Abstract: Systems, methods, and related technologies for clustering are described. The method includes determining one or more access policies associated with each of one or more clusters of entities, wherein a cluster comprises one or more entities with similar behavior. The method further includes determining one or more anomalies based on the one or more clusters, wherein the one or more access policies control communications between entities of the one or more clusters based on the one or more anomalies. The method further includes storing data associated with at least one of the one or more clusters and the one or more anomalies.

Abstract: Systems, methods, and related technologies for profiling an entity and classifying an entity based on a profile are described. In certain aspects, data associated with communications of a first entity on a network are accessed, behaviors are determined based on the data associated with the communications of the first entity, and sequences of the behaviors of the first entity are determined. A profile of the first entity is determined based on the sequences of the behaviors, the profile including a classification of the first entity, a state machine of the profile of the first entity is determined, the state machine being associated with the classification against which the behaviors can be matched, a second entity is detected coming onto the network, and responsive to detecting the second entity coming onto the network, the second entity is classified based on the state machine of the profile of the first entity.

Abstract: Systems, methods, and related technologies for profiling an entity and classifying an entity based on a profile are described. In certain aspects, accessing data associated with one or more communications of an entity is accessed and one or more behaviors based on the data associated with the one or more communications of the entity are determined. One or more sequences of the one or more behaviors of the entity are determined and a profile is determined based on the one or more sequences of the one or more behaviors, wherein the profile comprises a classification of the entity. The profile may then be stored.

Abstract: In some examples, a secure compliance protocol may include a virtual computing instance (VCI) deployed on a hypervisor and may be provisioned with hardware computing resources. In some examples the VCI may also include a cryptoprocessor to provide cryptoprocessing to securely communicate with a plurality of nodes, and a plurality of agents to generate a plurality of compliance proofs; the VCI may communicate with a server corresponding to a node of the plurality of nodes; and receive a time stamp corresponding to at least one compliance proof based on a metric of a connected device.

Abstract: Systems, methods, and related technologies for classification are described. Network traffic from a network may be accessed and an entity may be selected. One or more values associated with one or more properties associated with the entity may be determined. The one or more values may be accessed from the network traffic. A first model associated with a first level of granularity is accessed. A first classification result of the entity based on the first model is determined by a processing device. A second model associated with a second level of granularity is accessed. The second level of granularity is higher than the first level of granularity and the second model is accessed based on the first classification result. A second classification result of the entity based on the second model is determined. At least one of the first classification result or the second classification result is stored.

Abstract: Systems, methods, and related technologies for increasing data availability. The determining of one or more recommendations to improve classification may include accessing network traffic from a network and selecting an entity. One or more values associated with one or more properties associated with the entity may be determined. The one or more values may be accessed from the network traffic. The entity may be classified and in response to the classification meeting a condition, one or more properties that are unavailable in the network traffic may be determined. A data source associated with the one or more properties for which a value is not present in the network traffic may be determined and the data source associated with the one or more properties that are unavailable in the network traffic may be stored.

Abstract: Systems, methods, and related technologies for classification are described. Network traffic from a network may be accessed and an entity may be selected. One or more values associated with one or more properties associated with the entity may be determined. The one or more values may be accessed from the network traffic. A first model associated with a first level of granularity is accessed. A first classification result of the entity based on the first model is determined by a processing device. A second model associated with a second level of granularity is accessed. The second level of granularity is higher than the first level of granularity and the second model is accessed based on the first classification result. A second classification result of the entity based on the second model is determined. At least one of the first classification result or the second classification result is stored.

Abstract: Systems, methods, and related technologies for increasing data availability. The determining of one or more recommendations to improve classification may include accessing network traffic from a network and selecting an entity. One or more values associated with one or more properties associated with the entity may be determined. The one or more values may be accessed from the network traffic. The entity may be classified and in response to the classification meeting a condition, one or more properties that are unavailable in the network traffic may be determined. A data source associated with the one or more properties for which a value is not present in the network traffic may be determined and the data source associated with the one or more properties that are unavailable in the network traffic may be stored.

Abstract: Systems, methods, and related technologies for clustering are described. The method includes determining one or more access policies associated with each of one or more clusters of entities, wherein a cluster comprises one or more entities with similar behavior. The method further includes determining one or more anomalies based on the one or more clusters, wherein the one or more access policies control communications between entities of the one or more clusters based on the one or more anomalies. The method further includes storing data associated with at least one of the one or more clusters and the one or more anomalies.

