Abstract: Systems and methods for utilizing Large Language Models (LLMs) for improving machine learning models in network and computer security include obtaining tabular data related to an aspect of networking and computer security; converting the tabular data to natural language for each row in the tabular data; inputting the natural language for each row in the tabular data into a Large Language Model (LLM); obtaining an output from the LLM for each row in the tabular data with embedded data therewith; and utilizing the output to train a machine learning model related to the aspect of networking and computer security.

Abstract: The present disclosure relates to systems and methods for in-transit protocol translation. Specifically, various approaches are described for translating protocols for intermediate networks in a way by which there is no need of support for encapsulation/decapsulation at the end hosts and does not require any changes to end hosts or transit networks. Various embodiments include intercepting traffic between one or more source client devices and a transit network; detecting a first communication protocol used by the one or more source client devices in the traffic; translating the traffic from the first communication protocol to a second communication protocol; and forwarding the traffic to the transit network using the second communication protocol.

Abstract: Systems and methods include performing inline monitoring of traffic within a network environment; requesting a Uniform Resource Identifier (URI) associated with a request within the traffic; responsive to receiving a URI in a response, identifying one or more similar URIs, the one or more similar URIs being associated with known legitimate network traffic; and determining if the request is one of benign or malicious based on a comparison between the received URI and the one or more similar URIs.

Abstract: Systems and methods for enhancing software code are provided. A method, according to one implementation, includes receiving a code base developed by one or more software developers and receiving a prompt for requesting enhancement to the code base. Also, the method includes a step of using a dynamic Retrieval-Augmented Generation (RAG) component and a Knowledge Base (KB) repository to enrich the prompt. Based on the enriched prompt, the method further includes a step of using a Large Language Model (LLM) code enhancing tool to enhance the code base.

Abstract: Systems and methods for delegated tenant administration in a cloud-based system include receiving a request to access a resource from a user device, wherein the resource is located in one of a public cloud and an enterprise network, and wherein the user device is associated with a user of a tenant of the cloud-based system; performing a policy lookup for determining policy governing access for the user to the resource, wherein the policy is based on a micro tenant associated with the tenant; providing a connection between the user device and the resource based on the policy and the micro tenant associated with the user.

Abstract: Systems and methods for extranet application support within a virtual private access system include receiving a request to access a resource from a user device associated with a customer of the cloud-based system, wherein the resource is located within one or more data centers associated with a partner of the customer; determining an optimal node of a plurality of nodes and an optimal tunnel of a plurality of tunnels for creating a connection between the user device and the resource; and creating a connection between the user device and the resources via the optimal node and the optimal tunnel.

Abstract: Systems and methods for executing an evolving threat campaign discovery pipeline are provided. A method, according to one implementation, includes a step of utilizing a harvester stage of an evolving threat campaign discovery pipeline, the harvester stage configured to perform a continuous open web crawling action to obtain initial threat information from external sources. The method also includes a step of utilizing an examiner stage of the evolving threat campaign discovery pipeline, the examiner stage configured to perform automated and human-assisted vetting of the initial threat information to obtain verified threat data. Also, the method includes utilizing a curator stage of the evolving threat campaign discovery pipeline, the curator stage configured to record the verified threat data in a threat campaign database to monitor and maintain knowledge of an evolving threat campaign.

Abstract: Systems and methods for directing and enforcing zero trust control on requests to destination services. In various embodiments, steps include receiving a request from a user to access a destination service; directing the request to a control layer; enforcing one or more controls, via the control layer, on the request based on a configuration provided by an owner of the destination service; and providing access to the destination service to the user based on the one or more controls.

Abstract: Systems and methods for determining the egress of networks and identifying routers associated with networks and ISPs include determining an egress of a network; determining a prefix associated with the egress of the network; performing a trace to a destination through the network; and identifying one or more private routers belonging to the network based on the trace and the prefix associated with the egress of the network.

Abstract: Systems and methods include intercepting traffic at a mobile device via a connector application executing on the mobile device, the traffic originating from one or more applications on the mobile device and destined for one or more resources located in one of a public cloud, a private cloud, and an enterprise network; detecting one or more Virtual Private Network (VPN) profiles associated with the traffic, wherein the one or more VPN profiles are assigned to the traffic by the operating system of the mobile device; and forwarding the traffic to a cloud-based system via one or more tunnels based on the one or more VPN profiles detected in the traffic.

