Abstract: Systems and methods include receiving a request, in a cloud system from a first device, to access a second device; determining if the first device is permitted to access the second device; if the first device is not permitted to access the second device, notifying the first device the second device does not exist; and, if the first device is permitted to access the second device, stitching together connections between the cloud system, the first device, and the second device to provide access to the second device for the first device, wherein the connections are implemented through the cloud-based system.

Abstract: Systems and methods for detecting device change due to Dynamic Host Configuration Protocol (DHCP) in sparsely populated log data include monitoring and logging network traffic data; identifying one or more outlier time gaps associated with an Internet Protocol (IP) address used to communicate over the network within the logged network traffic data; and determining the occurrence of a DHCP change based on one or more network traffic characteristics of the IP address before and after the outlier time gap.

Abstract: Systems and methods for a hierarchical step-up authentication mechanism include monitoring access to one or more private applications; responsive to a request to access the one or more private applications, determining an Authentication Level (AL) of a user associated with the request, wherein determining the AL of the user comprises referencing one or more AL trees; and responsive to determining an AL of the user, performing one or more actions based thereon, wherein the one or more actions comprises one of allowing access to the one or more private applications and denying access to the one or more private applications.

Abstract: Systems and methods include monitoring user experience of one or more users accessing any of the Internet, cloud applications, and private applications; determining a user experience score for the one or more users; responsive to detecting a low user experience score for a user, performing one or more analyses on the user experience of the user; and determining a root cause of the low user experience score based on the one or more analyses. The systems and methods can include determining a remedial action for the user based on the root cause.

Abstract: A distributed security system includes a plurality of content processing nodes that are located external to a network edge of an enterprise and located external from one of a computer device and a mobile device associated with a user, and a content processing node is configured to monitor a content item that is sent from or requested by the external system; classify the content item via a plurality of data inspection engines that utilize policy data and threat data; and one of distribute the content item, preclude distribution of the content item, allow distribution of the content item after a cleaning process, or perform threat detection on the content item, based on classification by the plurality of data inspection engines; and an authority node communicatively coupled to the plurality of content processing nodes and configured to provide the policy data and the threat data for threat classification.

Abstract: Systems and methods for visualization monitoring data from a cloud-based system include obtaining the monitoring data, wherein the monitoring data is based on transactions associated with a plurality of users of the cloud-based system; providing a Graphical User Interface (GUI); obtaining a plurality of filter selections for a plurality of filter types; and displaying a visualization comprising a Sankey diagram of the monitoring data with nodes in the Sankey diagram including each of the plurality of filter types and links between the nodes indicative of the transactions in the monitoring data. The monitoring data can be for one or more of cloud security service transactions, application access via a Zero Trust Network Access (ZTNA) service, and user experience metrics.

Abstract: Cloud-based 5G security, implemented in a Multi-Access Edge Compute (MEC) system, includes steps of receiving a request for a workload from User Equipment (UE) via a Radio Access Network (RAN); determining a path to the workload; creating a tunnel to the workload; and steering the request to the workload via the tunnel that is independent of any underlying mobile network for the RAN. The tunnel can be encrypted and used on a per-application and per-session basis.

Abstract: Systems and methods include performing inline monitoring of production traffic between users, the Internet, and cloud services via a cloud-based system; utilizing a trained machine learning model to inspect static properties of files in the production traffic; and classifying the traffic as one of malicious or benign based on the trained machine learning model.

Abstract: A system and method for cybersecurity vulnerability management through ticket system reduction reduces alert fatigue. The method includes receiving a plurality of alerts from a cybersecurity monitoring system, the cybersecurity monitoring system configured to monitor a computing environment, wherein each alert includes a plurality of attributes; generating in a graph database a ticket node corresponding to each alert of the received plurality of alerts; generating in the graph database a ticket group node, the ticket group node connected to a plurality of ticket nodes, each ticket node of the plurality of ticket nodes corresponding to an alert having an attribute with a same value; generating a ticket in a ticketing system corresponding to the ticket group node; and generating a visual representation of the ticket corresponding to the ticket group node.

Abstract: Systems and methods include receiving data associated with monitoring network communication traffic associated with a plurality of network devices; analyzing network communication flows of the plurality of network devices to group similar network devices together; analyzing patterns, frequency, relevance, and origination of words in the network communication traffic to auto-label the plurality of network devices; and assigning one or more words to any of a given network device and a group of similar network devices.

