Abstract: Disclosed are systems, methods, and computer-readable storage media for automatic firewall configuration based on aggregated cloud managed information. A cloud management device can determine, based on security event data received from a first set of client computing environments, that a security attack detected on at least one client computing environment from the first set of client computing environments is likely to occur on other client computing environments. In response to determining that the security attack detected on at least one client computing environment from the first set of client computing environments is likely to occur on other client computing environments, the cloud management device can identify a second set of client computing environments to protect from the security attack. For each client computing environment from the second set of client computing environments, the cloud management device can configure firewall settings to protect from the security attack.

Abstract: Disclosed are systems, methods, and computer-readable storage media for recommending configurations for a client networking environment based on aggregated cloud managed information. A cloud network management device can receive a first set of infrastructure specifications describing a first client networking environment. The cloud network management device can determine a set of recommended configurations for the first client networking environment based on the first set of infrastructure specifications and configurations for one or more client networking environments determined to be similar to the first client networking environment. The cloud network management device can provide the set of recommended configurations to a client device associated with the first client networking environment.

Abstract: Disclosed are systems, methods, and computer-readable storage media for automatic security list offload with exponential timeout. A second layer of a firewall can determine that a first data, that previously passed through a first layer of the firewall, should be blocked. The second layer of the firewall can utilize more resources than the first layer of the firewall to determine whether to block a data packet. In response, a first rule can be applied at the first layer of the firewall to block data packets received from a source of the first data packet. Accordingly, a second data packet received from the source of the first data packet will be blocked at the first layer of the firewall based on the first rule.

Abstract: Disclosed are systems, methods, and computer-readable storage media for recommending configurations for a client networking environment based on aggregated cloud managed information. A cloud network management device can receive a first set of infrastructure specifications describing a first client networking environment. The cloud network management device can determine a set of recommended configurations for the first client networking environment based on the first set of infrastructure specifications and configurations for one or more client networking environments determined to be similar to the first client networking environment. The cloud network management device can provide the set of recommended configurations to a client device associated with the first client networking environment.

Abstract: Disclosed are systems, methods, and computer-readable storage media for automatic firewall configuration based on aggregated cloud managed information. A cloud management device can determine, based on security event data received from a first set of client computing environments, that a security attack detected on at least one client computing environment from the first set of client computing environments is likely to occur on other client computing environments. In response to determining that the security attack detected on at least one client computing environment from the first set of client computing environments is likely to occur on other client computing environments, the cloud management device can identify a second set of client computing environments to protect from the security attack. For each client computing environment from the second set of client computing environments, the cloud management device can configure firewall settings to protect from the security attack.

Abstract: Disclosed are systems, methods, and computer-readable storage media for automatic security list offload with exponential timeout. A second layer of a firewall can determine that a first data, that previously passed through a first layer of the firewall, should be blocked. The second layer of the firewall can utilize more resources than the first layer of the firewall to determine whether to block a data packet. In response, a first rule can be applied at the first layer of the firewall to block data packets received from a source of the first data packet. Accordingly, a second data packet received from the source of the first data packet will be blocked at the first layer of the firewall based on the first rule.