Abstract: Provided herein are nucleic acids useful as guide nucleic acids (gNAs), e.g., guide ribonucleic acids (gRNAs), in a CRISPR system wherein the guide nucleic acids contain one or more modifications to one or more nucleotides, use of such guide nucleic acids in modifying cells, and other uses wherein CRISPR Cas proteins are utilized.

Abstract: Provided herein are nucleic acids useful as guide nucleic acids (gNAs), e.g., guide ribonucleic acids (gRNAs), in a CRISPR system wherein the guide nucleic acids contain one or more modifications to one or more nucleotides, use of such guide nucleic acids in modifying cells, and other uses wherein CRISPR Cas proteins are utilized.

Abstract: This disclosure describes systems, methods, and devices related to identification and assessment of security threats to a computer system using zero trust security. A method may include receiving, at a policy enforcement device of a computer network, first data from a first subsystem of the computer network; receiving, at the policy enforcement device, second data from a second subsystem of the computer network, the first subsystem different than the first subsystem; identifying, by the policy enforcement device, based on a comparison of at least one of the first data or the second data to a security policy, a security threat to the computer network; and causing, by the policy enforcement device, a threat intelligence device of the computer network to determine a risk of the security threat.

Abstract: Examples of the present disclosure describe systems and methods for providing security against IP spoofing. In aspects, network traffic associated with one or more data requests may be received by a device in a computing environment. The network traffic may be evaluated using one or more automated logic systems or algorithms to identify suspicious or malicious behavior. The automated logic systems or algorithms may implement one or more analyses, such as asymmetric routing analysis, hardware device analysis, user and/or network behavior analysis, etc. Upon identifying suspicious or malicious behavior, the automated logic systems or algorithms may apply a filter to one or more computing devices. For example, a filter for blocking network traffic associated with the suspicious or malicious behavior may be applied to a computing device that is in close geographic and/or logical proximity to an attacking computing device.

Abstract: Novel tools and techniques for filtering network traffic in an anycasting environment includes receiving network traffic addressed to a plurality of anycasted servers at an edge router, the plurality of anycasted servers comprising one or more anycasted servers. The network traffic is received from the edge server at least one data scrubbing appliance. The at least one data scrubbing appliance filters out undesirable traffic from the network traffic. The at least one data scrubbing appliance “on-ramps” the filtered network traffic to the plurality of anycasted servers. The filtered network traffic is transmitted to the plurality of anycasted servers in a load balanced manner.

Abstract: A method for remote triggered black hole filtering can include advertising a first modified next hop address for a destination address of network traffic, and advertising a second modified next hop address for a source address of network traffic. The first next hop address of the destination address might be overwritten with the first modified next hop address. Filtered traffic then can be forwarded to the first modified next hop address, wherein filtered traffic comprises only network traffic addressed to the destination address or from the source address. In some cases, the filtered traffic is transported and received via a sinkhole tunnel. A second next hop address of the source address can be overwritten to a second modified next hop address. The attack traffic, which can be filtered traffic that is both addressed to the destination address and from the source address, might be forwarded to a discard interface.

Abstract: A method for remote triggered black hole filtering can include advertising a first modified next hop address for a destination address of network traffic, and advertising a second modified next hop address for a source address of network traffic. The first next hop address of the destination address might be overwritten with the first modified next hop address. Filtered traffic then can be forwarded to the first modified next hop address, wherein filtered traffic comprises only network traffic addressed to the destination address or from the source address. In some cases, the filtered traffic is transported and received via a sinkhole tunnel. A second next hop address of the source address can be overwritten to a second modified next hop address. The attack traffic, which can be filtered traffic that is both addressed to the destination address and from the source address, might be forwarded to a discard interface.

Abstract: A method for remote triggered black hole filtering can include advertising a first modified next hop address for a destination address of network traffic, and advertising a second modified next hop address for a source address of network traffic. The first next hop address of the destination address might be overwritten with the first modified next hop address. Filtered traffic then can be forwarded to the first modified next hop address, wherein filtered traffic comprises only network traffic addressed to the destination address or from the source address. In some cases, the filtered traffic is transported and received via a sinkhole tunnel. A second next hop address of the source address can be overwritten to a second modified next hop address. The attack traffic, which can be filtered traffic that is both addressed to the destination address and from the source address, might be forwarded to a discard interface.

Abstract: Novel tools and techniques for filtering network traffic in an anycasting environment includes receiving network traffic addressed to a plurality of anycasted servers at an edge router, the plurality of anycasted servers comprising one or more anycasted servers. The network traffic is received from the edge server at least one data scrubbing appliance. The at least one data scrubbing appliance filters out undesirable traffic from the network traffic. The at least one data scrubbing appliance “on-ramps” the filtered network traffic to the plurality of anycasted servers. The filtered network traffic is transmitted to the plurality of anycasted servers in a load balanced manner.

Abstract: Novel tools and techniques for filtering network traffic in an anycasting environment includes receiving network traffic addressed to a plurality of anycasted servers at an edge router, the plurality of anycasted servers comprising one or more anycasted servers. The network traffic is received from the edge server at least one data scrubbing appliance. The at least one data scrubbing appliance filters out undesirable traffic from the network traffic. The at least one data scrubbing appliance “on-ramps” the filtered network traffic to the plurality of anycasted servers. The filtered network traffic is transmitted to the plurality of anycasted servers in a load balanced manner.

Abstract: A method for remote triggered black hole filtering can include advertising a first modified next hop address for a destination address of network traffic, and advertising a second modified next hop address for a source address of network traffic. The first next hop address of the destination address might be overwritten with the first modified next hop address. Filtered traffic then can be forwarded to the first modified next hop address, wherein filtered traffic comprises only network traffic addressed to the destination address or from the source address. In some cases, the filtered traffic is transported and received via a sinkhole tunnel. A second next hop address of the source address can be overwritten to a second modified next hop address. The attack traffic, which can be filtered traffic that is both addressed to the destination address and from the source address, might be forwarded to a discard interface.