Abstract: A technique for microsegmentation includes receiving information related to hosts and applications operating in a network where the information was obtained based on a survey of the network; identifying a plurality of microsegments utilizing the information, each microsegment includes a set of hosts similar to one another; for each of the plurality of microsegments, identifying security policies that control access to hosts in each microsegment; and providing the plurality of microsegments and corresponding security policies for approval thereof.

Abstract: Systems and methods for sensor position measurements are provided. Aspects include receiving, through a first signal path, a first secondary signal from a first sensor and a built in test (BIT) signal, wherein the first signal path comprises a first multiplexer connected to a first filter, receiving, through a second signal path, a second secondary signal from the first sensor and the BIT signal, wherein the second signal path comprises a second multiplexer connected to a second filter, wherein the first signal path and the second signal path are connected to a third multiplexer, wherein the third multiplexer is connected to a first analog to digital converter (ADC), receiving, by a controller, an output signal from an output of the first ADC, and determining, by the controller, a position measurement for the first sensor based on the first secondary signal, the second secondary signal, and the BIT signal.

Abstract: A system validates the establishment and/or continuation of a connection between two applications over a network. The system uses network application security rules to allow or disallow connections between the two applications. Those rules include definitions of the source and destination applications to which the rules apply. The system automatically updates the application definitions over time to encompass new versions of the applications covered by the security rules, but without encompassing other applications. The system is then capable of applying the updated rules both to the original applications and to the updated versions of those applications. This process enables the security rules to maintain security over time in a way that is consistent with the original intent of the rules even as applications on the network evolve.

Abstract: Disclosed is a method for developing a model to classify data. The method involves receiving plural data points, grouping each data point into one or more groups via a clustering algorithm, assigning each data point an index based one or more groups into which each data point is grouped, and classifying all indexed-data points of a group and labelling the classified indexed-data points of the group with the same label. Also disclosed is a method for classifying data. The method involves receiving incoming data points, comparing the incoming data points to a corpus of labelled data points, the corpus of labelled data points including data points that have been grouped via a clustering algorithm and labelled with a same label, and labeling an incoming data point with a label based on a match between the incoming data point and a labelled data pack.

Abstract: Systems and methods for sensor position measurements are provided. Aspects include receiving, through a first signal path, a first secondary signal from a first sensor and a built in test (BIT) signal, wherein the first signal path comprises a first multiplexer connected to a first filter, receiving, through a second signal path, a second secondary signal from the first sensor and the BIT signal, wherein the second signal path comprises a second multiplexer connected to a second filter, wherein the first signal path and the second signal path are connected to a third multiplexer, wherein the third multiplexer is connected to a first analog to digital converter (ADC), receiving, by a controller, an output signal from an output of the first ADC, and determining, by the controller, a position measurement for the first sensor based on the first secondary signal, the second secondary signal, and the BIT signal.

Abstract: A technique for microsegmentation includes receiving information related to hosts and applications operating in a network where the information was obtained based on a survey of the network; identifying a plurality of microsegments utilizing the information, each microsegment includes a set of hosts similar to one another; for each of the plurality of microsegments, identifying security policies that control access to hosts in each microsegment; and providing the plurality of microsegments and corresponding security policies for approval thereof.

Abstract: A technique for microsegmentation includes receiving information related to hosts and applications operating in a network where the information was obtained based on a survey of the network; identifying a plurality of microsegments utilizing the information, each microsegment includes a set of hosts similar to one another; for each of the plurality of microsegments, identifying security policies that control access to hosts in each microsegment; and providing the plurality of microsegments and corresponding security policies for approval thereof.

Abstract: A computer system automatically tests a network communication model by predicting whether particular traffic (whether actual or simulated) should be allowed on the network, and then estimating the accuracy of the network communication model based on the prediction. Such an estimate may be generated even before the model has been applied to traffic on the network. For example, steps can include observing positive data associated with a network; generating a network communication model based on the positive data; generating negative data based on the network communication model; calculating a precision of the network communication model based on the network communication model and the negative data; and calculating an accuracy of the network communication model based on one or more of the precision of the network communication model, or the network communication model and the positive data.

Abstract: A computer system automatically learns which application behavior constitutes “multi-use” behavior by observing the behavior of applications on a network. The system uses this learned knowledge to automatically identify multi-use behavior in new applications that appear on the network. When the system enforces security policies against applications on the network, it identifies whether particular behavior of such applications violates any of the security policies. In this way, the system adapts automatically to new behavior of applications on the network over time in order to increase network security.

