Abstract: Systems and methods for policy based agentless file transfer in zero trust private networks. Various systems and methods include receiving a request for a file transfer; determining a file transfer protocol; evaluating one or more criteria associated with the request, the criteria being associated with any of an end user and the contents of the file; and allowing or denying the file transfer based on the evaluating. Responsive to an end user's policy including a requirement for file inspection, the steps can further include sending the file to a sandbox for inspection, and receiving a result of the inspection from the sandbox.

Abstract: Systems and methods for browser fingerprinting and control for private application protection include monitoring access to one or more private applications; performing one or more compliance checks on any of the user and the browser used to access the one or more private applications; and performing one or more actions based on a result of the one or more compliance checks. These steps are performed in order to prevent users from accessing private applications via compromised or vulnerable browsers.

Abstract: Systems and methods include, responsive to security research identifying a zero-day Common Vulnerabilities and Exposure (CVE), receiving the associated signatures of the zero-day CVE; responsive to determining a user can access an application via a cloud-based system, wherein the application is in one of a public cloud, a private cloud, and an enterprise network, and wherein the user is remote over the Internet, obtaining an inspection profile for the user with the inspection profile including a plurality of rules; performing inspection of transactions after the access using the plurality of rules including a rule for identifying the zero-day CVE; and responsive to results of any of the plurality of rules, one or more of monitoring, allowing, blocking, and redirecting the access, via the cloud-based system.

Abstract: A private network includes a plurality of network security appliances participating in authenticating end users. Each network security appliance maintains a locally stored user list. A first network security appliance receives at least a portion of a non-local user list comprising second user identifier records for a second network security appliance of the plurality of network security appliances. The first network security appliance compares the local user list with the non-local user list received from the second network security appliance to identify one or more deviations. The first network security appliance merges the portion of the second user identifier records of the non-local user list corresponding with the one or more deviations with the first user identifier records of the local user list to generate an updated local user list. The first network security appliance authenticates a request to access the network using the updated local user list.

Abstract: Systems and methods include, responsive to determining a user can access an application via a cloud-based system, wherein the application is in one of a public cloud, a private cloud, and an enterprise network, and wherein the user is remote over the Internet, obtaining a predetermined inspection profile for the user with the inspection profile including a plurality of rules evaluated in an order; performing inspection of the access using the plurality of rules in the order; and responsive to results of any of the plurality of rules, one or more of monitoring, allowing, blocking, and redirecting the access, via the cloud-based system.

Abstract: A device creates a pool of available licenses for secure network resources, and receives an unused license from a network device. The device also provides the unused license in the pool of available licenses, and receives a request for a license from another network device. The device further provides, to the other network device, the unused license from the pool of available licenses.

Abstract: A device creates a pool of available licenses for secure network resources, and receives an unused license from a network device. The device also provides the unused license in the pool of available licenses, and receives a request for a license from another network device. The device further provides, to the other network device, the unused license from the pool of available licenses.

Abstract: A mobile phone filters phone calls based on priority. The mobile phone determines a call priority of an incoming phone call based on the caller's telephone number. The mobile phone also determines a threshold priority for the current time period based on a priority schedule. The mobile phone compares the call priority with the threshold priority to determine whether to block the incoming call. If the mobile phone blocks the incoming phone call, it may transmit a message to the caller suggesting a time for the caller to make the phone call again.

Abstract: A mobile phone filters phone calls based on priority. The mobile phone determines a call priority of an incoming phone call based on the caller's telephone number. The mobile phone also determines a threshold priority for the current time period based on a priority schedule. The mobile phone compares the call priority with the threshold priority to determine whether to block the incoming call. If the mobile phone blocks the incoming phone call, it may transmit a message to the caller suggesting a time for the caller to make the phone call again.