Abstract: Systems and methods are provided for receiving, at a network device, a first set of rules from a security controller of an enterprise network, the first set of rules being different from a second set of rules provided to a firewall by the security controller, implementing, at the network device, the first set of rules received from the security controller, generating, at the network device, a first log including metadata based on the first set of rules, the first log being generated on a per flow basis, notifying, at the network device, a NetFlow of the first log including the metadata of the first set of rules, and providing, from the network device, the first log to a cloud-log store by the NetFlow of the network device, the cloud-log store receiving the first log from the network device and a second log from the firewall.

Abstract: Systems and methods are provided for receiving, at a network device, a first set of rules from a security controller of an enterprise network, the first set of rules being different from a second set of rules provided to a firewall by the security controller, implementing, at the network device, the first set of rules received from the security controller, generating, at the network device, a first log including metadata based on the first set of rules, the first log being generated on a per flow basis, notifying, at the network device, a NetFlow of the first log including the metadata of the first set of rules, and providing, from the network device, the first log to a cloud-log store by the NetFlow of the network device, the cloud-log store receiving the first log from the network device and a second log from the firewall.

Abstract: Systems and methods are provided for receiving, at a network device, a first set of rules from a security controller of an enterprise network, the first set of rules being different from a second set of rules provided to a firewall by the security controller, implementing, at the network device, the first set of rules received from the security controller, generating, at the network device, a first log including metadata based on the first set of rules, the first log being generated on a per flow basis, notifying, at the network device, a NetFlow of the first log including the metadata of the first set of rules, and providing, from the network device, the first log to a cloud-log store by the NetFlow of the network device, the cloud-log store receiving the first log from the network device and a second log from the firewall.

Abstract: The present technology pertains to a system that routes application flows. The system can receive an application flow from a device by an active threat detection agent; analyze the application flow for user context, device context, and application context; classify the application flow based on the analysis of the application flow; and direct the application flow according to the classification of the application flow and an application access policy.

Abstract: Systems and methods are provided for receiving, at a network device, a first set of rules from a security controller of an enterprise network, the first set of rules being different from a second set of rules provided to a firewall by the security controller, implementing, at the network device, the first set of rules received from the security controller, generating, at the network device, a first log including metadata based on the first set of rules, the first log being generated on a per flow basis, notifying, at the network device, a NetFlow of the first log including the metadata of the first set of rules, and providing, from the network device, the first log to a cloud-log store by the NetFlow of the network device, the cloud-log store receiving the first log from the network device and a second log from the firewall.

Abstract: Systems and methods are provided for receiving service instructions from a client regarding a network function at a network element, the service instructions including a table of network policies and rules, receiving data from a first edge node of a network fabric, processing the data received from the first edge node according to the service instructions regarding the network function, and providing the processed data to a second edge node of the network fabric based on the service instructions.

Abstract: The present technology pertains to a system that routes application flows. The system can receive an application flow from a device by an active threat detection agent; analyze the application flow for user context, device context, and application context; classify the application flow based on the analysis of the application flow; and direct the application flow according to the classification of the application flow and an application access policy.

Abstract: In one example embodiment, a threat detection server receives metadata of a network flow in a network; a zone definition that correlates the metadata of the network flow with a first zone of network devices in the network and a second zone of network devices in the network, where the network flow was transmitted from the first zone to the second zone; and a security policy for the network flow, where the security policy is enforced on the basis of the first zone and the second zone. Based on the zone definition, the threat detection server annotates a flow record that includes the metadata with an indication of the first zone and the second zone. Based on the annotated flow record and the security policy, the threat detection server determines whether to generate a notification associated with a detection of a security threat associated with the network flow.

Abstract: In one example embodiment, a threat detection server receives metadata of a network flow in a network; a zone definition that correlates the metadata of the network flow with a first zone of network devices in the network and a second zone of network devices in the network, where the network flow was transmitted from the first zone to the second zone; and a security policy for the network flow, where the security policy is enforced on the basis of the first zone and the second zone. Based on the zone definition, the threat detection server annotates a flow record that includes the metadata with an indication of the first zone and the second zone. Based on the annotated flow record and the security policy, the threat detection server determines whether to generate a notification associated with a detection of a security threat associated with the network flow.