Abstract: The present disclosure includes, responsive to a request from a user device, performing a security check based on policy associated with the user device, wherein the policy includes setting related to content filtering and security; responsive to the security check, performing one of: directly allowing the request to the Internet based on the security check determining the request is allowed by the settings; directly blocking the request based on the security check determining the request is disallowed by the settings; and forwarding the request to a system for inline inspection based on the security check determining the request includes suspicious content, wherein responsive to the inline inspection, the request is one of allowed and blocked.

Abstract: Cloud-based deception systems and methods with zero trust include hosting a decoy cloud environment for a customer that contains a plurality of decoys and that is hosted and separated from a real environment of the customer; receiving traffic from a user associated with the customer; detecting the traffic is related to accessing a fake asset on a user device associated with the user; rerouting the traffic to the decoy cloud environment; and monitoring activity associated with the fake asset in the decoy cloud environment.

Abstract: Techniques for processing web probes for monitoring user experience including use of caching to prevent a surge of web probes on destination servers and for detecting web probe traffic. A method implemented by a connector includes intercepting a Hypertext Transfer Protocol Secure (HTTPS) web probe request to a server, identifying a cache hit associated with the request in a cache, generating a synthetic Hypertext Transfer Protocol (HTTP) response based on information from the identified cache hit, wherein the generated synthetic HTTP response includes an extension header containing collected statistics, and sending the synthetic HTTP response. The method can further include simulating a Secure Socket Layer (SSL) handshake to estimate SSL cost.

Abstract: Systems and methods implemented by a mobile device include establishing a plurality of tunnels to a gateway, wherein each of the plurality of tunnels is on one of a plurality of link layer channels at the mobile device; intercepting network traffic on the mobile device; forwarding the network traffic to one of the plurality of tunnels based on a set of traffic forwarding rules; and responsive to a network change for the mobile device, managing the plurality of tunnels and continuing the forwarding based on the managing. The systems and methods can further include determining characteristics including bandwidth of each of the plurality of link layer channels; and utilizing the characteristics with the set of traffic forwarding rules for the forwarding.

Abstract: Systems and methods for cloud-based threat alerts and monitoring include monitoring network traffic via a cloud-based system of one or more tenants of the cloud-based system; receiving a plurality of alerts associated with the network traffic from a plurality of security tools of the cloud-based system; logging the plurality of alerts; and providing an event chain, including the plurality of alerts. Based on the event chain, alerts can be identified as being false positives or legitimate.

Abstract: Systems and methods include identifying a cloud application; performing one or more automated scripts to determine a first set of attributes of the cloud application; obtaining a second set of attributes of the cloud application based on a manual analysis; obtaining weighting factors for the first set of attributes and the second set of attributes; determining a risk score of the cloud application based on the first set of attributes and the second set of attributes and the associated weighting factors; and displaying the risk score of the cloud application. The steps can further include enforcing security policies for the cloud application based on the risk score, such as via one of a cloud-based system and a Cloud Access Security Broker (CASB) system.

Abstract: Techniques for optimized tracing in IPV6 environments include sending a plurality of trace packets between a client and a destination in a service path; responsive to receiving a response from the plurality of trace packets, extracting trace information therefrom; and determining a corresponding router associated with each of the responses based on the trace information.

Abstract: Techniques for determining a destination Time-to-Live (TTL) value for a destination in a service path include sending a first trace packet having a TTL equal to an integer N; sending a subsequent trace packet having a TTL based on whether a response is received from the destination to the first trace packet; and repeating the steps until the destination TTL is determined. The various embodiments are adapted to perform the determining based on a binary search approach, thus optimizing the process for determining the destination TTL.

Abstract: A method performed by a cloud system includes, subsequent to the cloud system connecting to one of a cloud provider and a Software-as-a-Service (SaaS) application, scanning data stored therein for one or more users associated with a tenant of a plurality of tenants of the cloud system; detecting an incident in the data during the scanning; maintaining details of the incident in an in-memory data store; and providing a notification to the tenant of the incident.

Abstract: Systems and methods include intercepting traffic at a mobile device via a connector application executing on the mobile device, the traffic originating from one or more applications on the mobile device and destined for one or more resources located in one of a public cloud, a private cloud, and an enterprise network; detecting one or more Virtual Private Network (VPN) profiles associated with the traffic, wherein the one or more VPN profiles are assigned to the traffic by the operating system of the mobile device; and forwarding the traffic to a cloud-based system via one or more tunnels based on the one or more VPN profiles detected in the traffic.