Abstract: A system and a method for modeling queue-based message-oriented middleware (MoM) are provided. The method commences with connecting with a MoM system and converting information associated with the MoM system into a standardized object model. The standardized object model may include a queue-based node, at least one producer application, and at least one consumer application. The at least one producer application provides a message to the queue-based node. The at least one consumer application receives the message from the queue-based node. The message persists in the queue until consumed by the at least one consumer application. The method continues with generating a standardized graph of relationships between a producer and a consumer over a period of time. The method further includes creating a policy, periodically analyzing the standardized graph for at least one deviation from the policy, and issuing an alert in response to detecting the at least one deviation.

Abstract: Methods and systems for managing security in a cloud computing environment are provided. Exemplary methods include: gathering data about workloads and applications in the cloud computing environment; updating a graph database using the data, the graph database representing the workloads of the cloud computing environment as nodes and relationships between the workloads as edges; receiving a security template, the security template logically describing targets in the cloud computing environment to be protected and how to protect the targets; creating a security policy using the security template and information in the graph database; and deploying the security policy in the cloud computing environment.

Abstract: A system and a method for modeling topic-based message-oriented middleware (MoM) are provided. The method commences with connecting with a MoM system and converting information associated with the MoM system into a standardized object model. The standardized object model may include a topic-based node associated with a topic, at least one producer application, and at least one consumer application. The at least one producer application provides one or more messages related to the topic to the topic-based node. The at least one consumer application receives the one or more messages from the topic-based node. The method continues with generating a standardized graph of relationships between producers and consumers over a period of time. The method further includes creating a policy, periodically analyzing the standardized graph for at least one deviation from the policy, and issuing an alert in response to detecting the at least one deviation.

Abstract: Systems and methods for assessing an application access risk are provided. An example method commences with collecting data concerning relationships between an application, one or more client devices, and one or more users in a computing environment. The method includes updating a graph database including nodes and edges. The nodes represent the application, the one or more client devices, and the one or more users and the edges represent relationships between the application, the one or more client devices, and the one or more users. The method continues with enriching the graph database by associating the nodes with metadata including information concerning the one or more users accessing the application from the one or more client devices. The method further includes analyzing the graph database to identify a subset of nodes used to access the application and displaying a graphical representation of the subset of nodes.

Abstract: Systems and methods for a relationship-based search in a computing environment are provided. An example method includes providing a graph database. The graph database includes nodes representing workloads of the computing environment and edges representing relationships between the nodes. The method also includes enriching the graph database by associating the nodes with metadata associated with the nodes and the relationships. The method also includes receiving a user query including data associated with at least one of the metadata and the relationships. The method also includes determining, based on the user query, a subset of the nodes in the graph database and a subset of relationships between the nodes in the subset of the nodes. The method also includes displaying, via a graphical user interface, a graphical representation of the subset of the nodes and relationships between the nodes in the subset of the nodes.

Abstract: Methods and systems for understanding identity and organizational access to applications within an enterprise environment are provided.

Abstract: Methods and systems for managing security in a cloud computing environment are provided. Exemplary methods include: gathering data about workloads and applications in the cloud computing environment; updating a graph database using the data, the graph database representing the workloads of the cloud computing environment as nodes and relationships between the workloads as edges; receiving a security template, the security template logically describing targets in the cloud computing environment to be protected and how to protect the targets; creating a security policy using the security template and information in the graph database; and deploying the security policy in the cloud computing environment.

Abstract: Methods and systems for validating security policy in a cloud computing environment are provided. An example method includes providing a graph database, the graph database representing workloads of the cloud computing environment as nodes and relationships between the workloads as edges, receiving a security policy, the security policy logically describing rules for the relationships between the workloads, determining, based on the security policy and the graph database, a list of violations, the list of violations including at least one relationship from the relationships between the workloads in the graph database, the at least one relationship being not allowed by at least one of the rules in the security policy, and providing the list of violations to a user.

Abstract: Methods and systems for managing security in a cloud computing environment are provided. Exemplary methods include: receiving a target, the target specifying workloads of a plurality of workloads to be included in the security policy, the plurality of workloads being associated with the cloud computing environment; identifying nodes and edges in the graph database using the target, the graph database representing the plurality of workloads as nodes and relationships between the plurality of workloads as edges; getting a security intent, the security intent including a high-level security objective in a natural language; obtaining a security template associated with the security intent; and applying the security template to the identified nodes and edges to produce security rules for the security policy, the security rules at least one of allowing and denying communications between the target and other workloads of the plurality of workloads.

Abstract: Methods and systems for reliability prediction of security policies in a cloud computing environment are provided. An example method includes providing a graph database representing workloads of the cloud computing environment as nodes and relationships between the workloads as edges, the relationships being associated with points in time, receiving a security policy including rules for the relationships between the workloads, generating a plurality of earliest points in time based on the rules and the graph database, wherein generating the plurality of earliest points in time includes: determining, for each rule of the rules, a subset of the relationships in the graph database such that each of the subset of the relationships matches the rule, and selecting an earliest point in time from points in time associated with relationships from the subset, and analyzing the plurality of earliest points in time to determine a reliability score for the security policy.

