Abstract: In one embodiment, a method includes generating a security policy and converting the security policy into a chaos hypothesis. The method also includes initiating execution of the chaos hypothesis across a plurality of microservices within a technology stack. The method further includes receiving metrics associated with the execution of the chaos hypothesis across the plurality of microservices within the technology stack.

Abstract: Disclosed herein are systems, methods, and computer-readable media for increasing security of devices that leverages an integration of an authentication system with at least one corporate service. In one aspect, a request is received from a user device to authenticate a person as a particular user by the authentication system. A photo of the person attempting to be authenticated as the particular user is captured. Nodal points are mapped to the captured photo of the person attempting to be authenticated, and the nodal points from the photo are compared against a reference model for facial recognition of the particular user. It is then determined whether the nodal points match the reference model for the particular user. The present technology also includes sending a command to the user device to send data to identify the person, and/or a location of the user device.

Abstract: A method to achieve fast session transfer between radio access technologies. The method includes monitoring radio performance between an access point of a wireless local area network and a user equipment in a wireless local area network, and in response to detecting that the radio performance is below a predetermined threshold, the access point signaling the user equipment to scan for and access a cellular radio service.

Abstract: Techniques for mitigating network failures (e.g., SLA violations, service degradations, network outages, etc.) based on output(s) from a predictive network system. The techniques may include determining that a failure is predicted to occur in a network and determining a correlation between the failure and a previous failure that occurred in the network. In examples, the correlation may be determined using a machine-learned model. The techniques may also include determining, based at least in part on the correlation, a condition contributing to the failure. In this way, prior to occurrence of the failure, a parameter associated with the network may be altered based at least in part on the condition to mitigate or otherwise prevent the failure.

Abstract: Techniques for, among other things, embedding metadata in network traffic without having to implement an overlay network. By way of example, and not limitation, the techniques described herein may include receiving an Ethernet packet at a network node and determining that a preamble of the Ethernet packet includes metadata. The metadata may, in some examples, be associated with the Ethernet packet itself, a flow that the Ethernet packet belongs to, etc. Based at least in part on the metadata, a policy decision may be made for handling the Ethernet packet, and the Ethernet packet may be handled in accordance with the policy decision.

Abstract: A method of application program interface (API) endpoint host redirection may include with an intelligent domain name system (DNS) engine (IDE) associated with a containerized service within a pod of a mesh network, snooping a DNS query from the containerized service, identifying within the DNS query, an API endpoint name, snooping a DNS response associated with the DNS query, identifying an Internet protocol (IP) address associated with the API endpoint name, transmitting the API endpoint name and the IP address to a controller, receiving, from the controller, a list of safe API endpoint hosts with no known security vulnerabilities based on security data obtained from at least one security service, caching, at the IDE, the list of safe API endpoint hosts including safe IP addresses, and transmitting to the containerized service, via the IDE, IP addresses of safe API endpoint hosts within the list of safe API endpoint hosts.

Abstract: Provided herein are techniques to facilitate multi-level performance tracing for a mobile network environment. In one instance, a method may include obtaining, by a mobile network, a trigger from an enterprise to initiate an underlay-level trace for a wireless device of the enterprise, wherein the trigger includes a correlation identifier that correlates the underlay-level trace with an enterprise-level trace for the wireless device and providing the underlay-level trace for a session of the wireless device by including a first trace flag for IP packets for the session and including a second trace flag for encapsulations of the IP packets for the session in which the first and second trace flag are unique to the session of the wireless device and enable elements of the mobile network to provide underlay trace information for the underlay-level trace for the session of the wireless device to a trace.

Abstract: Techniques are described herein for managing access to remotely accessed software applications. In embodiments, such techniques may be performed by a service provider platform for software applications capable of being accessed by computing devices. The techniques may involve determining (e.g., based on a software bill of materials) components associated with the software applications, identifying a number of current security threats, and determining, based on the components and current security threats, a risk score associated with each of the software applications. The service provider platform may receive an indication of a level of risk for each of the computing devices in the organization, generate, based on the risk score associated with the software applications and the level of risk for each of the computing devices, policy data for each of the computing devices, and provide the policy data to at least one second computing device.

Abstract: Technologies for testing resiliency of a data network with real-world accuracy without affecting the flow of production data through the network. A method according to the technologies may include receiving a production data packet and determining a preferred data route toward a destination node for the production data packet based on a first routing information base, wherein the first routing information base includes a database where routes and route metadata are stored according to a routing protocol. The method may also include, receiving a test data packet, and determining an alternate data route toward the destination node for the test data packet based on a second routing information base, wherein the second routing information base simulates an error in the preferred data route. The method may include sending the production data packet to the preferred data route and sending the test data packet to the alternate data route.

