Abstract: Systems and methods for determining and assigning identities to workloads in a cloud-based system. Various embodiments include monitoring traffic in a cloud-based system; extracting identification information from one or more payloads originating from one or more workloads operating in the cloud-based system; assigning an identity to each of the one or more workloads based on the identification information; and enforcing policies on the one or more workloads and traffic associated therewith based on the assigned identity.

Abstract: Systems and methods for generating sub-identities for workloads in a cloud-based system. Various embodiments include receiving a key from an external system; generating one or more sub-identities from the key; assigning the one or more sub-identities to one or more workloads; and enforcing policies on the one or more workloads and traffic associated therewith based on the one or more sub-identities.

Abstract: Systems and methods for private application access continuity include providing access to one or more private applications for users associated with a tenant of a cloud-based system; detecting one or more criteria suggesting an outage of the cloud-based system; and responsive to activation of a disaster recovery mode based on the one or more criteria, providing access to the one or more private applications via an on-site disaster recovery system including a site controller, wherein providing the access via the site controller does not require communication with the cloud-based system.

Abstract: The present disclosure includes systems and methods for a security policy framework. Various embodiments include responsive to receiving a trigger, fetching one or more policies from a policy catalog service; compiling the one or more policies into a query, wherein the one or more policies can be compiled into a plurality of different query languages; executing the query over customer data, the customer data being located in one or more data sources; and persisting results of the query.

Abstract: The present disclosure includes systems and methods for anomaly detection on resource activity logs. Various embodiments include collecting resource activity data from a plurality of resources in a cloud environment, the resource activity data including information related to a plurality of events associated with the plurality of resources in the cloud environment; aggregating and performing one or more calculations on the resource activity data to represent the plurality of resources in vector form; determining a probability of a sequence of events to be executed by a resource of the plurality of resources based on the vector form of the resource; and determining an anomaly score for the sequence of events being executed by the resource based on the probability.

Abstract: Cloud-based 5G security, implemented in a Multi-Access Edge Compute (MEC) system, includes steps of receiving a request for compute resources from User Equipment (UE); validating a user of the UE for the compute resources; responsive to the user being authorized, creating a connection between the UE and a destination of the compute resources; responsive to the user being unauthorized, rendering the compute resources as hidden from the UE. The steps can include utilizing a cloud-based system for control and signaling the connection.

Abstract: Systems and methods for utilizing Large Language Models (LLMs) for improving machine learning models in network and computer security include obtaining tabular data related to an aspect of networking and computer security; converting the tabular data to natural language for each row in the tabular data; inputting the natural language for each row in the tabular data into a Large Language Model (LLM); obtaining an output from the LLM for each row in the tabular data with embedded data therewith; and utilizing the output to train a machine learning model related to the aspect of networking and computer security

Abstract: Systems and methods for differential dynamic memory scanning include, responsive to execution of a program, performing a baseline memory scan of the program; storing data associated with a plurality of memory regions of the program based on the baseline memory scan; performing one or more subsequent memory scans of the program during execution of the program to determine if one or more of the plurality of memory regions incurred a modification; and monitoring one or more altered memory regions based thereon.

Abstract: The present disclosure relates to systems and methods for risk-based session resumption. The present disclosure addresses the security gaps in the access control workflow of an organization while significantly enhancing the user experience. Instead of users being inquired to reauthenticate at a periodic interval, the present disclosure provides risk-based session resumption and reauthentication established on a verdict determination based on changes detected in metadata. The present disclosure not only prevents unnecessary prompts for user to authenticate again but also improves the security profile of an organization as users need to reauthenticate only if something has changed, malicious activity is detected, and there is a real risk to access control.

Abstract: Systems and methods for detecting and remediating inconsistent tags in cloud-native networks include collecting tags from all resources in a cloud environment; converting each of the tags to a desired format and extracting unique tags in the desired format; calculating a similarity score between all of the unique tags in the desired format and creating tag pairs based on the similarity scores; and selecting a suggested tag for each of the tag pairs based on a number of appearances of each of the tags in the tag pairs. In various embodiments the steps can further include identifying a new resource in the cloud environment; and utilizing one or more machine learning models to determine if the new resource has inaccurate tags, and providing tag suggestions based thereon.

