Abstract: Embodiments index entities and attributes for policy enforcement. A plurality of policies and a plurality of entities may be collected for a computing environment. Indexes may be obtained based on features of the plurality of entities such that each entry in the indexes may be associated with a feature of an entity and portions of the plurality of policies. An authorization request may be employed to: collect authorization attributes based on the authorization request; collect index entries from the indexes based on the authorization attributes such that the authorization attributes correspond to entity features associated with the index entries; collecting policies based on the index entries such that each policy may be associated with at least one index entry.

Abstract: Embodiments detect anomalous activity in networks. Events may be generated based on an activity observed in a monitored network such that each event includes values associated with the activity. High dimensional event vectors may be generated by embedding based on the events and the values included in each event. Anomalous events may be determined based on detection models trained with a cluster of events associated with the high dimensional event vectors such that each anomalous event may correspond to a high dimensional event vector compared to conditions declared in the detection models and such that each anomalous event may be associated with a priority score or a confidence score. A user interface that displays a report that includes the anomalous events may be generated and arranged based on the priority score, the confidence score, a user selected preference, feedback metrics associated with the user interface, or the like.

Abstract: Embodiments generate state elements based on application requests from a client. The state elements may be enqueued in a state queue associated with an application session for an application requests and the application requests may be forwarded to the application. Application responses from the application may be employed to perform further actions, including: generating message elements based on the application responses such that the message elements may be enqueued in a message queue associated in the application session; determining a portion of the state elements in the state queue that may be associated the message elements; updating the portion of the state elements to advance a protocol state based on the message elements such that the application responses may be communicated to the client.

Abstract: Embodiments are directed to managing access to network resources. A first mesh agent may be configured to provide a client with access to a resource via an overlay network. The first mesh agent may determine an identity and an activity associated with requests such that the identity corresponds to an entity that may be authenticated to access the overlay network and the resource. A policy container associated with the activity may be determined based on characteristics of the requests such that the policy container may include policies associated with the activity. The requests may be validated based on the policies included in the policy container such that the validated requests may be forwarded to the resource and invalidated requests may be discarded and such that persistence of the connection may be maintained during the validation.

Abstract: Embodiments evaluate security policies in aggregate. An aggregate authorization request may be generated based on a query from applications. Policies may be determined based on the aggregate authorization request such that each policy may include constraints or conditions associated with enabling or disabling activities. Variable fields may be iterated over to perform further actions, including: determining a variable field and a portion of the values that may be associated with the variable field based on the iteration; generating partial authorization requests based on the aggregate authorization request, the variable field, the portion of values; evaluating the policies based on each partial authorization request such that policies may be dismissed based on the evaluation. A response to the query that includes authorization answers may be generated based on each remaining policy.

Abstract: Embodiments are directed to managing interactions with applications. A plurality of interactions with the application that are enforced by the native security policies may be determined. A virtual policy interface may be generated to collect information associated with a plurality of other interactions with the application that may be unassociated with the native security policies. A virtual policy engine may be employed to perform further actions, including: determining activities based on the collected information associated with the plurality of other interactions; determining virtual security policies associated with the plurality of other interactions based on the activities.

Abstract: Embodiments generate state elements based on application requests from a client. The state elements may be enqueued in a state queue associated with an application session for an application requests and the application requests may be forwarded to the application. Application responses from the application may be employed to perform further actions, including: generating message elements based on the application responses such that the message elements may be enqueued in a message queue associated in the application session; determining a portion of the state elements in the state queue that may be associated the message elements; updating the portion of the state elements to advance a protocol state based on the message elements such that the application responses may be communicated to the client.

Abstract: Mesh agents for an overlay network may be provided such that each mesh agent may be hosted on network computers in the overlay network. In response to a network interface providing raw datagrams to a mesh agent in the overlay network further actions may be performed, including: determining a payload protocol based on the raw datagrams; determining payload datagrams included in the raw datagrams based on the payload protocol; determining a request from a client based on the payload datagrams and the payload protocol; or the like. In response to an infrastructure security computer determining validation information that validates the request further actions may be performed, including: modifying the payload datagrams based on the payload protocol and the validation information; modifying the raw datagrams to include the modified payload datagrams; forwarding the modified raw datagrams to a next mesh agent identified with the validation information; or the like.

Abstract: Embodiments are directed to connection revocation in overlay networks. An overlay network may be employed to provide secure tunnels between clients and resources. In response to a privilege evaluation event, performing further actions, including: determining sessions associated with the secure tunnels; determining users and a portion of the resources based on the sessions such that each determined user and each determined resource are associated with a same session; comparing privilege information associated with each determined user with privilege requirements associated with each determined resource. In response to determining one or more mismatches of the privilege information and the privilege requirements based on the comparison, performing further actions, including: determining revocable sessions based on the mismatches; providing revoke messages to agents such that the agents close connections associated with the revocable sessions.