Abstract: Systems, methods, and related technologies for clustering are described. Network traffic is accessed from a network and the network may be associated with a plurality of entities. Behavior associated with each entity of the plurality of entities may be determined. The behavior may be determined based one or more communications associated with each entity. A processing device may be used to determine one or more clusters of entities based on entities having similar behavior. A cluster may comprise one or more entities with similar behavior. One or more anomalies may be determined based on the one or more clusters and storing data associated with at least one of the one or more clusters and the one or more anomalies may be stored.

Abstract: Systems, methods, and related technologies for device classification are described. In certain aspects, one or more properties are selected based on associated respective ranks. The selected one or more properties are used with information associated with the device to determine a classification. The classification may then be stored.

Abstract: Systems, methods, and related technologies for device classification are described. In certain aspects, one or more properties are selected based on associated respective ranks. The selected one or more properties are used with information associated with the device to determine a classification. The classification may then be stored.

Abstract: Systems, methods, and related technologies for determining a risk associated with a network portion are described. The determination of risk associated with a network portion may include accessing network traffic from a network and determining an entity type associated with at least one entity communicatively coupled to the network. A network portion associated with the at least one entity can be determined. A risk associated with the at least one entity can be determined. A risk associated with the network portion associated with the at least one entity can be determined based on the risk associated with the at least one entity. The risk associated with the network portion can then be stored.

Abstract: Systems, methods, and related technologies for determining a risk associated with a network portion are described. The determination of risk associated with a network portion may include accessing network traffic from a network and determining an entity type associated with at least one entity communicatively coupled to the network. A network portion associated with the at least one entity can be determined. A risk associated with the at least one entity can be determined. A risk associated with the network portion associated with the at least one entity can be determined based on the risk associated with the at least one entity. The risk associated with the network portion can then be stored.

Abstract: In some examples, a secure compliance protocol may include a virtual computing instance (VCI) deployed on a hypervisor and may be provisioned with hardware computing resources. In some examples the VCI may also include a cryptoprocessor to provide cryptoprocessing to securely communicate with a plurality of nodes, and a plurality of agents to generate a plurality of compliance proofs; the VCI may communicate with a server corresponding to a node of the plurality of nodes; and receive a time stamp corresponding to at least one compliance proof based on a metric of a connected device.

Abstract: Systems, methods, and related technologies for classification are described. Network traffic from a network may be accessed. One or more values associated with one or more properties associated with an entity may be determined. The one or more values may be determined from the network traffic. A first classification attribute is determined based on the one or more values associated with one or more properties associated with the entity. A second classification attribute is determined, by a processing device, based on the first classification attribute and the one or more values associated with one or more properties associated with the entity. The second classification attribute is stored.

Abstract: In some examples, a secure compliance protocol may include a virtual computing instance (VCI) deployed on a hypervisor and may be provisioned with hardware computing resources. In some examples the VCI may also include a cryptoprocessor to provide cryptoprocessing to securely communicate with a plurality of nodes, and a plurality of agents to generate a plurality of compliance proofs; the VCI may communicate with a server corresponding to a node of the plurality of nodes; and receive a time stamp corresponding to at least one compliance proof based on a metric of a connected device.

Abstract: Systems, methods, and related technologies for classification are described. Network traffic from a network may be accessed and an entity may be selected. One or more values associated with one or more properties associated with the entity may be determined. The one or more values may be accessed from the network traffic. A search query based on the one or more values associated with the one or more properties associated with the entity is determined and performed. A search query result is received and the search query result comprises a plurality of webpages. Data from a webpage of the plurality webpages is accessed. A classification result of the entity is determined, by a processing device, based on the data from the webpage of the plurality of webpages. The classification result is stored.

Abstract: Systems, methods, and related technologies for classification are described. Network traffic from a network may be accessed and an entity may be selected. One or more values associated with one or more properties associated with the entity may be determined. The one or more values may be accessed from the network traffic. A first model associated with a first level of granularity is accessed. A first classification result of the entity based on the first model is determined by a processing device. A second model associated with a second level of granularity is accessed. The second level of granularity is higher than the first level of granularity and the second model is accessed based on the first classification result. A second classification result of the entity based on the second model is determined. At least one of the first classification result or the second classification result is stored.

Abstract: Systems, methods, and related technologies for clustering are described. Network traffic is accessed from a network and the network may be associated with a plurality of entities. Behavior associated with each entity of the plurality of entities may be determined. The behavior may be determined based one or more communications associated with each entity. A processing device may be used to determine one or more clusters of entities based on entities having similar behavior. A cluster may comprise one or more entities with similar behavior. One or more anomalies may be determined based on the one or more clusters and storing data associated with at least one of the one or more clusters and the one or more anomalies may be stored.