Abstract: Network traffic in a cloud computing system is monitored in response to a request to capture network traffic of a tenant port of a first virtual machine (VM) executing in the cloud computing system, wherein the first VM is associated with a first tenant organization different from a second organization managing the cloud computing system. A decapsulating VM having a first network interface and a second network interface is instantiated, wherein the decapsulating VM is inaccessible to the first tenant organization. An encapsulated port mirroring session from the tenant port of the first VM to the first network interface of the decapsulating VM is then established. A plurality of packets comprising captured network traffic received via the encapsulated port mirroring session are decapsulated, and the captured network traffic is forwarded via the second network interface of the decapsulating VM to a sniffer VM.

Abstract: Implementations of the present disclosure involve a system and/or method for identifying and mitigating malicious network threats. Network data associated is retrieved from various sources across a network and analyzed to identify a malicious network threat.

Abstract: Network traffic in a cloud computing system is monitored in response to a request to capture network traffic of a tenant port of a first virtual machine (VM) executing in the cloud computing system, wherein the first VM is associated with a first tenant organization different from a second organization managing the cloud computing system. A decapsulating VM having a first network interface and a second network interface is instantiated, wherein the decapsulating VM is inaccessible to the first tenant organization. An encapsulated port mirroring session from the tenant port of the first VM to the first network interface of the decapsulating VM is then established. A plurality of packets comprising captured network traffic received via the encapsulated port mirroring session are decapsulated, and the captured network traffic is forwarded via the second network interface of the decapsulating VM to a sniffer VM.

Abstract: Network traffic in a cloud computing system is monitored in response to a request to capture network traffic of a tenant port of a first virtual machine (VM) executing in the cloud computing system, wherein the first VM is associated with a first tenant organization different from a second organization managing the cloud computing system. A decapsulating VM having a first network interface and a second network interface is instantiated, wherein the decapsulating VM is inaccessible to the first tenant organization. An encapsulated port mirroring session from the tenant port of the first VM to the first network interface of the decapsulating VM is then established. A plurality of packets comprising captured network traffic received via the encapsulated port mirroring session are decapsulated, and the captured network traffic is forwarded via the second network interface of the decapsulating VM to a sniffer VM.

Abstract: A method and a system map a geographic location to a network address. At least one automated process is performed to identify a geographic location for the network address. A determination is made whether the automated process provided satisfactory geographic location information for the network address. If the automated process did not provided satisfactory geographic location information for the network address, then the network address is forwarded for manual resolution.

Abstract: Network traffic in a cloud computing system is monitored in response to a request to capture network traffic of a tenant port of a first virtual machine (VM) executing in the cloud computing system, wherein the first VM is associated with a first tenant organization different from a second organization managing the cloud computing system. A decapsulating VM having a first network interface and a second network interface is instantiated, wherein the decapsulating VM is inaccessible to the first tenant organization. An encapsulated port mirroring session from the tenant port of the first VM to the first network interface of the decapsulating VM is then established. A plurality of packets comprising captured network traffic received via the encapsulated port mirroring session are decapsulated, and the captured network traffic is forwarded via the second network interface of the decapsulating VM to a sniffer VM.

Abstract: A method and a system map a geographic location to a network address. At least one automated process is performed to identify a geographic location for the network address. A determination is made whether the automated process provided satisfactory geographic location information for the network address. If the automated process did not provided satisfactory geographic location information for the network address, then the network address is forwarded for manual resolution.

Abstract: A method and a system map a geographic location to a network address. At least one automated process is performed to identify a geographic location for the network address. A determination is made whether the automated process provided satisfactory geographic location information for the network address. If the automated process did not provided satisfactory geographic location information for the network address, then the network address is forwarded for manual resolution.

Abstract: A method and a system perform geolocation activities relating to a network address. A database of network addresses, and associated geographic locations, is maintained. A query, including a network address, is received against the database for a geographic location associated with the network address. Information, concerning the query received against the database, is logged. Geolocation activities relating to at least the network address are modified based on the logged information.

Abstract: A traffic inspection and filtering system (100) monitors traffic across a protected interface. In the case of monitoring incoming traffic, the incoming packets (102) are directed via a mandatory path (104) to a packet capture process (106) associated with a kernel (110) of an operating system. The packets are then stored in shared memory (112) of the kernel (112) for access by a user space application (108) that makes a filtering decision without requiring copying of the packet to user space and back.

Abstract: A method and the system perform geolocation activities relating to a network address. A query, including a network address, is received from an external entity at a geolocation system. Responsive to receipt of the query, geolocation activities are initiated at the geolocation system to map the network address to a geographic location.

Abstract: A method and a system perform geolocation activities relating to a network address. A database of network addresses, and associated geographic locations, is maintained. A query, including a network address, is received against the database for a geographic location associated with the network address. Information, concerning the query received against the database, is logged. Geolocation activities relating to at least the network address are modified based on the logged information.

Abstract: A method and a system map a geographic location to a network address. At least one automated process is performed to identify a geographic location for the network address. A determination is made whether the automated process provided satisfactory geographic location information for the network address. If the automated process did not provided satisfactory geographic location information for the network address, then the network address is forwarded for manual resolution.

Abstract: A method and a system perform geolocation activities relating to a network address. A database of network addresses, and associated geographic locations, is maintained. A query, including a network address, is received against the database for a geographic location associated with the network address. Information, concerning the query received against the database, is logged. Geolocation activities relating to at least the network address are modified based on the logged information.

Abstract: A method and a system perform geolocation activities relating to a network address. A database of network addresses, and associated geographic locations, is maintained. A query, including a network address, is received against the database for a geographic location associated with the network address. Information, concerning the query received against the database, is logged. Geolocation activities relating to at least the network address are modified based on the logged information.

Abstract: A method and the system perform geolocation activities relating to a network address. A query, including a network address, is received from an external entity at a geolocation system. Responsive to receipt of the query, geolocation activities are initiated at the geolocation system to map the network address to a geographic location.

Abstract: A method and an apparatus operates to associate a geographic location associated with a network address. At least one data collection operation is performed to obtain information pertaining to a network address. The retrieved information is processed to identify a plurality of geographic locations potentially associated with the network address, and to attach a confidence factor to each of the plurality of geographic locations. An estimated geographic location is selected from the plurality of geographic locations as being a best estimate of a true geographic location of the network address, where the selection of the estimated geographic location is based upon a degree of confidence-factor weighted agreement within the plurality of geographic locations.

Abstract: A method and an apparatus operates to associate a geographic location associated with a network address. At least one data collection operation is performed to obtain information pertaining to a network address. The retrieved information is processed to identify a plurality of geographic locations potentially associated with the network address, and to attach a confidence factor to each of the plurality of geographic locations. An estimated geographic location is selected from the plurality of geographic locations as being a best estimate of a true geographic location of the network address, where the selection of the estimated geographic location is based upon a degree of confidence-factor weighted agreement within the plurality of geographic locations.