Abstract: According to one embodiment, a method, computer system, and computer program product for preventing intrusions on a network is provided. The present invention may include generating a sandbox environment responsive to detecting an attacker in the network, wherein the sandbox environment comprises dynamically generated data tailored to the target of the attacker; and moving the attacker to the sandbox environment.

Abstract: Systems and methods are provided for servicing inference request by one of multiple machine learning models attached to a deployment cluster. The API server of a deployment cluster is not tightly coupled to any of multiple machine learning models attached to the deployment cluster. Upon receiving an inference request, the deployment cluster can retrieve the configuration parameters, including serialization formatting, for a target model identified in the inference request. The deployment cluster can utilize the retrieved parameters to service the inference request and return the results to a business system application.

Abstract: The present disclosure discloses a method and apparatus of processing a back-to-origin request of a content delivery network, a device, and a medium. The method includes: receiving a back-to-origin request carrying an access identifier, wherein the access identifier includes a target accelerating domain name and a target service provider identification; querying a target origin site corresponding to the target accelerating domain name, and acquiring origin site configuration information corresponding to the target origin site; generating a target access identifier of the target origin site based on the origin site configuration information; and transmitting the target access identifier to the target CDN server corresponding to the target service provider identification, wherein the target CDN server acquires a target resource from the target origin site according to the target access identifier.

Abstract: A method of sanitizing a media comprising a controller and a storage device, the method comprising executing, by the controller, a command to erase a data area and an internal area of the storage device, verifying, by the controller, that at least a portion of the data area and at least a portion of the internal area of the storage device has been erased, generating, by the server, a certificate of media sanitization (CoS) of the media, and registering, by the server, an entry representative of the CoS of the media in a distributed ledger or database. Here the storage device is configured to store data received from a host external to the storage device only in the data area, and the storage device is configured to store operational data in the internal area for the operation of the storage device.

Abstract: Techniques for restricting plug-in application recipes (“PIARs”) are disclosed. A PIAR management application receives a PIAR restriction via an authenticated user of the PIAR management application. The PIAR restriction is applicable to certain users of the PIAR management application. The PIAR restriction identifies functionality of the PIAR management application that would otherwise be available to a user of the PIAR management application if the user had an active account for a particular plug-in application that, once linked to that user in the PIAR management application and associated with a particular PIAR, would be capable of supplying at least part of the functionality. The PIAR management application stores the PIAR restriction, including information to block the restricted functionality. Based on the PIAR restriction, the PIAR management application blocks the restricted functionality. Many different types of functionality may be restricted, in various ways.

Abstract: A method for restoring a network slice includes receiving a request to restore the network slice to a previous configuration, the previous configuration and a current configuration of the network slice being stored in a datastore, generating sets of subtrees from device-specific data in the current configuration and the previous configuration to be added, removed, or replaced in the current configuration, and restoring the network slice to the previous configuration based on the sets of subtrees.

Abstract: Technologies for collecting metrics associated with a processing resource (e.g., central processing unit (CPU) resources, accelerator device resources, and the like) over a time window are disclosed. According to an embodiment presented herein, a network device receives, in an edge network, a request to provide one or more metrics associated with a processing resource, the request specifying a window indicative of a time period to capture the one or more metrics. The network device obtains the one or more metrics from the processing resource for the specified window and provides the obtained one or more metrics in response to the request.

Abstract: A system for computer security of a remote device having a processor includes a way to determine an operating mode of the remote device and a way to validate a resource (e.g., program, script, web address). When an attempt is made to access a resource, the operating mode of the remote device is determined and when the operating mode of the remote device is a corporate operating mode, then the resource is evaluated using a corporate protection file. Otherwise, when the operating mode of the remote device is determined to be a personal operating mode, then the resource is evaluated using a personal protection file. When the resource validation determines that the resource is approved, access to the resource is provided; otherwise, access to the resource is prevented.

Abstract: Disclosed are techniques for associating users of a network infrastructure to network or endpoint events within the network infrastructure. A method can include receiving, by a network security system that monitors and protects the network infrastructure, a packet for a network event, the packet including (i) information identifying a user device from which the network event originates and (ii) a payload, determining whether the packet triggers at least one association rule in a group of association rules, determining candidate users to be associated with the network event based on the rule triggered by the packet, determining confidence values for the candidate users to be associated with the network event based on the rule triggered by the packet, and returning the candidate users to associate with the network event and the corresponding confidence values.

Abstract: A system for managing web traffic comprising a meta control operating on a first processor having a first control interface and configured to generate a request for content and to transmit the request for content over a digital data network to a meta control server. The meta control server operating on a second processor and configured to receive the request for content and to select data for one or more second control interfaces as a function of data associated with the first control interface and to transmit the data for the one or more second control interfaces over the digital data network to the first control interface. The first control interface displays the data for the one or more second control interfaces and monitors user activity associated with the data.

