Abstract: Systems, methods, and computer-readable media relate to providing a network management service. A system is configured to request first network information from a first component of a network using a public IP address for the first component, wherein the first network information includes private IP addresses for a second component in the network and translate, based on a mapping information for a private IP address space to a public IP address space, the private IP address for a second component to a public IP address for the second component. The system is further configured to request second network information from the second component using the public IP address and provide a network management service for the network based on the second network information.

Abstract: Described embodiments provide systems and methods for remapping connections to tunnels selected based on a security level of the communications. A first network device may be in communication with a second network device via a plurality of communication tunnels. The plurality of communication tunnels may include an encrypted communication tunnel and an unencrypted communication tunnel. The first network device may receive a packet, the packet including header information and a payload. The first network device may determine whether the received packet is encrypted to meet a threshold level of security. The first network device may, responsive to determining that the packet is to meet the threshold level of security, communicate an identifier of the payload and the header information to the second network device via the encrypted communication tunnel, and communicate the payload to the second network device via the unencrypted communication tunnel.

Abstract: A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The client device accesses an acceleration server to receive a list of available tunnel devices. The requested content is partitioned into slices, and the client device sends a request for the slices to the available tunnel devices. The tunnel devices in turn fetch the slices from the data server, and send the slices to the client device, where the content is reconstructed from the received slices. A client device may also serve as a tunnel device, serving as an intermediate device to other client devices. Similarly, a tunnel device may also serve as a client device for fetching content from a data server. The selection of tunnel devices to be used by a client device may be in the acceleration server, in the client device, or in both.

Abstract: Computing devices and method for performing a secure neighbor discovery. A local computing device transmits an encrypted local node identifier and an encrypted local challenge to a remote computing device. The remote computing device generates a local challenge response based on the local challenge; and transmits an encrypted remote node identifier and an encrypted local challenge response to the local computing device. The local computing device determines that the received local challenge response corresponds to an expected local challenge response generated based on the local challenge. The remote computing device further transmits an encrypted remote challenge. The local computing device generates a remote challenge response based on the remote challenge; and transmits an encrypted remote challenge response to the remote computing device.

Abstract: Techniques are disclosed for generating intent-based policies and applying the policies to traffic of a computer network. In one example, a policy controller for the computer network receives traffic statistics for traffic flows among a plurality of application workloads executed by a first set of computing devices. The policy controller correlates the traffic statistics into session records for the plurality of application workloads. The policy controller generates, based on the session records for the application workloads, application firewall policies for the application workloads. Each of the application firewall policies define whether traffic flows between application workloads are to be allowed or denied. The policy controller distributes the application firewall policies to a second set of one or more computing devices for application to traffic flows between instances of the application workloads.

Abstract: One example method includes receiving, at a blockchain node of an auditing cloud service, information associated with one or more data management transactions, registering, at the blockchain node, the information received concerning the data management transactions, receiving, by the cloud auditing service, a request for access to the information registered at the blockchain node, and, enabling, by the cloud auditing service, access to the requested information.

Abstract: The disclosed embodiments provide a system that detects execution of malicious cryptomining software in a target computing system. During operation, the system monitors target electromagnetic interference (EMI) signals generated during operation of the target computing system. Next, the system generates a target EMI fingerprint from the target EMI signals. The system then compares the target EMI fingerprint against a set of malicious EMI fingerprints for different pieces of malicious cryptomining software to determine whether the target computing system is executing malicious cryptomining software.

Abstract: A method is presented to geographically control the distribution of protected data and ensure that it is not transmitted along any path which would encompass prohibited areas. A user wanting to so protect data can input geographic restrictions which are translated into geodeclaration metadata representing one or more geographic areas in which the data is either permitted or prohibited. The metadata may be in the form of an XML statement, and is sealed with the data using a digital certificate. When the data is received at a network router or at a destination device, the router/device can check its own current location (e.g., via GPS) and determine whether its location is within permissible boundaries. If not, the data is not transmitted or stored, and an error message is returned. If the router/device determines that it is within permissible boundaries, it proceeds to transmit or store the data.

Abstract: A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The client device accesses an acceleration server to receive a list of available tunnel devices. The requested content is partitioned into slices, and the client device sends a request for the slices to the available tunnel devices. The tunnel devices in turn fetch the slices from the data server, and send the slices to the client device, where the content is reconstructed from the received slices. A client device may also serve as a tunnel device, serving as an intermediate device to other client devices. Similarly, a tunnel device may also serve as a client device for fetching content from a data server. The selection of tunnel devices to be used by a client device may be in the acceleration server, in the client device, or in both.

Abstract: A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The client device accesses an acceleration server to receive a list of available tunnel devices. The requested content is partitioned into slices, and the client device sends a request for the slices to the available tunnel devices. The tunnel devices in turn fetch the slices from the data server, and send the slices to the client device, where the content is reconstructed from the received slices. A client device may also serve as a tunnel device, serving as an intermediate device to other client devices. Similarly, a tunnel device may also serve as a client device for fetching content from a data server. The selection of tunnel devices to be used by a client device may be in the acceleration server, in the client device, or in both.

