Abstract: According to some embodiments, a method includes detecting a start of an OpenTelemetry span by an application and determining security information related to the start of the OpenTelemetry span. The method further includes monitoring the application for one or more application behaviors during execution of the OpenTelemetry span. The method further includes detecting an end of the OpenTelemetry span by the application, and in response, calculate a security score for the OpenTelemetry span using the security information related to the start of the OpenTelemetry span and the one or more application behaviors detected during execution of the OpenTelemetry span. The method further includes updating a status of the OpenTelemetry span to include the security score and a text string related to the calculation of the security score.

Abstract: The present disclosure provides systems, methods, and computer-readable media for implementing security polices at software call stack level. In one example, a method includes generating a call stack classification scheme for an application, detecting a call stack during deployment of the application; using the call stack classification scheme during runtime of the application, classifying the detected call stack as one of an authorized call stack or an unauthorized call stack to yield a classification; and applying a security policy based on the classification.

Abstract: This disclosure generally relate to a method and system for network policy simulation in a distributed computing system. The present technology relates techniques that enable simulation of a new network policy with regard to its effects on the network data flow. By enabling a simulation data flow that is parallel and independent from the regular data flow, the present technology can provide optimized network security management with improved efficiency.

Abstract: This disclosure generally relate to a method and system for network policy simulation in a distributed computing system. The present technology relates techniques that enable simulation of a new network policy with regard to its effects on the network data flow. By enabling a simulation data flow that is parallel and independent from the regular data flow, the present technology can provide optimized network security management with improved efficiency.

Abstract: According to some embodiments, a method includes detecting a start of an OpenTelemetry span by an application and determining security information related to the start of the OpenTelemetry span. The method further includes monitoring the application for one or more application behaviors during execution of the OpenTelemetry span. The method further includes detecting an end of the OpenTelemetry span by the application, and in response, calculate a security score for the OpenTelemetry span using the security information related to the start of the OpenTelemetry span and the one or more application behaviors detected during execution of the OpenTelemetry span. The method further includes updating a status of the OpenTelemetry span to include the security score and a text string related to the calculation of the security score.

Abstract: A method provides for receiving network traffic from a host having a host IP address and operating in a data center, and analyzing a malware tracker for IP addresses of hosts having been infected by a malware to yield an analysis. When the analysis indicates that the host IP address has been used to communicate with an external host infected by the malware to yield an indication, the method includes assigning a reputation score, based on the indication, to the host. The method can further include applying a conditional policy associated with using the host based on the reputation score. The reputation score can include a reduced reputation score from a previous reputation score for the host.

Abstract: An example method according to some embodiments includes receiving flow data for a packet traversing a network. The method continues by determining a source endpoint group and a destination endpoint group for the packet. The method continues by determining that a policy was utilized, the policy being applicable to the endpoint group. Finally, the method includes updating utilization data for the policy based on the flow data.

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

Abstract: The present disclosure provides systems, methods, and computer-readable media for implementing security polices at software call stack level. In one example, a method includes generating a call stack classification scheme for an application, detecting a call stack during deployment of the application; using the call stack classification scheme during runtime of the application, classifying the detected call stack as one of an authorized call stack or an unauthorized call stack to yield a classification; and applying a security policy based on the classification.

Abstract: The present disclosure provides systems, methods, and computer-readable media for implementing security polices at software call stack level. In one example, a method includes generating a call stack classification scheme for an application, detecting a call stack during deployment of the application; using the call stack classification scheme during runtime of the application, classifying the detected call stack as one of an authorized call stack or an unauthorized call stack to yield a classification; and applying a security policy based on the classification.

Abstract: A method provides for receiving network traffic from a host having a host IP address and operating in a data center, and analyzing a malware tracker for IP addresses of hosts having been infected by a malware to yield an analysis. When the analysis indicates that the host IP address has been used to communicate with an external host infected by the malware to yield an indication, the method includes assigning a reputation score, based on the indication, to the host. The method can further include applying a conditional policy associated with using the host based on the reputation score. The reputation score can include a reduced reputation score from a previous reputation score for the host.

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

Abstract: A system and method for evaluating penetration testing tools. In one embodiment, a method includes generating a plurality of instructions, wherein the instructions comprise one or more security vulnerabilities for testing a web server, generating the web server, wherein the web server comprises the plurality of instructions with the one or more security vulnerabilities, receiving a penetration test result from a penetration testing tool executing on the web server, and computing a precision of the penetration testing tool for detecting the one or more security vulnerabilities.

Abstract: An example method according to some embodiments includes receiving flow data for a packet traversing a network. The method continues by determining a source endpoint group and a destination endpoint group for the packet. The method continues by determining that a policy was utilized, the policy being applicable to the endpoint group. Finally, the method includes updating utilization data for the policy based on the flow data.

Abstract: A system and method for updating and correcting facts that receives proposed values for facts from users and determines a correctness score which is used to automatically accept or reject the proposed values.

Abstract: An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.

Abstract: A method provides for receiving network traffic from a host having a host IP address and operating in a data center, and analyzing a malware tracker for IP addresses of hosts having been infected by a malware to yield an analysis. When the analysis indicates that the host IP address has been used to communicate with an external host infected by the malware to yield an indication, the method includes assigning a reputation score, based on the indication, to the host. The method can further include applying a conditional policy associated with using the host based on the reputation score. The reputation score can include a reduced reputation score from a previous reputation score for the host.

Abstract: According to some embodiments, a method includes detecting a start of an OpenTelemetry span by an application and determining security information related to the start of the OpenTelemetry span. The method further includes monitoring the application for one or more application behaviors during execution of the OpenTelemetry span. The method further includes detecting an end of the OpenTelemetry span by the application, and in response, calculate a security score for the OpenTelemetry span using the security information related to the start of the OpenTelemetry span and the one or more application behaviors detected during execution of the OpenTelemetry span. The method further includes updating a status of the OpenTelemetry span to include the security score and a text string related to the calculation of the security score.

Abstract: An example method according to some embodiments includes receiving flow data for a packet traversing a network. The method continues by determining a source endpoint group and a destination endpoint group for the packet. The method continues by determining that a policy was utilized, the policy being applicable to the endpoint group. Finally, the method includes updating utilization data for the policy based on the flow data.