Abstract: According to another embodiment, a system includes a processing circuit and logic integrated with and/or executable by the processing circuit. The logic is configured to cause the processing circuit to receive, at a first host on which an application instance is operating, an application or data security policy for a first data socket descriptor indicating to perform one or more actions including to mirror one or more payloads received or transmitted by the first data socket descriptor of the application instance. The logic is also configured to cause the processing circuit to perform, by the first host, at least one action selected from a group of actions in response to the indication by the application and data security policy to perform the one or more actions, the group of actions including allow-and-analyze, drop-and-analyze, and mirror.

Abstract: In one embodiment, a system includes a sender host having a processing circuit and logic integrated with and/or executable by the processing circuit. The logic is configured to cause the processing circuit to select a plurality of base parameters commonly identifiable by a sender host and a receiver host and determine at least one external event that triggers a change in selection of the plurality of base parameters to a plurality of changed parameters. The logic also causes the processing circuit to generate a unique security key using the plurality of base parameters in response to a determination that the at least one external event has not occurred, generate the unique security key using the plurality of changed parameters in response to a determination that the at least one external event has occurred, and send, by the sender host, a message including the unique security key to the receiver host.

Abstract: In one embodiment, a system includes a processing circuit and logic integrated with and/or executable by the processing circuit. The logic causes the processing circuit to monitor a plurality of application instances operating on a first host. The logic also causes the processing circuit to detect that a first application thread has been called by a first application instance operating on the first host and determine whether the first application thread is registered to be called by the first application instance on the first host by consulting a registration index. Moreover, the logic causes the processing circuit to quarantine the first application thread in response to a determination that the first application thread is not registered to be called by the first application instance on the first host.

Abstract: In one embodiment, a system includes a processing circuit and logic integrated with and/or executable by the processing circuit. The logic is configured to cause the processing circuit to maintain application and data security policies at a data socket descriptor level. The logic is also configured to cause the processing circuit to manage behavior and security of data socket descriptors used by application instances executed on virtual and/or physical compute platforms. According to another embodiment, a method includes maintaining application and data security policies at a data socket descriptor level and managing behavior and security of data socket descriptors used by application instances executed on virtual and/or physical compute platforms.

Abstract: In one embodiment, a system includes a processing circuit and logic integrated with and/or executable by the processing circuit. The logic is configured to cause the processing circuit to collect all data socket descriptor databases from individual servers operating in a data center, each data socket descriptor database storing attributes of a base socket and one or more data socket descriptors used by an application or application instance operating on an individual server. The logic is also configured to cause the processing circuit to store data from the data socket descriptor databases for all applications and application instances operating in the data center in a central data socket descriptor database, the central data socket descriptor database being configured to store attributes of all data socket descriptors used by all applications or application instances operating in the data center.

Abstract: According to one embodiment, a system includes a processing circuit and logic integrated with and/or executable by the processing circuit. The logic is configured to cause the processing circuit to determine, by an application operating on a first host in a network, one or more security features and/or capabilities available to the application for protecting the application and first data used by the application from unauthorized activity. The logic is also configured to cause the processing circuit to send, by an ADPL operating on the first host via a data socket descriptor, a first message to one or more peer applications in the network, the first message including indication of the one or more security features and/or capabilities available to the application. The logic may further cause the processing circuit to receive a second message indicating security features available to a peer application in the network operating on another host.

Abstract: In one embodiment, a system includes a processing circuit and logic integrated with and/or executable by the processing circuit. The logic is configured to cause the processing circuit to receive security results, using an application and data protection layer (ADPL) operating on a first host, from an end point protection agent (EPPA) configured to protect the first host. The logic is also configured to cause the processing circuit to provide the security results to one or more local applications operating on the first host. According to another embodiment, a method includes receiving security results, using an ADPL operating on a first host, from an EPPA configured to protect the first host. The method also includes providing the security results to one or more local applications operating on the first host. Other systems, methods, and computer program products are described in accordance with more embodiments.

Abstract: According to one embodiment, a system includes a processing circuit and logic integrated with and/or executable by the processing circuit. The logic is configured to cause the processing circuit to generate a multi-context ADPL tag unique to a pair of data socket descriptors on which data is to be received and/or transmitted by a first application instance operating on the system and a second application instance operating on a second host. The logic is also configured to cause the processing circuit to embed the ADPL tag as part of an application payload in response to the first application instance calling an API configured to transmit the application payload out from the system via a sender data socket descriptor. More systems, methods, and computer program products are described in accordance with other embodiments.

Abstract: In one embodiment, a method includes receiving, at a first host, a security profile related to a first data socket descriptor indicating risk to data security of a second host. The method also includes, in response to the risk indicated by the security profile, performing by the first host, at least one action selected from a group of actions. The group of actions includes a cache flush on a cache of the first host according to a cache flush policy, cache locking on data stored in the cache of the first host, data redaction on data of a payload prior to being sent by the first host, memory locking of data stored in an in-memory database of the first host, and encryption of data stored in the in-memory database of the first host or encryption of selected data fields of a payload prior to being sent from the first host.

Abstract: In one embodiment, a computer program product includes a computer readable storage medium having program instructions stored thereon. The program instructions are executable by a processing circuit to cause the processing circuit to obtain first scan results of a security threat scan of a first device using a first threat assessment application, obtain second scan results of a security threat scan of the first device using a second threat assessment application, combine the first scan results and the second scan results to produce a single security profile for the first device on a per session basis, manage actions of the first device in a session with a peer device based on the single security profile for the first device, and share the single security profile for the first device with other peer devices in a network on a per application and on the per session basis.

