Abstract: Systems, methods, and related technologies for analyzing traffic are described. In certain aspects, network traffic is analyzed and a domain name system (DNS) message is extracted from the network traffic. Subsequent network traffic is monitored and analyzed based on the DNS message and in view of one or more criteria. In response to the one or more criteria being satisfied, an indication of compromise (IoC) for a device is determined.

Abstract: Systems, methods, and related technologies including media access control (MAC) address spoofing detection are described. The MAC address spoofing detection and response may include accessing a first MAC address associated with a first communication on a first port of a first network device and accessing a second MAC address associated with a second communication on a second port of a second network device. Whether the first MAC address and the second MAC address match may be determined. Information associated with a third communication associated with the first MAC address on the first port of the first network device and information associated with a fourth communication associated with the second MAC address on the second port of the second network device may be accessed. An action may be performed associated with the second port of the second network device based on the second MAC address matching the first MAC address.

Abstract: Systems, methods, and related technologies for analyzing traffic based on naming information are described. In certain aspects, name information and address information from a name translation response are stored. The name information is associated with a device based on the device sending a communication to an address associated with the name information.

Abstract: Systems, methods, and related technologies for generating a network system map based on network traffic and possibly additional data are described. Network traffic may be received and parsed to obtain metadata associated with the network traffic. A network system may be identified based on the metadata. A network system map may be generated for the network system based on one or more of the metadata or the additional data.

Abstract: Systems, methods, and related technologies for generating a network system map based on network traffic and possibly additional data are described. Network traffic may be received and parsed to obtain metadata associated with the network traffic. A network system may be identified based on the metadata. A network system map may be generated for the network system based on one or more of the metadata or the additional data.

Abstract: A network access control (NAC) device detects a connection of an endpoint device at a network switch coupled to a network and restricts access of the endpoint device to prevent the endpoint device from accessing resources of the network. The NAC device establishes a connection with the endpoint device, validates a client certificate corresponding to the endpoint device to authenticate the endpoint device as a corporate device and grants the endpoint device access to the resources of the network.

Abstract: Systems, methods, and related technologies for generating a network system map based on network traffic and possibly additional data are described. Network traffic may be received and parsed to obtain metadata associated with the network traffic. A network system may be identified based on the metadata. A network system map may be generated for the network system based on one or more of the metadata or the additional data.

Abstract: Systems, methods, and related technologies including media access control (MAC) address spoofing detection are described. The MAC address spoofing detection and response may include accessing a first MAC address associated with a first communication on a first port of a first network device and accessing a second MAC address associated with a second communication on a second port of a second network device. Whether the first MAC address and the second MAC address match may be determined. Information associated with a third communication associated with the first MAC address on the first port of the first network device and information associated with a fourth communication associated with the second MAC address on the second port of the second network device may be accessed. An action may be performed associated with the second port of the second network device based on the second MAC address matching the first MAC address.

Abstract: A network access control (NAC) device detects a connection of an endpoint device at a network switch coupled to a network and restricts access of the endpoint device to prevent the endpoint device from accessing resources of the network. The NAC device establishes a connection with the endpoint device, validates a client certificate corresponding to the endpoint device to authenticate the endpoint device as a corporate device and grants the endpoint device access to the resources of the network.

Abstract: Systems, methods, and related technologies including media access control (MAC) address spoofing detection are described. The MAC address spoofing detection and response may include accessing a first MAC address associated with a first communication on a first port of a first network device and accessing a second MAC address associated with a second communication on a second port of a second network device. Whether the first MAC address and the second MAC address match may be determined. Information associated with a third communication associated with the first MAC address on the first port of the first network device and information associated with a fourth communication associated with the second MAC address on the second port of the second network device may be accessed. An action may be performed associated with the second port of the second network device based on the second MAC address matching the first MAC address.

Abstract: Systems, methods, and related technologies for analyzing traffic based on naming information are described. In certain aspects, name information and address information from a name translation response are stored. The name information is associated with a device based on the device sending a communication to an address associated with the name information.

Abstract: Systems, methods, and related technologies for analyzing traffic based on naming information are described. In certain aspects, name information and address information from a name translation response are stored. The name information is associated with a device based on the device sending a communication to an address associated with the name information.

Abstract: Systems, methods, and related technologies including media access control (MAC) address spoofing detection are described. The MAC address spoofing detection and response may include accessing a first MAC address associated with a first communication on a first port of a first network device and accessing a second MAC address associated with a second communication on a second port of a second network device. Whether the first MAC address and the second MAC address match may be determined. Information associated with a third communication associated with the first MAC address on the first port of the first network device and information associated with a fourth communication associated with the second MAC address on the second port of the second network device may be accessed. An action may be performed associated with the second port of the second network device based on the second MAC address matching the first MAC address.

Abstract: Systems, methods, and related technologies for analyzing traffic based on naming information are described. In certain aspects, name information and address information from a name translation response are stored. The name information is associated with a device based on the device sending a communication to an address associated with the name information.

Abstract: A network access control (NAC) device detects a connection of an endpoint device at a network switch coupled to a network and restricts access of the endpoint device to prevent the endpoint device from accessing resources of the network. The NAC device establishes a connection with the endpoint device, validates a client certificate corresponding to the endpoint device to authenticate the endpoint device as a corporate device and grants the endpoint device access to the resources of the network.

Abstract: Systems, methods, and related technologies for analyzing traffic based on naming information are described. In certain aspects, name information and address information from a name translation response are stored. The name information is associated with a device based on the device sending a communication to an address associated with the name information.

Abstract: A network access control (NAC) device detects a connection of an endpoint device at a network switch coupled to a network and restricts access of the endpoint device to prevent the endpoint device from accessing resources of the network. The NAC device establishes a connection with the endpoint device, validates a client certificate corresponding to the endpoint device to authenticate the endpoint device as a corporate device and grants the endpoint device access to the resources of the network.

Abstract: A network access control (NAC) device detects a connection of an endpoint device at a network switch coupled to a network and restricts access of the endpoint device to prevent the endpoint device from accessing resources of the network. The NAC device establishes a connection with the endpoint device, validates a client certificate corresponding to the endpoint device to authenticate the endpoint device as a corporate device and grants the endpoint device access to the resources of the network.

Abstract: Systems, methods, and related technologies for analyzing traffic based on naming information are described. In certain aspects, name information and address information from a name translation response are stored. The name information is associated with a device based on the device sending a communication to an address associated with the name information.

Abstract: Disclosed is a method and system for network access control, including an authentication proxy that authenticates different access-points, retrieves data from security databases and from Network Monitoring Systems, processing said data according to a dynamic security policy and using said processing outcome to determine the access level which will be granted to an access point in the network.