Abstract: Example firewalls disclosed herein populate a first dynamic object of a firewall rule with first information to identify a first updateable set of devices that satisfy a first one of a plurality of conditions associated with the firewall rule, the first information based on first data obtained from an appliance that monitors communication traffic in at least a portion of a network. Disclosed example firewalls also populate a second dynamic object of the firewall rule with second information to identify a second updateable set of devices that satisfy a second one of the conditions associated with the firewall rule, the second information based on second data obtained from a data source different from the appliance. Disclosed example firewalls further apply, based on evaluation of the first dynamic object and the second dynamic object, the firewall rule to first network traffic associated with a first device in communication with the network.

Abstract: Systems, devices and methods to protect a regional network (e.g., home network) by monitoring devices connected to and attempting to connect to the regional network. Monitoring includes assessing and addressing security concerns regarding devices attempting to or available to connect to the regional network as well as monitoring configurations and activity of connected devices. Devices to monitor include: computers, Personal Digital Assistants (PDAs), laptops, tablets, home appliances, smartphones, smart televisions, and any other type of device in the logical proximity of the regional network.

Abstract: Example firewalls disclosed herein populate a first dynamic object of a firewall rule with first information to identify a first updateable set of devices that satisfy a first one of a plurality of conditions associated with the firewall rule, the first information based on first data obtained from an appliance that monitors communication traffic in at least a portion of a network. Disclosed example firewalls also populate a second dynamic object of the firewall rule with second information to identify a second updateable set of devices that satisfy a second one of the conditions associated with the firewall rule, the second information based on second data obtained from an external data source. Disclosed example firewalls further determine, based on the first dynamic object and the second dynamic object, whether the firewall rule is to apply to first network traffic associated with a first device in communication with the network.

Abstract: Example firewalls disclosed herein populate a first dynamic object of a firewall rule with first information to identify a first updateable set of devices that satisfy a first one of a plurality of conditions associated with the firewall rule, the first information based on first data obtained from an appliance that monitors communication traffic in at least a portion of a network. Disclosed example firewalls also populate a second dynamic object of the firewall rule with second information to identify a second updateable set of devices that satisfy a second one of the conditions associated with the firewall rule, the second information based on second data obtained from an external data source. Disclosed example firewalls further determine, based on the first dynamic object and the second dynamic object, whether the firewall rule is to apply to first network traffic associated with a first device in communication with the network.

Abstract: A firewall provides improved network security by allowing the use of dynamic objects in firewall rules, where the dynamic objects evaluate to a variable set of devices. The dynamic objects may be updated from real-time data sources and non-real time inventories of data. Dynamic objects may be used for either or both of source and destination in a firewall rule. Where the dynamic object includes non-real time data, the dynamic object may be synchronized with the non-real time data inventory on a configurable basis. By using dynamic objects, the firewall can provide flexibility in the rules to allow control over user-owned and controlled devices.

Abstract: A method is provided in one example embodiment and includes receiving information for network traffic in a wireless network; correlating the information with a subscriber of a plurality of subscribers; and generating a behavior profile for the subscriber based on the information over a period of time.

Abstract: A firewall provides improved network security by allowing the use of dynamic objects in firewall rules, where the dynamic objects evaluate to a variable set of devices. The dynamic objects may be updated from real-time data sources and non-real time inventories of data. Dynamic objects may be used for either or both of source and destination in a firewall rule. Where the dynamic object includes non-real time data, the dynamic object may be synchronized with the non-real time data inventory on a configurable basis. By using dynamic objects, the firewall can provide flexibility in the rules to allow control over user-owned and controlled devices.

Abstract: Systems, devices and methods to protect a regional network (e.g., home network) by monitoring devices connected to and attempting to connect to the regional network. Monitoring includes assessing and addressing security concerns regarding devices attempting to or available to connect to the regional network as well as monitoring configurations and activity of connected devices. Devices to monitor include: computers, Personal Digital Assistants (PDAs), laptops, tablets, home appliances, smartphones, smart televisions, and any other type of device in the logical proximity of the regional network.

Abstract: A method is provided in one example embodiment and includes receiving a subscriber accounting start packet for a subscriber device in a mobile network environment. The method also includes extracting, from the subscriber accounting start packet, subscriber device information and a network address of the subscriber device. The method further includes mapping the network address to the subscriber device information, and then correlating the subscriber device information and a security event when the security event is detected in subscriber data network traffic associated with the subscriber device. In a specific embodiment, the subscriber device information includes at least one of an International Mobile Equipment Identity (IMEI), an International Mobile Subscriber Identity (IMSI), a Mobile Station International Subscriber Directory Number (MSISDN), and an access point name (APN).

Abstract: A method is provided in one example embodiment and includes receiving information for network traffic in a wireless network; correlating the information with a subscriber of a plurality of subscribers; and generating a behavior profile for the subscriber based on the information over a period of time.

Abstract: Systems and methods for management of security events and their related forensic context are disclosed. Network forensics involves monitoring and analyzing data flows in a network to assist security analysts to review, analyze and remove a security threat. Security threats in a network environment are generally detected by one or more devices on the network. If a security threat is determined to be severe or significant enough, a security event corresponding to the security threat is often created and stored in the system. To assist in future review and analysis of security threats, timely and relevant context information about network security events may be obtained and stored along with each security event. The forensic context may be accessible to security administrators viewing the security events to provide detailed information about the circumstances surrounding a security event.

Abstract: A method is provided in one example embodiment and includes receiving information for network traffic in a wireless network; correlating the information with a subscriber of a plurality of subscribers; and generating a behavior profile for the subscriber based on the information over a period of time.

Abstract: A method is provided in one example embodiment and includes receiving a subscriber accounting start packet for a subscriber device in a mobile network environment. The method also includes extracting, from the subscriber accounting start packet, subscriber device information and a network address of the subscriber device. The method further includes mapping the network address to the subscriber device information, and then correlating the subscriber device information and a security event when the security event is detected in subscriber data network traffic associated with the subscriber device. In a specific embodiment, the subscriber device information includes at least one of an International Mobile Equipment Identity (IMEI), an International Mobile Subscriber Identity (IMSI), a Mobile Station International Subscriber Directory Number (MSISDN), and an access point name (APN).