Abstract: Techniques are described for classification-based data security management. The classification-based data security management can include utilizing device and/or data attributes to identify security modes for communication of data stored in a source device. The security modes can be identified based on a hybrid-encryption negotiation. The attributes can include a device resource availability value, an access trust score, a data confidentiality score, a geo-coordinates value, and/or a date/time value. The security modes can include a hybrid-encryption mode. The source device can utilize the hybrid-encryption mode to transmit the data, via one or more network nodes, such as an edge node, to one or more service nodes.

Abstract: Techniques are described for providing secure audio calls between a calling party and a receiving party. Upon receiving a call request from a call initiating party, a notification is sent to the intended call recipient. The call recipient can send a request for a secure call. Upon receiving the request for a secure call, a bi-directional multifactor authentication is performed to authenticate the identity of both the call initiating party and the call receiving party. In response to successfully authenticating both parties, a secure call between the parties is established. One or more secure key tokens or other metadata can be embedded in the call to ensure security of the call.

Abstract: The present disclosure describes a system and method for secure energy harvesting. An access point includes a memory and a processor communicatively coupled to the memory. The processor receives, from a wireless device, a token and an identifier for a first access point that generated the token and requests the first access point to validate the token. The processor also, in response to the first access point validating the token, wirelessly communicates a first charging frame to the wireless device.

Abstract: A connection request is received from a user device associated with a user. The connection request includes an identifier associated with a profile associated with the user, the profile being a static profile or a dynamic profile. An observability profile associated with the user is identified based on the profile when the profile is a static profile and based on a current traffic profile associated with the user device when the profile is a dynamic profile. Measurements associated with a data session are executed for the user device based on the observability profile and one or more configurations are adjusted in a network to improve performance of the data session based on the measurements.

Abstract: Techniques are described herein for managing access to sensitive data detected within an electronic communication. In some embodiments, such techniques may comprise receiving, from a sender, an electronic communication directed toward a first recipient. The techniques may then comprise identifying one or more pieces of sensitive data within the electronic communication, providing a content of the one or more pieces of sensitive data to a data hosting device to be stored in a memory location and first information associated with the first recipient used to access the memory location, updating the electronic communication to replace the one or more pieces of sensitive data with a reference to the memory location, and transmitting the electronic communication to the first recipient.

Abstract: Failure prediction signaling and cognitive user migration may be provided. A client device may receive at least a portion of failure prediction data. The client device may then analyze the at least the portion of the failure prediction data. The client device may then roam from a first computing device to a second computing device in response to analyzing the at least the portion of the failure prediction data.

Abstract: Energy-aware configurations can be utilized to operate a network based on sustainability-related metrics. In many embodiments, a suitable device includes a processor, a memory commutatively coupled to the processor, a plurality of elements, a communication port, and an energy-aware topology logic configured to collect topology data from one or more network devices, wherein each of the one or more network devices include a plurality of elements. The energy-aware topology logic can receive power source data and power usage data related to plurality of elements and generate an element energy coefficient (EEC) for a plurality of elements. Subsequently, the energy-aware topology logic can also generate an energy-aware configuration for at least one of the one or more network devices, and then pass the generated energy-aware configuration to the at least one network device, wherein the energy-aware configuration is configured to steer traffic based on at least one sustainability-related metric.

Abstract: A network of devices can be stabilized by administering an energy-aware topology that corresponds to a desired state derived in part from one or more sustainability metrics. Devices suitable for stabilization can include a processor, a memory, a plurality of elements, a communication port coupled with one or more neighboring devices, and an energy-aware topology logic. The energy-aware topology logic can monitor incoming traffic from one or more neighboring devices, receive current state data associated with the plurality of elements, and receive update data from the one or more neighboring devices via a sustainability-related augmented IGP. Also, the energy-aware topology logic can generate a desired state for the device based on at least the received current state data and update data. One or more of the plurality of elements may be modified in response to the generated desired state, wherein the modification involves changing one or more sustainability-related capabilities.

Abstract: Devices, systems, methods, and processes for dynamically reducing the size of a video transmission are described herein. An energy-saving video transmission device can include a controller, a memory, a communication port coupled with at least a second device, and a virtual meeting logic configured to establish a virtual meeting with a video transmission. The video transmission is transmitted to at least the second device. The virtual meeting logic can determine a virtual meeting configuration and collect sustainability attributes data. Based on the collected data, an energy-saving video transmission rate can be selected. Often, this can indicate how often to capture and transmit keyframes of the video transmission instead of the entire video transmission. Finally, based on the energy-saving video transmission rate, a reduced size video transmission can be transmitted over a network.

Abstract: Network energy efficiency and green power selection may be optimized by employing graph-oriented service chains configured to share sustainability attributes and metadata augmentation. More specifically, network Service Function Chain (SFC) creation can include a set of power and energy-specific and sustainable attributes. In general, the goal of SFC is to enable the creation of a service path that matches the specific needs of an application or service. SFCs are composed of a sequence of network functions, such as firewalls, load balancers, intrusion detection systems, and other services. Each network function performs a specific task on the network traffic, and the packets are passed from one function to the next until they reach their destination. Overall, SFCs are a powerful tool for managing complex network environments, enabling network administrators to deploy and manage network services more efficiently and effectively.

