Abstract: A system and method for inspecting encrypted disks for a cybersecurity object using a custom key are disclosed. The method includes detecting an encrypted disk in a cloud computing environment, the cloud computing environment including a security policy service; authorizing a key policy on the security policy service for a custom key of an inspector account, wherein the key policy is a policy authorized to decrypt the encrypted disk; generating a second encrypted disk based on the encrypted disk; inspecting the second encrypted disk for a cybersecurity object with the custom key; and releasing a resource allocated to the second encrypted disk in response to completing the inspection.

Abstract: A system and method for inspecting encrypted disks for a cybersecurity object using a custom key are disclosed. The method includes detecting an encrypted disk in a cloud computing environment, the cloud computing environment including a security policy service; authorizing a key policy on the security policy service for a custom key of an inspector account, wherein the key policy is a policy authorized to decrypt the encrypted disk; generating a second encrypted disk based on the encrypted disk; inspecting the second encrypted disk for a cybersecurity object with the custom key; and releasing a resource allocated to the second encrypted disk in response to completing the inspection.

Abstract: Distributed techniques for detecting atypical or malicious wireless communications activity are disclosed. A server can iteratively generate sets of filters based at least in part upon observation data received from one or more Protects. The filters can be used by the Protect(s) to distinguish between sniffed wireless messages that are to be discarded and those that are to be reported to the server. The server can provide the generated sets of filters to the Protect(s) to cause the Protect(s) to process additional sniffed wireless messages utilizing the one or more sets of filters. Updated filters can cause fewer subsequent sniffed wireless messages to be reported than would have been reported by use of previous filters. Limited activity reporting by the Protect(s) enables a reduced communication load compared to full activity reporting without degrading the ability of the server to detect the atypical or malicious wireless communications activity.

Abstract: Distributed techniques for detecting atypical or malicious wireless communications activity are disclosed. A server can iteratively generate sets of filters based at least in part upon observation data received from one or more Protects. The filters can be used by the Protect(s) to distinguish between sniffed wireless messages that are to be discarded and those that are to be reported to the server. The server can provide the generated sets of filters to the Protect(s) to cause the Protect(s) to process additional sniffed wireless messages utilizing the one or more sets of filters. Updated filters can cause fewer subsequent sniffed wireless messages to be reported than would have been reported by use of previous filters. Limited activity reporting by the Protect(s) enables a reduced communication load compared to full activity reporting without degrading the ability of the server to detect the atypical or malicious wireless communications activity.

Abstract: A deep packet inspection method and device, and a coprocessor. The deep packet inspection method includes receiving, by a transceiver module of the coprocessor, an original data packet sent by a general processor, and sending the original data packet to a processor core of the coprocessor; invoking, by the processor core, a sub-coprocessor of the coprocessor to perform application layer parsing on the original data packet so as to obtain an application layer parsing result; and sending, by the processor core, the parsing result to the general processor so that the general processor processes the original data packet according to the parsing result. The deep packet inspection method and device provided by the embodiments of the present disclosure reduce resource occupation of a general processor and increase a running speed.