Abstract: An apparatus and method for providing access to reliable boot firmware. In various implementations, a computing system includes an integrated circuit with a security processor. Prior to performing any steps of a bootup operation using one of multiple copies of boot firmware, the security processor determines whether multiple signatures exist where the signatures are based on the multiple copies of boot firmware. Each of the multiple copies of boot firmware is a copy of a particular version of boot firmware. If the multiple signatures do not yet exist, then the security processor generates the signatures using the multiple copies of boot firmware. During a bootup operation, when the security processor determines that the multiple signatures already exist, the security processor uses these signatures to validate one or more of the multiple copies of boot firmware. The security processor continues with the bootup operation using the validated copy of boot firmware.

Abstract: A communal media system includes a synchronization system to retrieve the multimedia content for delivery to participating user devices and receive a request from a user device for multimedia content being displayed on participating user devices. The multimedia content being displayed on a first participating device is different from the multimedia content being displayed on a second participating device. The synchronization system receives social media content generated by user devices, adjusts simultaneous deliveries of the multimedia content being displayed on the first and second participating user devices and the social media content to the user devices, and transmits, to user devices in the communal session, multiple screens including the multimedia content being displayed on the first and second participating user devices at the same time. A display system causes the user devices in the communal session to simultaneously display multiple screens at the same time.

Abstract: A system and method for diagnosing connection and communication in an industrial machine. The electronic processing system includes a CAN bus, an ethernet network, and a plurality of devices connected to the CAN bus and the ethernet network. The plurality of devices includes at least one controller programmed to run one or more software applications. A connectivity check is performed to obtain CAN connection status data and ethernet connection status data for the plurality of devices. The CAN connection status data and the ethernet connection status data is analyzed to determine a likely cause of a device connection issue. A solution to the device connection issue is output to a user based on the analyzed data.

Abstract: A method for providing an enterprise distribution platform to facilitate software distribution over a public computer network is disclosed. The method includes receiving, via a network interface, a request from the public computer network, the request relating to a solicitation for a software package; determining, by using a network security system, whether the request is forwarded from the public computer network to a private computer network based on a predetermined security rule; authenticating, via a web proxy, the request based on a result of the determining; identifying, based on a result of the authentication, the software package corresponding to the request; retrieving, from a memory, the identified software package; and transmitting, via the network interface, the retrieved software package in response to the request.

Abstract: Systems and processes for managing authorizations for multiple vendors at an enterprise service are provided. Responsive to a request to onboard an authorization for access to data resources of a targeted vendor, a central management server may receive, from an authorization server for the targeted vendor, authorization information. The authorization information may be received indirectly, via a security token service. An authorization reference object may be generated to store the authorization information, and the authorization reference object may be stored in a database. Subsequent requests for access to the data resources of the targeted vendor may be serviced using the authorization reference object stored in the database.

Abstract: An information security testing method and an information security testing system of an open radio access network (O-RAN) base station are provided. The information security testing method includes at least the following steps: configuring a processing device to execute a radio resource control (RRC) signaling integrity test process to determine whether or not an RRC signaling sent by a central unit (CU) is integrity protected; and in response to determining that the RRC signaling sent by the CU is integrity protected, configuring the processing device to execute an RRC signaling security test process.

Abstract: This document relates to a process for supporting the management of a variety of types of deployed devices. Administrators utilizing enterprise services can provide generic configuration data using configuration templates, which can be provided to a management server. The management server can then precompute device-specific configuration settings and resolve any conflicts that may arise based on the configuration templates. The configuration templates can also include placeholders for secret values, and once a managed device checks in to the management server, the secret values can be retrieved from an applicable enterprise service and provided to the managed device at the time of applying the configuration template.

Abstract: Method, systems, and devices for transparent relocatable application instance deployment are described. A method performed by a Wireless Transmit/Receive Unit may comprise transmitting, to a Multi-access Edge Computing (MEC) system, a first message including a request to deploy the relocatable application instance at a target. The method may comprise receiving a second message including an indication to establish communication with the application instance and a Transparent Instance Relocation Session Identifier (TIRSI) and establishing, based on the second message, communication with the relocatable application instance at the target. The method may comprise transmitting a third message including a request for relocation of the application instance to another target.

Abstract: Arrangements for comprehensive threat mitigation are provided. In some aspects, an indication of threat or potential threat may be received from an external entity. In some examples, the threat may include a cybersecurity threat. In response to receiving the indication of threat, identifying data associated with the external entity may be extracted from the indication and used to retrieve pre-stored customizations associated with the desired mitigating actions of the external entity. The one or more mitigating actions may be identified and instructions to execute the one or more mitigating actions may be generated and transmitted to one or more computing devices for execution.

Abstract: A system may include a communication device that may enable a user to complete a digital form via a first communication session. The system may include a processor that may determine that the user has not completed the digital form, determine one or more issues associated with the user not completing the digital form based on a progress point associated with the digital form, determine a communication channel to use to follow up with the user regarding the digital form based on a data profile associated with the user, the one or more issues, or both, and establish a second communication session with the user via the communication channel to present the digital form at the progress point, such that the user can continue to complete the digital form using the second communication session.