Abstract: A distributed system includes first-tier entities, and a master entity in communication with each first-tier entity. The master entity provides a single access point through which an administrator can submit commands to manage all entities. The master entity maintains a table of virtual slots. Each virtual slot points to one of the first-tier entities, and each first-tier entity is pointed to by at least one virtual slot. The processor runs an RPC (remote procedure call) client to submit RPC requests to the first-tier entities, and determines a destination first-tier entity for a given RPC request in response to which virtual slot the administrator submits a command. The distributed system can include second-tier entities, each indirectly communicating with the master entity through a first-tier entity. The table has a virtual slot for each second-tier entity, which points to the first-tier entity acting as proxy for the second-tier entity.

Abstract: In one embodiment, a system includes a processing circuit and logic integrated with and/or executable by the processing circuit. The logic causes the processing circuit to monitor a plurality of application instances operating on a first host. The logic also causes the processing circuit to detect that a first application thread has been called by a first application instance operating on the first host and determine whether the first application thread is registered to be called by the first application instance on the first host by consulting a registration index. Moreover, the logic causes the processing circuit to quarantine the first application thread in response to a determination that the first application thread is not registered to be called by the first application instance on the first host.

Abstract: In one embodiment, a system includes a sender host having a processing circuit and logic integrated with and/or executable by the processing circuit. The logic is configured to cause the processing circuit to select a plurality of base parameters commonly identifiable by a sender host and a receiver host and determine at least one external event that triggers a change in selection of the plurality of base parameters to a plurality of changed parameters. The logic also causes the processing circuit to generate a unique security key using the plurality of base parameters in response to a determination that the at least one external event has not occurred, generate the unique security key using the plurality of changed parameters in response to a determination that the at least one external event has occurred, and send, by the sender host, a message including the unique security key to the receiver host.

Abstract: According to one embodiment, a system includes a processing circuit and logic integrated with and/or executable by the processing circuit. The logic is configured to cause the processing circuit to determine, by an application operating on a first host in a network, one or more security features and/or capabilities available to the application for protecting the application and first data used by the application from unauthorized activity. The logic is also configured to cause the processing circuit to send, by an ADPL operating on the first host via a data socket descriptor, a first message to one or more peer applications in the network, the first message including indication of the one or more security features and/or capabilities available to the application. The logic may further cause the processing circuit to receive a second message indicating security features available to a peer application in the network operating on another host.

Abstract: According to one embodiment, a method includes determining one or more communication requirements for an application or application instance operating on a server in a network using an ADPL. The method also includes providing, by the ADPL, one or more communication and security policies to at least one security appliance in the network based on the one or more communication requirements of the application or application instance. The method may also include registering, by the ADPL, a new application or application instance and sending details of the new application or application instance to a policy orchestrator. Moreover, the method may include receiving, by the ADPL from the policy orchestrator, feedback pursuant to a service level agreement for an application group to which the new application or application instance belongs.

Abstract: In one embodiment, a system includes a processing circuit and logic integrated with and/or executable by the processing circuit. The logic is configured to cause the processing circuit to receive security results, using an application and data protection layer (ADPL) operating on a first host, from an end point protection agent (EPPA) configured to protect the first host. The logic is also configured to cause the processing circuit to provide the security results to one or more local applications operating on the first host. According to another embodiment, a method includes receiving security results, using an ADPL operating on a first host, from an EPPA configured to protect the first host. The method also includes providing the security results to one or more local applications operating on the first host. Other systems, methods, and computer program products are described in accordance with more embodiments.

Abstract: According to another embodiment, a system includes a processing circuit and logic integrated with and/or executable by the processing circuit. The logic is configured to cause the processing circuit to receive, at a first host on which an application instance is operating, an application or data security policy for a first data socket descriptor indicating to perform one or more actions including to mirror one or more payloads received or transmitted by the first data socket descriptor of the application instance. The logic is also configured to cause the processing circuit to perform, by the first host, at least one action selected from a group of actions in response to the indication by the application and data security policy to perform the one or more actions, the group of actions including allow-and-analyze, drop-and-analyze, and mirror.

Abstract: In one embodiment, a system includes a processing circuit and logic integrated with and/or executable by the processing circuit. The logic is configured to cause the processing circuit to maintain application and data security policies at a data socket descriptor level. The logic is also configured to cause the processing circuit to manage behavior and security of data socket descriptors used by application instances executed on virtual and/or physical compute platforms. According to another embodiment, a method includes maintaining application and data security policies at a data socket descriptor level and managing behavior and security of data socket descriptors used by application instances executed on virtual and/or physical compute platforms.

Abstract: According to one embodiment, a system includes a processing circuit and logic integrated with and/or executable by the processing circuit. The logic is configured to cause the processing circuit to generate a multi-context ADPL tag unique to a pair of data socket descriptors on which data is to be received and/or transmitted by a first application instance operating on the system and a second application instance operating on a second host. The logic is also configured to cause the processing circuit to embed the ADPL tag as part of an application payload in response to the first application instance calling an API configured to transmit the application payload out from the system via a sender data socket descriptor. More systems, methods, and computer program products are described in accordance with other embodiments.

Abstract: In one embodiment, a system includes a processing circuit and logic integrated with and/or executable by the processing circuit. The logic is configured to cause the processing circuit to collect all data socket descriptor databases from individual servers operating in a data center, each data socket descriptor database storing attributes of a base socket and one or more data socket descriptors used by an application or application instance operating on an individual server. The logic is also configured to cause the processing circuit to store data from the data socket descriptor databases for all applications and application instances operating in the data center in a central data socket descriptor database, the central data socket descriptor database being configured to store attributes of all data socket descriptors used by all applications or application instances operating in the data center.