Abstract: Systems and methods for machine learning and adaptive optimization are provided herein. A method includes continually receiving input that is indicative of client events, including client behaviors and respective outcomes of software trials of a product maintained in a database, continually segmenting open opportunities using the client behaviors and respective outcomes, continually scoring and prioritizing the open opportunities using the client behaviors and respective outcomes for targeting and re-targeting, continually adjusting targeted proposals to open opportunities and sourcing in prospects based on a targeting scheme, continually presenting targeted offers to create expansion opportunities and updating a product roadmap of the product using the open opportunities, the product roadmap including technical specifications for the product.

Abstract: Computer-implemented methods and apparatuses for recursive multi-layer examination for computer network security remediation may include: identifying one or more first communications originating from or directed to a first node; identifying at least one of a protocol and an application used for each of the one or more first communications; examining each of the one or more first communications for malicious behavior; receiving a first risk score for each of the one or more first communications responsive to the examining; determining the first risk score associated with one of the one or more first communications exceeds a first predetermined threshold; and indicating the first node and a second node in communication with the first node via the one of the one or more first communications are malicious. Exemplary methods may further include: providing the identified malicious nodes and communications originating from or directed to the malicious nodes.

Abstract: Methods, systems, and media for producing a firewall rule set are provided herein. Exemplary methods may include receiving a declarative policy associated with a computer network security policy; collecting information from at least one external system of record; generating a firewall rule set using the declarative policy and information, the firewall rule set including addresses to or from which network communications are permitted, denied, redirected or logged, the firewall rule set being at a lower level of abstraction than the declarative policy; and provisioning the firewall rule set to a plurality of enforcement points of a distributed firewall, the firewall selectively policing network communications among workloads using the firewall rule set.

Abstract: A network system includes a first network access device having an input/output (IO) module of a firewall to capture a packet of a network session originated from a first node associated with the first network access device, a first security device having a firewall processing module to determine based on the captured packet whether the first node is a destination node that is receiving VM migration from a second node that is associated with a second network access device. The first security device is to update a first flow table within the first network access device. The network system further includes a second security device to receive a message from the first security device concerning the VM migration to update a second flow table of the second network access device, such that further network traffic of the network session is routed to the first node without interrupting the network session.

Abstract: Methods, systems, and media for security in virtualization, bare-metal server, and cloud computing environments are provided herein.

Abstract: Systems and methods for improving analytics in a distributed network are described herein. An example system includes at least one processor, an analytics module, and a security policy module. The security policy module is operable to define a security policy. The security policy is executed by the processor on a network packet. Furthermore, the processor collects network information from the network packet. The analytics module is operable to analyze the network information with additional group information from the security policy. The analysis is used by the processor to generate the result. Based on the generated result, the security policy module updates the security policy.

Abstract: Systems and methods for improving data communications between intra-server virtual machines are described herein. An example method may commence with receiving, from a first virtual machine, a data packet directed to a second virtual machine, routing the data packet via an external routing environment, and receiving the data packet allowed for delivery to the second virtual machine. Based on the receipt, it may be determined that a data flow associated with the data packet is allowed, and a unique identifier of the first virtual machine may be replaced with a first unique identifier and a unique identifier of the second virtual machine may be replaced with a second unique identifier. The first and second unique identifiers may be associated with corresponding interfaces of the intra-server routing module and used to direct the data flow internally within the server between the first virtual machine and the second virtual machine.

Abstract: Systems for providing security to distributed microservices are provided herein. In some embodiments, a system includes a plurality of microservices, each of the plurality of microservices having a plurality of distributed microservice components. At least a portion of the distributed microservice components execute on different physical or virtual servers in a data center or a cloud. The system also includes a plurality of logical security boundaries, with each of the plurality of logical security boundaries being created by a plurality of enforcement points positioned in association with the plurality of distributed microservice components. Each of plurality of microservices is bounded by one of the plurality of logical security boundaries.

Abstract: Context aware microservice networks and contextual security policies for microservice networks are provided herein. In some embodiments, a system includes a plurality of microservices, each of the plurality of microservices having a plurality of distributed microservice components. At least a portion of the distributed microservice components execute on different physical or virtual servers in a data center or a cloud. The system also includes a plurality of logical security boundaries, with each of the plurality of logical security boundaries being created by a plurality of enforcement points positioned in association with the plurality of distributed microservice components. Each of plurality of microservices is bounded by one of the plurality of logical security boundaries.

Abstract: Systems for providing scanning within distributed services are provided herein. In some embodiments, a system includes a plurality of segmented environments that each includes an enforcement point that has an active probe device, and a plurality of workloads that each implements at least one service. The system also has a data center server coupled with the plurality of segmented environments over a network. The data center server has a security controller configured to provide a security policy to each of the plurality of segmented environments and an active probe controller configured to cause the active probe device of the plurality of segmented environments to execute a scan.