Abstract: A method is provided that is performed using an application performance management agent running on an application and/or application microservices. The method comprises detecting a request to the application and/or application microservices for data, and inserting data compliance metadata into packet headers of packets that are to be sent in response to the request by the application and/or application microservices. The data compliance metadata comprises data-compliance markings associated with the data based on user/operator-defined data compliance requirements. The method further includes causing the packets to be sent into a network so that one or more network devices or services in the network can read the data compliance metadata and apply packet handling policies.

Abstract: Techniques are described for classification-based data security management. The classification-based data security management can include utilizing device and/or data attributes to identify security modes for communication of data stored in a source device. The security modes can be identified based on a hybrid-encryption negotiation. The attributes can include a device resource availability value, an access trust score, a data confidentiality score, a geo-coordinates value, and/or a date/time value. The security modes can include a hybrid-encryption mode. The source device can utilize the hybrid-encryption mode to transmit the data, via one or more network nodes, such as an edge node, to one or more service nodes.

Abstract: This disclosure describes techniques for validating a network device based on an operational context of the network device. The techniques may include receiving, via an intercepting node, a DNS query from a querying device. The techniques may include extracting the metadata from the DNS query. Based at least in part on verifying a signature of the metadata, the techniques may include extracting a location code from the metadata. Based at least in part on comparing the location code to an expected location of the intercepting node, the techniques may include sending a response to the querying device indicating a contextual validation of the querying device.

Abstract: Techniques are described herein for dynamic service extension to provide risk mitigation upon detecting a threat. In embodiments, such techniques may be performed by a service provider platform and may comprise receiving information about a security threat, identifying one or more components susceptible to the security threat, determining, based on a software bill of materials, at least one data flow that includes a point of delivery (pod) associated with the one or more components, identifying at least one additional service determined to mitigate the security threat, and implementing the at least one additional service in relation to the at least one data flow.

Abstract: The present technology includes applying a security policy by an application security system to a transaction within an application that is monitored by the application security system. The present technology includes monitoring transaction occurring between a client device an application over a network. The present technology also includes identifying a first transaction from the transactions as a sensitive transaction. The sensitive transaction is associated with an authentication policy requiring an authentication. The present technology also includes interrupting the application. The present technology also includes prompting the client device for the authentication.

Abstract: Techniques are described for providing secure audio calls between a calling party and a receiving party. Upon receiving a call request from a call initiating party, a notification is sent to the intended call recipient. The call recipient can send a request for a secure call. Upon receiving the request for a secure call, a bi-directional multifactor authentication is performed to authenticate the identity of both the call initiating party and the call receiving party. In response to successfully authenticating both parties, a secure call between the parties is established. One or more secure key tokens or other metadata can be embedded in the call to ensure security of the call.

Abstract: According to one or more embodiments of the disclosure, a service identifies a packet sent by a first device in a network to a second device as being of a particular protocol. The service identifies a control command within the packet for the second device, based in part on the particular protocol identified for the packet. The service determines, based on the control command within the packet, a quality of service policy for the packet. The service causes the quality of service policy to be applied to the packet along a path in the network via which the packet is sent from the first device to the second device.

Abstract: A connection request is received from a user device associated with a user. The connection request includes an identifier associated with a profile associated with the user, the profile being a static profile or a dynamic profile. An observability profile associated with the user is identified based on the profile when the profile is a static profile and based on a current traffic profile associated with the user device when the profile is a dynamic profile. Measurements associated with a data session are executed for the user device based on the observability profile and one or more configurations are adjusted in a network to improve performance of the data session based on the measurements.

Abstract: The present technology includes applying a security policy by an application security system to a transaction within an application that is monitored by the application security system. The present technology includes monitoring transaction occurring between a client device an application over a network. The present technology also includes identifying a first transaction from the transactions as a sensitive transaction. The sensitive transaction is associated with an authentication policy requiring an authentication. The present technology also includes interrupting the application. The present technology also includes prompting the client device for the authentication.

Abstract: Disclosed herein are systems, methods, and computer-readable media for increasing security of devices that leverages an integration of an authentication system with at least one corporate service. In one aspect, a request is received from a user device to authenticate a person as a particular user by the authentication system. A photo of the person attempting to be authenticated as the particular user is captured. Nodal points are mapped to the captured photo of the person attempting to be authenticated, and the nodal points from the photo are compared against a reference model for facial recognition of the particular user. It is then determined whether the nodal points match the reference model for the particular user. The present technology also includes sending a command to the user device to send data to identify the person, and/or a location of the user device.

Abstract: A method is provided that is performed using an application performance management agent running on an application and/or application microservices. The method comprises detecting a request to the application and/or application microservices for data, and inserting data compliance metadata into packet headers of packets that are to be sent in response to the request by the application and/or application microservices. The data compliance metadata comprises data-compliance markings associated with the data based on user/operator-defined data compliance requirements. The method further includes causing the packets to be sent into a network so that one or more network devices or services in the network can read the data compliance metadata and apply packet handling policies.