comprising a second security microservice context, a second security microservice timestamp, and a second security microservice load.

Abstract: System, methods, and apparatuses used to monitor network traffic of a datacenter and report security threats are described. For example, one embodiment scales out a hierarchy of microservices in a security system. In particular, the embodiment calls for scaling out a hierarchy of microservices in such a security system, creating a new microservice of a first hierarchy, configuring data plane connectivity between the new microservice and a microservice of a second, higher-level hierarchy; configuring data plane connectivity between the new microservice and a microservice of a third, lower-level hierarchy; and configuring the microservices of the third level of hierarchy to include the new microservice in load balancing decisions to the first hierarchy.