Abstract: Systems and methods for Artificial Intelligence (AI) agent inputs using User Interfaces (UIs) includes operating an Artificial Intelligence (AI) agent system that includes an agent core connected to memory, one or more tools, and a planner; receiving an input from a user, wherein the input includes any of a prompt from the user and a selection from a User Interface (UI); and generating, via the AI agent, an answer based on the input.

Abstract: Systems and methods include receiving one or more disaster recovery configurations; identifying activation of a disaster recovery mode; and controlling traffic flow such that the traffic is any of blocked to all destinations, allowed to all destinations, and allowed to preselected destinations based on the one or more received disaster recovery configurations.

Abstract: A method implemented via a cloud-based system for network slicing in a 5G network includes connecting with a device that connects to the 5G network, wherein the cloud-based system includes a plurality of nodes interconnected to one another and including one or more nodes integrated in a user plane of the 5G network; inline monitoring traffic between the device and destinations including any of the Internet, cloud services, private applications, edge compute, Multiaccess Edge Compute (MEC), public/private data centers, and public/private clouds; and enforcing bandwidth control, in the 5G network, to a defined Quality of Service for a slice associated with the device.

Abstract: Systems and methods are provided for enabling search and query functions. A query system having a framework, executed on one or more processors, includes a plurality of Artificial Intelligence (AI) agents working to support one of text-to-Structured Query Language (SQL) or text-to-Python, wherein the plurality of AI agents include a first AI agent prompted to act as a research analyst for performing a task of interpreting a natural language query from a user, wherein the natural language query relates to natural language to the one of text-to-SQL or text-to-Python; a second AI agent prompted to act as a search data engineer for performing a task of executing a search based on the natural language query; and a third AI agent prompted to act as a code developer for performing a task of writing code based on the search, wherein the plurality of AI agents act autonomously yet collaboratively.

Abstract: Systems and methods for intelligent application definition and protection. In various embodiments, steps include receiving a destination service definition from a customer; performing an assessment of the destination service to determine one or more policies to use for the destination service; responsive to receiving a request from a user to access the destination service, directing the request to a control layer, and enforcing one or more controls on the request based on the one or more policies; and providing access to the destination service to the user based on the one or more controls.

Abstract: Breach prediction via machine learning includes, responsive to (1) training one or more machine learning models in a breach prediction engine, (2) monitoring one or more users associated with an enterprise, and (3) detecting an incident that is one or more of a threat and a policy violation for a first user of the one or more users, analyzing details related to the incident with the breach prediction engine; displaying a breach prediction likelihood score for the enterprise based on the analyzing; and providing one or more recommendations for the enterprise based on the incident and the analyzing.

Abstract: Systems and methods provide agentless security assessment for workloads and cloud posture control across multi-cloud environments. Discovery modules are configured with collection intervals to ingest posture control data including assets, identities, configurations, activities, network flows, and build-time artifacts. A multi-cloud configuration inventory maintains current and historical states and produces misconfiguration and identity-activity findings. For workload vulnerability evaluation, an external snapshot manager obtains point-in-time root-disk state without installing an in-workload agent. A file system data processor derives operating system and package metadata, and a detector matches the metadata against a vulnerability feed refreshed on a recurring basis to identify vulnerabilities. Identified vulnerabilities are correlated with misconfiguration and activity findings to generate prioritized risk exposures.

Abstract: Systems and methods for traffic inspection using payload offsets include performing inline monitoring between one or more endpoints and the internet; receiving a payload based on the inline monitoring; and performing traffic inspection of the payload based on one or more inspection offset values, wherein the one or more inspection offset values define one or more points within the payload for inspection to begin.

Abstract: Systems and methods for visualizing security coverage based on MITRE ATT&CK framework include obtaining cybersecurity monitoring data for an organization where the cybersecurity monitoring data is from a plurality of sources including from cybersecurity monitoring of a cloud environment associated with the organization; providing an interactive User Interface (UI), wherein the UI overlays a catalog of known malicious tactics with the cybersecurity monitoring data; and responsive to one or more selections within the UI, providing information related to coverage of one or more threat techniques.

Abstract: The present disclosure includes systems and methods for time series analysis for cloud resources. Various embodiments include receiving resource data from one or more subsystems of a cloud environment, the resource data including information related to a plurality of events associated with one or more resources in the cloud environment; storing and processing the resource data; and presenting the resource data in a chronological order based on a time associated with each of the plurality of events.