Abstract: Techniques for identifying nodes in a data center fabric that are affected by a failure in the fabric, and selectively sending disaggregation advertisements to the nodes affected by the failure. The techniques include a process where a component monitors the network fabric to identify communication paths between leaf nodes, and determines what leaf nodes would be affected by a failure in those communication paths. The component may detect a failure in the network and determine which communication paths, and thus which leaf nodes, are affected by the failure and send disaggregation advertisements to the affected leaf nodes. In some examples, ingress leaf nodes send data through the fabric that indicate egress nodes for the communication paths. Intermediate nodes along may receive the data from the leaf nodes to identify communication paths, and the notify only affected nodes upon detecting a failure in the network.

Abstract: In one embodiment, an access policy enforcement service receives a user authentication request from an end-user device. The access policy enforcement service identifies a telemetry collection intent from the user authentication request. The access policy enforcement service determines a monitoring policy based on the telemetry collection intent identified from the user authentication request. The access policy enforcement service configures, according to the monitoring policy, one or more telemetry collection agents to collect telemetry for traffic associated with the end-user device.

Abstract: Provided herein are techniques to facilitate enhanced cloud access security broker (CASB) functionality via in-band application observability in which a CASB can be implemented in-line between the client device and an embedded application security service. In one instance, a method may include, obtaining, by a CASB from a client device, a first message for an application transaction involving an application operating via the client device. The first message can be augmented to include first security metadata and can be forwarded to trigger one or more actions by an embedded application security service associated with the application. The CASB may obtain a second message from the embedded application security service that includes second security metadata, and one or more actions can be triggered at the CASB based, at least in part, on the second security metadata included in the second message.

Abstract: A network controller deploys a first component and a second component to run concurrently on a network device. The second component is an upgraded version of the first component. The first component receives a first instance of a packet routed to the network device and has a timestamp and a first ID, and the second component receives a second instance of the packet routed to the network device and has the timestamp and a second ID. The network controller receives first functionality data for the first component and second functionality data for the second component from the network device. Based on the first functionality data and the second functionality data, the network controller determines whether to continue operating the first component or the second component on the network device.

Abstract: In one embodiment, a method comprises: receiving, by a process, an executed function flow of a daisy chained serverless function-as-a-service (FaaS) function, the executed function flow having been injected with a particular trace identifier in response to an initial event trigger and span identifiers having been injected by each service that was executed; generating, by the process, a serverless flow graph associated with the particular trace identifier based on linking a path of serverless functions according to correlation of the span identifiers between the serverless functions; performing, by the process, a trace-based analysis of the serverless flow graph through comparison to a baseline of expectation; detecting, by the process, one or more anomalies in the serverless flow graph according to the trace-based analysis; and mitigating, by the process, the one or more anomalies in the serverless flow graph.

Abstract: Techniques for policy-based failure handling of data that is received for processing by failed edge services are described herein. The techniques may include receiving, at an edge node of a network, a data handling policy for a service hosted on the edge node. The service may be configured to process traffic on behalf of an application hosted by a cloud-based platform. In some examples, the data handling policy may be stored in a memory that is accessible to the edge node. The techniques may also include receiving traffic at the edge node that is to be processed at least partially by the service. At least partially responsive to detecting an error associated with the service, the edge node may cause the traffic to be handled according to the data handling policy while the service is experiencing the error.

Abstract: Embodiments herein describe disconnecting, by an access node, a first device having a first media access control (MAC) address due to a network violation and receiving, by the access node, information about a second device having a second MAC address different from the first MAC address. In one embodiment, the information is generated by a certificate server based on a token generated by the second device. Further, when the access node determines, based on the information, that the second device is the first device, the access node denies a connection request from the second device.

Abstract: In one embodiment, a device may obtain a media topology of nodes involved in a collaboration session. The device may cause each of a plurality of probes to be provisioned to a corresponding node of the nodes involved in the collaboration session to perform a test of a corresponding segment of the media topology, and each of the plurality of probes may be associated to a session identifier of the collaboration session. The device may determine observability information based on results of the plurality of probes for each segment of the media topology, and the results may include an indication of the session identifier. The device may correlate the observability information to the collaboration session based on the indication of the session identifier.

Abstract: In one aspect, a method for monitoring a Fast Re-Route (FRR) path between a source node (Node-S) and a destination node (Node-E) in a network, includes generating a discovery-probe at the source node (Node-S) to detect at least one node with an FRR indicator along the FRR path that includes a plurality of next available nodes. The method also includes upon the discovery probe reaching a first node with the FRR indicator, generating a primary probe configured to detect a primary path and a repair probe configured to detect a repair path. The method also includes in response to receiving the primary probe via the primary path and the repair probe via the repair path at the destination node, sending the primary probe and the repair probe back to the source node to monitor the FRR path between the source node and the destination node.

Abstract: An authorization device obtains a registration request associated with an end device, the registration request including a new randomized media access control (MAC) address associated with the end device; determines whether the end device is authorized to use the new randomized MAC address; transmits a message to the end device with a first randomly generated number when it is determined that the end device is authorized to use the new randomized MAC address; obtains integrity information associated with the end device, the first integrity information being computed based on the first randomly generated number; transmits a request to a validation system to validate the end device based on the first integrity information; obtains an indication that the end device is validated; determines policies associated with the end device when it is determined that the end device is validated; and applies the policies to the end device.