Abstract: Mesh agents for an overlay network may be provided such that each mesh agent may be hosted on network computers in the overlay network. In response to a network interface providing raw datagrams to a mesh agent in the overlay network further actions may be performed, including: determining a payload protocol based on the raw datagrams; determining payload datagrams included in the raw datagrams based on the payload protocol; determining a request from a client based on the payload datagrams and the payload protocol; or the like. In response to an infrastructure security computer determining validation information that validates the request further actions may be performed, including: modifying the payload datagrams based on the payload protocol and the validation information; modifying the raw datagrams to include the modified payload datagrams; forwarding the modified raw datagrams to a next mesh agent identified with the validation information; or the like.

Abstract: Embodiments are directed to managing and monitoring endpoint activity in secured networks. In response to a client request being provided to an agent associated with the resource server. A driver associated with the resource server may be determined based on the client request. The client request may be provided to the resource server via a second network connection. Responses from the resource server may be provided to a server-tee module such that the server-tee module provides a copy of the responses to the server-handler module; employing the server-handler module to generate log information based on the copied responses; employing the server-tee module to modify the responses from the resource server such that the responses are forwarded to the client via the first network connection over the overlay network; or the like.

Abstract: Embodiments are directed to credential management for distributed services. A plurality of mesh agents for an overlay network may be provided such that the overlay network may be employed to provide a secure tunnel between a client and a resource server. If client request that requires user credentials is provided to a mesh agent associated with the resource server, credential instructions may be provided to the mesh agent and the credential instructions may be employed to determine credential information that enables access to the resource server. The mesh agent may be employed to communicate the client request and the credential information to the resource server; determining a response to the client request from the resource server; employing the mesh agent to receive a response to the client request from the resource server and forwarded to the client over the overlay network.

Abstract: Embodiments are directed to declaring network policies using natural language. A policy statement for the management of the network resources may be generated based on a statement. A prompt dataset may be generated for large language models based on the policy statement and a prompt template. In response to providing the prompt dataset to train the large language models further actions may be performed, including: generating a candidate configuration profile based on information provided by the trained large language models such that the candidate configuration profile may include field names or field values that may be associated with providing the management of the network resources; in response to validation of the candidate configuration profile for the management of the network resources, the validated candidate configuration profile may be provided to an infrastructure security computer (ISC) such that the ISC updates network policies based on the validated candidate configuration profile.

Abstract: Embodiments are directed to connection revocation in overlay networks. An overlay network may be employed to provide secure tunnels between clients and resources. In response to a privilege evaluation event, performing further actions, including: determining sessions associated with the secure tunnels; determining users and a portion of the resources based on the sessions such that each determined user and each determined resource are associated with a same session; comparing privilege information associated with each determined user with privilege requirements associated with each determined resource. In response to determining one or more mismatches of the privilege information and the privilege requirements based on the comparison, performing further actions, including: determining revocable sessions based on the mismatches; providing revoke messages to agents such that the agents close connections associated with the revocable sessions.

Abstract: Embodiments are directed to managing and monitoring endpoint activity in secured networks. In response to a client request being provided to an agent associated with the resource server. A driver associated with the resource server may be determined based on the client request. The client request may be provided to the resource server via a second network connection. Responses from the resource server may be provided to a server-tee module such that the server-tee module provides a copy of the responses to the server-handler module; employing the server-handler module to generate log information based on the copied responses; employing the server-tee module to modify the responses from the resource server such that the responses are forwarded to the client via the first network connection over the overlay network; or the like.

Abstract: Embodiments are directed to managing access to network resources. Mesh agents for an overlay network may be provided. If a client requests access to a resource, a first mesh agent configured to provide the client with ingress to the overlay network may be determined. If a security engine validates the request received from the first mesh agent, a route from the client to the resource may be determined. A secure tunnel may be generated between the first mesh agent and a last mesh agent based on forwarding the request to mesh agents on the route. If the request is provided to the last mesh agent credential information for the resource may be provided to the last mesh agent and the last mesh agent, the request and the credential information may be employed to access the resource.

Abstract: Embodiments are directed to managing access to network resources. Mesh agents for an overlay network may be provided. If a client requests access to a resource, a first mesh agent configured to provide the client with ingress to the overlay network may be determined. If a security engine validates the request received from the first mesh agent, a route from the client to the resource may be determined. A secure tunnel may be generated between the first mesh agent and a last mesh agent based on forwarding the request to mesh agents on the route. If the request is provided to the last mesh agent credential information for the resource may be provided to the last mesh agent and the last mesh agent, the request and the credential information may be employed to access the resource.

Abstract: Embodiments are directed to credential management for distributed services. A plurality of mesh agents for an overlay network may be provided such that the overlay network may be employed to provide a secure tunnel between a client and a resource server. If client request that requires user credentials is provided to a mesh agent associated with the resource server, credential instructions may be provided to the mesh agent and the credential instructions may be employed to determine credential information that enables access to the resource server. The mesh agent may be employed to communicate the client request and the credential information to the resource server; determining a response to the client request from the resource server; employing the mesh agent to receive a response to the client request from the resource server and forwarded to the client over the overlay network.