Abstract: Attacks on a network device, e.g. an IoT device, are detected by analyzing network traffic and subsequently quarantining or blocking the network device on the network to prevent lateral movement of malware. The techniques described herein relate to developing a baseline of network device activity corresponding with a network device during a learning period and comparing the baseline of network device activity with new network activity by the network device in order to identify potentially unusual network device activity by the network device. If unusual network activity is found, remedial actions such as quarantining the network device or restricting some access to a network may be initiated.

Abstract: Attacks on a network device, e.g. an IoT device, are detected by analyzing network traffic and subsequently quarantining or blocking the network device on the network to prevent lateral movement of malware. The techniques described herein relate to developing a baseline of network device activity corresponding with a network device during a learning period and comparing the baseline of network device activity with new network activity by the network device in order to identify potentially unusual network device activity by the network device. If unusual network activity is found, remedial actions such as quarantining the network device or restricting some access to a network may be initiated.

Abstract: The techniques described herein relate to authorizing networked devices to access protected network zones and/or network resources in a private network. In response to a first access request, a network appliance requests full compliance information from the networked device. The received compliance information is stored in a database. Subsequently, when the compliance information on the networked device changes, the network device sends updated compliance information to the network appliance. The network appliance reevaluates the compliance state of the networked device based on the updated compliance information and the compliance information stored in the database.

Abstract: Attacks on a network device, e.g. an IoT device, are detected by analyzing network traffic and subsequently quarantining or blocking the network device on the network to prevent lateral movement of malware. The techniques described herein relate to developing a baseline of network device activity corresponding with a network device during a learning period and comparing the baseline of network device activity with new network activity by the network device in order to identify potentially unusual network device activity by the network device. If unusual network activity is found, remedial actions such as quarantining the network device or restricting some access to a network may be initiated.

Abstract: The techniques described herein relate to authorizing networked devices to access protected network zones and/or network resources in a private network. In response to a first access request, a network appliance requests full compliance information from the networked device. The received compliance information is stored in a database. Subsequently, when the compliance information on the networked device changes, the network device sends updated compliance information to the network appliance. The network appliance reevaluates the compliance state of the networked device based on the updated compliance information and the compliance information stored in the database.

Abstract: An improved technique of identifying particular events for alerting within an ENMS involves tagging each incoming event notification as having high priority or normal priority according to a set of rules. Those event notifications tagged as having a normal priority are sent directly to a reporting database, while those tagged as having a high priority are sent directly to an alert evaluation module which is configured to generate an alert as a result of an alert evaluation operation performed on an event notification. In order to comply with reporting requirements, however, the improved technique further involves generating a copy of the event notifications tagged as high priority and sending the copies to the reporting database.

Abstract: Embodiments of the invention relate to a method for retrieving event data. The method includes receiving, by an event management device, an event query requesting event data corresponding to a filtering parameter, the filtering parameter being a non-indexed database parameter of an Internet Protocol database (IPDB). The method includes generating, by the event manager device, a Bloom filter value based upon the filtering parameter included in the event query. The method includes comparing, by the event manager device, the Bloom filter value with a Bloom filter index entry of an index file of the IPDB, the index file corresponding to the requested event data, the Bloom filter index entry indicating existence of the filtering parameter as part of the IPDB and reading, by the event manager device, the entry from the index file database when the Bloom filter value matches the Bloom filter index entry.

Abstract: A method and apparatus for local device management. A signing server can generate a local provisioning packet and send the local provisioning packet to a requesting device management server. The device management server can transfer the local provisioning packet to a wireless communication device. The wireless communication device can compare a device identifier to a unique identifier in the wireless communication device and install a bootstrap packet in the wireless communication device if the device identifier matches the unique identifier in the wireless communication device. The wireless communication device may also verify that the packet was signed by the signing server as a condition on installing the bootstrap packet.

Abstract: A method and system for protecting information in an electronic device (100) is provided. The method includes calculating a MAC value (112) of a meta-file (110). The meta-file comprises file information of at least one file (108) in the electronic device. The method further includes tagging the meta-file with an identifier value (206). The identifier value is the same as a value stored in a secure hardware monotonic counter (204).

Abstract: A method and wireless mobile device invokes (802), under control of at least one of a plurality of applications, such as JAVA applications that run in a plurality of different execution environments, one or more common application interface (API), such as a JSR, that is common for use by the plurality of applications. The method and wireless mobile device also invoke (804) a zone permission check, in response to the invocation of the common API, that determines which execution environment a calling application is in, in response to zone identification data associated with each call in a group of calls in a call stack for the shared API. Once the environment is determined, a security permission check is invoked in a determined execution environment for the calling application to check permissions associated with the calling application.

Abstract: A client device (701) of a communication system (700) includes, for example, a processor (304) programmed to include a device management tree wherein the processor is operative to receive security policy information (1000), such as that associated with a non-server entity, such as an application on the device, for example, and updates the device management tree with the received security policy information (1002). The device management tree is then accessed in response to a security policy access request, such as from a application or other non server entity during runtime of the wireless client device (1004). As such, not only does the device management tree include external security policy subjects, such as server identities, but different internal security policy subjects are also used to configure a device management tree with suitable security policy enforcement information.

Abstract: A communication unit (101) includes a transceiver (105) for communication over a communication network (107), and a processor (103). The processor (103) can install software components, including a first software component and a second software component. Responsive to a boot, the processor (103) can verifying the first software component against a first pre-determined value corresponding to at least the first software component; and subsequent to completion of the boot, verify the second software component against a second pre-determined value corresponding to at least the second software component.