Abstract: In one implementation, a method for providing security on controllers includes detecting, by a given controller, an attempted security attack on the given controller; in response to detecting the attempted attack, entering a safe mode of operation for the given controller in which at least one process performed by the given controller is restricted such that the at least one process is performed only when a current context of the controller matches a permitted context that is associated with the given controller; in response to detecting the attempted attack, transmitting a safe mode alert to one or more other controllers; and for at least one of the one or more other controllers, in response to receiving the safe mode alert, entering a safe mode of operation for the other controller.

Abstract: In one implementation, a method for providing end-to-end communication security for a controller area network (CANbus) in an automotive vehicle across which a plurality of electronic control units (ECU) communicate is described. Such an automotive vehicle can include, for example, a car or truck with multiple different ECUs that are each configured to control various aspects of the vehicle's operation, such as an infotainment system, a navigation system, various engine control systems, and/or others.

Abstract: In one implementation, a method for automatically generating a security policy for a controller includes receiving, by a security policy generation system and from a controller development environment, code for a device controller; selecting middleware that enforces a security policy; analyzing the code for the device controller; based at least in part on the analyzing, automatically generating the security policy; and providing the selected middleware along with the generated security policy.

Abstract: A system (200) comprises a plurality of data collectors (210), a correlator (220), a context analyser (230), a baseline analyser (250), a database (260), and a graphical user interface (GUI) (270). The data collectors (210) are deployed on the services or applications that they monitor, or on the network between these applications as a network appliance, and are designed to capture messages that are passed between the various services. The data collectors (210) are non-intrusive, i.e. they do not to impact the behavior of the monitored services. The data collectors (210) can capture messages transmitted using communication protocols including, but not limited to, SOAP, XML, HTTP, JMS, MSMQ, and the like.

Abstract: A method and apparatus that uses application errors as a predictive metric for overall measuring of applications functional health are disclosed. The automated system intercepts messages exchanged between inter-services of enterprise applications, analyzes the context of those messages, and automatically derives application errors embedded in the message. Thereafter, it is capable of showing deviations from expected behavior for the purposes of predicting failures of the monitored application. Furthermore, the invention displays the user's real-time actionable data generated using the application errors.