Abstract: Embodiments of the present invention generate network communication policies by applying machine learning to existing network communications, and without using information that labels such communications as healthy or unhealthy. The resulting policies may be used to validate communication between applications (or services) over a network.

Abstract: A computer system automatically tests a network communication model by predicting whether particular traffic (whether actual or simulated) should be allowed on the network, and then estimating the accuracy of the network communication model based on the prediction. Such an estimate may be generated even before the model has been applied to traffic on the network. For example, the model may be generated based on a first set of network traffic. The accuracy of the model may then be estimated based on a second set of network traffic. This allows the accuracy of the model to be estimated without first waiting to apply the model to actual network traffic, thereby reducing the risk associated with applying the model before its accuracy is known.

Abstract: Embodiments of the present invention generate network communication policies by applying machine learning to existing network communications, and without using information that labels such communications as healthy or unhealthy. The resulting policies may be used to validate communication between applications (or services) over a network.

Abstract: A system validates the establishment and/or continuation of a connection between two applications over a network. The system uses network application security rules to allow or disallow connections between the two applications. Those rules include definitions of the source and destination applications to which the rules apply. The system automatically updates the application definitions over time to encompass new versions of the applications covered by the security rules, but without encompassing other applications. The system is then capable of applying the updated rules both to the original applications and to the updated versions of those applications. This process enables the security rules to maintain security over time in a way that is consistent with the original intent of the rules even as applications on the network evolve.

Abstract: Embodiments of the present invention generate network communication policies by applying machine learning to existing network communications, and without using information that labels such communications as healthy or unhealthy. The resulting policies may be used to validate communication between applications (or services) over a network.

Abstract: Systems and methods include obtaining network communication information about hosts in a network and applications executed on the hosts; automatically generating one or more microsegments in the network based on analysis of the obtained network communication information, wherein each microsegment of the one or more microsegments is a grouping of resources including the hosts and the applications executed on the hosts that have rules for network communication; automatically generating a meaningful name for the one or more microsegments based on a plurality of techniques applied to information associated with the hosts; and displaying the automatically generated one or more microsegments and the corresponding automatically generated meaningful name.

Abstract: A system validates the establishment and/or continuation of a connection between two applications over a network. The system uses network application security rules to allow or disallow connections between the two applications. Those rules include definitions of the source and destination applications to which the rules apply. The system automatically updates the application definitions over time to encompass new versions of the applications covered by the security rules, but without encompassing other applications. The system is then capable of applying the updated rules both to the original applications and to the updated versions of those applications. This process enables the security rules to maintain security over time in a way that is consistent with the original intent of the rules even as applications on the network evolve.

Abstract: System and methods for partial RMS calculation of overcurrent in VDT driver circuits are provided. Aspects include sampling, by an FPGA, a set of current values from a sense resistor, wherein the sense resistor is coupled between a driver circuit and a VDT, determining, by the FPGA, an overcurrent event in the driver circuit based on the set of current values, wherein determining the overcurrent event in the driver circuit based on the set of current values includes trimming each current value to create a trimmed current value for each current value, calculating a square value for each trimmed current value and storing the square value in a buffer, calculating a mean for the square values, and determining the overcurrent event based on the mean being outside a predefined range of means, and disabling the driver circuit based on the determination of the overcurrent event.

Abstract: Systems and methods include obtaining network communication information about hosts in a network and applications executed on the hosts; automatically generating one or more microsegments in the network based on analysis of the obtained network communication information, wherein each microsegment of the one or more microsegments is a grouping of resources including the hosts and the applications executed on the hosts that have rules for network communication; automatically generating a meaningful name for the one or more microsegments based on a plurality of techniques applied to information associated with the hosts; and displaying the automatically generated one or more microsegments and the corresponding automatically generated meaningful name.

Abstract: A technique for microsegmentation includes receiving information related to hosts and applications operating in a network where the information was obtained based on a survey of the network; identifying a plurality of microsegments utilizing the information, each microsegment includes a set of hosts similar to one another; for each of the plurality of microsegments, identifying security policies that control access to hosts in each microsegment; and providing the plurality of microsegments and corresponding security policies for approval thereof.

Abstract: A computer system automatically generates a proposal for network application security policies to be applied on a telecommunications network. The system provides output representing the proposed network application security policies to a user. The user provides input either approving or disapproving of the network application security policies. If the user approves, then the system applies the of the proposed microsegmentation. This process may be repeated for a plurality of hosts and subsets thereof within the same network, and may be repeated over time to modify one or more existing network application security policies. The network application security policies govern inbound and outbound connections to the hosts in the network.