Abstract: The present disclosure includes systems and methods for posture control of cloud environments. Various embodiments include scanning a cloud environment for posture control data; identifying configurations associated with one or more resources in the cloud environment; generating one or more alerts related to the one or more resources based on the configurations; and assigning the one or more alerts to one or more individuals. The one or more alerts can then be sent to the one or more individuals based on the assigning.

Abstract: Systems and methods for using a diffusion machine learning model for out-of-distribution (OOD) detection of time series data include steps of receiving an input time series; causing random imputations in the input time series to provide an imputed time series; processing the imputed time series with a diffusion model that has been parameterized on a given in-distribution time series to obtain a reconstructed time series; and comparing the reconstructed time series with the input time series to determine whether the input time series is out-of-distribution with the in-distribution time series. In particular, the present disclosure includes a novel approach for using a diffusion model of OOD detection which does not require labels for OOD data.

Abstract: A method performed by a cloud system includes, subsequent to the cloud system connecting to one of a cloud provider and a Software-as-a-Service (SaaS) application, scanning data stored therein for one or more users associated with a tenant of a plurality of tenants of the cloud system; detecting an incident in the data during the scanning; maintaining details of the incident in an in-memory data store; and providing a notification to the tenant of the incident.

Abstract: Systems and methods include receiving messages from local security agents each on a host in a network, wherein the messages include network topology of the network in terms of addresses and sockets; incrementally creating a network topology of the network based on the messages; determining security policies for one or more microsegments in the network based on flow data and the network topology; and providing the security policies to respective hosts for local implementation of the one or more microsegments.

Abstract: Systems and methods for pause and resume functionality for shared Privileged Remote Access (PRA) sessions. The methods include steps of, responsive to determining one or more users are allowed to access an application associated with infrastructure, determining the one or more users' security and access policies, and creating a Privileged Remote Access (PRA) session for the one or more users; brokering a connection between one or more user devices associated with the one or more users and the application through a lightweight connector, and enabling the one or more users to send commands to the application; receiving a pause command from one of the one or more users; and responsive to receiving the pause command, blocking commands from the one or more users from reaching the application.

Abstract: Systems and methods to protect shared Privileged Remote Access (PRA) sessions based on user risk include receiving, at a Privileged Remote Access (PRA) system, one or more invitations from a host, the one or more invitations being for one or more users to join a PRA session; responsive to receiving the one or more invitations, determining a risk score of each of the one or more users associated with the one or more invitations; and rejecting or allowing each of the one or more invitations based on the risk score of each of the one or more users.

Abstract: Systems and methods include receiving a copy of a template file of security rules where the template file includes a plurality of rule tags and one or more dependency tags that define relationships and dependencies between any rules associated with the plurality of rule tags; scanning the template file including, for each respective rule tag of the plurality of rule tags checking if an enabled flag is set for the respective rule tag, when the enable flag is set, looking up a respective rule in a rule database and replacing the respective rule tag with the respective rule, and when the enable flag is not set, removing the respective rule tag from the template file; and providing an output file including a plurality of rules having the relationships and dependencies, where the output file is used for security scanning.

Abstract: Systems and methods include a host system that is configured to execute a security agent that is configured to allow and block flows in a network, on the network interface, receive a script from a command & control server, and execute the script via an interpreter associated with the security agent, wherein the script is configured to any of disable behavior and modify behavior of the security agent at one or more hook points in the security agent.

Abstract: A cloud node in a cloud-based system includes one or more processors and memory storing instructions that, when executed, cause the one or more processors to: communicate with a user associated with a tenant of a plurality of tenants; obtain policy and configuration for the user based on the tenant, from a central authority in the cloud-based system; provide the one or more cloud services to the user, based on the policy and configuration; and crawl one or more cloud providers having a plurality of files for the user, based on the policy and configuration. The cloud node is inline between a user device of the user and the Internet, as well as connected to the one or more cloud providers.

Abstract: Systems and methods for a zero trust (ZT) network branch, which includes an edge switch on premises (on prem) with other services being offered in the cloud, include plurality of endpoints on the branch network each of which is configured in a network of one; and route east-west and north-south traffic flows associated with the plurality of endpoints through a cloud for security processing thereon. The security processing is based on one or more security applications selectively configured for the east-west and north-south traffic flows.