Abstract: Embodiments of the present disclosure relate to a method, a device and a computer program product for managing a distributed system. The method comprises sending heartbeat messages from a master node to a plurality of slave nodes, the master node and the plurality of slave nodes being included in a plurality of nodes in the distributed system, and the plurality of nodes being divided into one or more partitions. The method further comprises, in response to receiving a response to the heartbeat messages from a portion of slave nodes in the plurality of slave nodes, determining respective states of the one or more partitions. In addition, the method further comprises a state of a first slave node in the plurality of slave nodes at least based on the respective states of the one or more partitions, the master node failing to receive a response to the heartbeat messages from the first slave node.

Abstract: Disclosed is a system for the provision and management of web resource including a node server configured to store a plurality of web resource usage profiles associated with one or more users, the node server comprises a local cache to store web resources; a switch server arranged in signal communication with the node server and configured to switch the provision of web resource between a first mode and a second mode; wherein the node server is connectable to at least one of a local and a global network; and wherein in the first mode the node server retrieves web resource from the local cache; and in the second mode the node server retrieves web resource from at least one of the local and the global network. A device in the form a node server and a method using the node server to provide and manage web resource are also disclosed.

Abstract: A playback device reads a traffic file which is a dump file of traffic when malicious or benign traffic is generated and generates traffic based on the traffic file on a network having a security instrument that generates an event in accordance with the traffic. In addition, a determination device collects an event generated by the security instrument for the generated traffic and, on the basis of a feature extracted from the collected event, determines whether the event to be determined is for malicious traffic or benign traffic.

Abstract: With exponential growth in virtualized traffic within physical data centers, many end users (e.g., individuals and enterprises) have begun moving work processes and data to cloud computing platforms. A visibility platform can be used to monitor virtualized traffic traversing a cloud computing platform, such as Amazon Web Services, VMware, or OpenStack. But it can be difficult to manage how the visibility platform handles incoming virtualized traffic. Introduced here, therefore, are graphs that visually represent the network fabric of a visibility platform. When the network fabric of the visibility platform is represented as a graph, an end user can easily modify the network fabric, for example, by adding, removing, or modifying nodes that represent network objects, adding, removing, or modifying connections between pairs of nodes that represent traffic flows between pairs of network objects, etc.

Abstract: Systems and methods for diskless booting a remote server. The remote server includes a secure cryptoprocessor having a root key that is unique to the cryptoprocessor. Keying information can be fetched from an image server, which includes a certificate associated with the remote server and a private key of a key pair associated with the remote server. The key pair can be generated by the secure cryptoprocessor based on the root key. The client certificate can be created from a public key of the key pair. A mutually authenticated secure channel between the servers can be established by authenticating the servers based at least in part on the loaded keying information. Images of components of the remote server can be fetched from the image server via the secure channel, and then the remote server can be further booted accordingly.

Abstract: In one embodiment, a method includes receiving an instruction to add an assistant xbot as a participant in a conversation thread from a first user of a plurality of users participating in the conversation thread, monitoring the conversation thread including user inputs by one or more users of the plurality of users via the assistant xbot, analyzing the user inputs to identify intents based on a natural-language understanding module, sending instructions for prompting one or more users of the plurality of users to provide information for completing tasks associated with the intents via the assistant xbot within the conversation thread, executing the tasks based on the information provided by one or more agents, and sending instructions for presenting information associated with one or more of the executed tasks via the assistant xbot within the conversation thread.

Abstract: Systems for providing multi-layer authentication are provided. In some examples, a system may receive data associated with a signal detected by a computing device. The signal may be emitted from a smart processing device. The received signal data may be compared to pre-stored signal data to determine whether a match exists. If not, an instruction disabling functionality of the smart processing device may be generated and transmitted to the smart processing device. If so, an instruction enabling functionality of the smart processing device may be generated and transmitted. The system may generate a request for next layer authentication data. The request may be transmitted to one or more computing devices and next layer authentication response data may be received. The next layer authentication response data may be compared to pre-stored next layer authentication data to determine whether a match exists.

Abstract: The apparatus determines whether a subscriber identification module (SIM) card is an embedded universal circuit card (eUICC) or a non-eUICC while in a subsidy locked state. The apparatus performs a profile sequence to determine available network profiles if the SIM card is the eUICC. The apparatus may present an option at the user interface UI to switch network profiles on the UE if the current profile of the eUICC does not satisfy a personalization check on the ME.

Abstract: Some examples of application state synchronization may include receiving, at a server, application state data from an electronic device. For instance, the application state data may represent an application state of a computer application running at the electronic device when a backup event occurs. An analysis may be performed based on at least one of a user profile or a usage pattern. A set of electronic devices may be identified based on the analysis. Further, the application state data may be transmitted to the set of electronic devices.

Abstract: A technique includes setting up a replication partnership between a first storage node and a second storage node. The replication partnership includes establishment of a secure connection between the first storage node and the second storage node using a remote internet protocol address, a base port, and an identifying key pair. A port forwarding configuration may then be created, in part, by adding a pre-established port offset relative to a base port (e.g., a well-known TCP/IP port) for a first of a set of one or more pre-established port offsets. This process may be repeated for each remaining instance of the one or more pre-established port offsets. Encryption keys may be exchanged between the first storage node and the second storage node using at least one of the base port or the pre-established port offsets. Replication between the first storage node and the second storage node may be performed securely using the established communication channels.