Abstract: Hardware-based Zero Trust Network Access Agents for Improved Security are disclosed herein. An example apparatus includes network interface circuitry; machine-readable instructions; and first processor circuitry programmable by the instructions to detect, via firmware execution, a request from a device to access a resource via a zero trust network access interface; determine, via the firmware execution, a security state of the device; and based on the security state of the device, transmit the request to a host operating system (OS) via a virtual network interface, the operating system executed via second processor circuitry different than the first processor circuitry.

Abstract: Technologies for control plane separation at a network interface controller (NIC) of a compute device configured to transmit, by a resource of the compute device, commands to a physical function managed by a network interface controller (NIC) of the compute device. The NIC is further to establish a data plane separate from a control plane, wherein the control plane comprises one of the trusted control path and the untrusted control path. Additionally, the resource is configured to transmit the commands via one of the trusted control path or the untrusted control path based on a trust level associated with the physical function. Other embodiments are described herein.

Abstract: Examples described herein relate to software attestation. In some examples, circuitry is to generate measurements for software attestation of a device and wherein the circuitry is a sole generator of the measurements for software attestation for the device. In some examples, the measurements are based on one or more of: firmware image file, software executable binary, device state, and/or fuse measurements. In some examples, generate measurements for software attestation of the device includes performing a cryptographic hash over one or more of: firmware image file, software executable binary, device state, and/or fuse measurements.

Abstract: The disclosure generally relates method, system and apparatus to expedite processing of packet data through a network endpoint. In one embodiment, the disclosure relates to an Inline Security Engine (ISE) which may be deployed at network's edge, for example, at a network interface card or a network adaptor. The exemplary ISE may be configured to receive and analyze packets traversing through the endpoint device for compliance with the encryption protocols and other network requirements. Additionally, the ISE may implement steps to increase security of the data if the analysis suggests that the encryption may be weak or faulty or if certain predefined security rules are violated. All processes are implemented inline and at line speed without diminishing the data rate.

Abstract: Technologies for control plane separation at a network interface controller (NIC) of a compute device configured to transmit, by a resource of the compute device, commands to a physical function managed by a network interface controller (NIC) of the compute device. The NIC is further to establish a data plane separate from a control plane, wherein the control plane comprises one of the trusted control path and the untrusted control path. Additionally, the resource is configured to transmit the commands via one of the trusted control path or the untrusted control path based on a trust level associated with the physical function. Other embodiments are described herein.