Abstract: Examples of the present disclosure describe systems and methods for providing enhanced security in edge computing environments. A first aspect describes a method for moving security features dynamically applied to an application at a first deployment location to an application at a second deployment location. A second aspect describes a method for locally expanding/contracting an instance of a deployed application. A third aspect describes a method for redirected network traffic associated with detected malicious conduct from a first application deployment environment to a secured second application deployment environment. A fourth aspect describes a method for performing multi-stage network traffic filtering.

Abstract: The present application describes systems and methods for network-based blocking threat intelligence. An access control list (ACL) generator may modify ACLs and provide modified ACLs to provider edge routers based on the capabilities of the provider edge routers. In some cases, an additional provider edge router that is more capable of implementing longer ACLs may be used. In some cases, a collector may identify when threat communications are bypassing provider edge routers with limited ACL lengths and provide the customer an opportunity to buy a better router or access to an additional router that supports longer or additional ACLs. A threat intelligence system may update (e.g., continuously update) the ACL provided to the ACL generator, and the ACL generator may accordingly update the modified ACLs provided to the provider edge routers.

Abstract: Implementations include providing security services to workloads deployed across various types of network environments, such as public networks, private networks, hybrid networks, customer premise network environments, and the like, by redirecting traffic intended for the service device through a security environment of the first network. After application of the security features to the incoming traffic, the “clean” traffic may be transmitted to the service device instantiated on the separate network via a tunnel. Redirection of incoming traffic to the security-providing first network may include correlating a network address of the service device to a reserved network address of a block of reserved addresses and updating a Domain Name Server (DNS) or other address resolving system with the reserved address. The return transmission tunnel may be established between the security environment and the network address of the service device.

Abstract: Examples of the present disclosure describe systems and methods for providing enhanced security in edge computing environments. A first aspect describes a method for moving security features dynamically applied to an application at a first deployment location to an application at a second deployment location. A second aspect describes a method for locally expanding/contracting an instance of a deployed application. A third aspect describes a method for redirected network traffic associated with detected malicious conduct from a first application deployment environment to a secured second application deployment environment. A fourth aspect describes a method for performing multi-stage network traffic filtering.

Abstract: Aspects of the present disclosure involve utilizing network threat information to manage one or more security devices or policies of a communication network. The security system may receive threat intelligence data or information associated with potential threats to a communications network and process the threat intelligence data to determine one or more configurations to apply to security devices of a network. The system may then generate a rule or action to respond to the identified attack, such as a firewall rule for a firewall device to block traffic from the source of the attack. The threat intelligence information may include a confidence score indicating a calculated confidence in the identification of the malicious communications, which may be utilized by the system to determine the type of action taken on the security devices of the network in response to the information or data.

Abstract: Implementations include providing security services to workloads deployed across various types of network environments, such as public networks, private networks, hybrid networks, customer premise network environments, and the like, by redirecting traffic intended for the service device through a security environment of the first network. After application of the security features to the incoming traffic, the “clean” traffic may be transmitted to the service device instantiated on the separate network via a tunnel. Redirection of incoming traffic to the security-providing first network may include correlating a network address of the service device to a reserved network address of a block of reserved addresses and updating a Domain Name Server (DNS) or other address resolving system with the reserved address. The return transmission tunnel may be established between the security environment and the network address of the service device.

Abstract: Novel tools and techniques are provided for implementing management of edge network protection service. In various embodiments, a computing system may receive a request from a customer to manage edge network protection services for at least one Internet circuit. Based on a determination that the customer has been provisioned one or more circuits that are capable of implementing edge network protection services, the computing system may present, or cause to be presented, options to select a circuit, from among the one or more circuits, for which edge network protection service should be provisioned or managed. When a selection of a first circuit is received from the customer, the computing system may automatically cause the selected first circuit to be configured to provision a new service instance of the edge network protection service or reconfigured to modify an existing service instance of the edge network protection service.

Abstract: Examples of the present disclosure describe systems and methods for providing enhanced security in edge computing environments. A first aspect describes a method for moving security features dynamically applied to an application at a first deployment location to an application at a second deployment location. A second aspect describes a method for locally expanding/contracting an instance of a deployed application. A third aspect describes a method for redirected network traffic associated with detected malicious conduct from a first application deployment environment to a secured second application deployment environment. A fourth aspect describes a method for performing multi-stage network traffic filtering.

Abstract: Aspects of the present disclosure involve utilizing network threat information to manage one or more security devices or policies of a communication network. The security system may receive threat intelligence data or information associated with potential threats to a communications network and process the threat intelligence data to determine one or more configurations to apply to security devices of a network. The system may then generate a rule or action to respond to the identified attack, such as a firewall rule for a firewall device to block traffic from the source of the attack. The threat intelligence information may include a confidence score indicating a calculated confidence in the identification of the malicious communications, which may be utilized by the system to determine the type of action taken on the security devices of the network in response to the information or data.

Abstract: The present application describes systems and methods for automatically provisioning a domain name system (DNS) firewall service for an Internet circuit. In examples, customer premises equipment and a DNS firewall system are automatically configured to work with the Internet circuit without requiring technical knowledge or intervention by a customer.

Abstract: An automatic provisioning and configuration system for threat mitigation may be provided. Hardware and software resources may be automatically configured to designate a return path for forwarding clean data packets to a target network. A return path from a scrubbing center to the target network may be selected and configured, for example, based on the geographic location of the scrubbing center and information regarding available capacity of the return path to the target network, among other information. The system may also perform a set of dynamic checks to determine whether one or more scrubbing centers have capacity (and/or are likely to continue to have capacity) to provide an encapsulation tunnel between the scrubbing center and the target network for clean return traffic.

Abstract: An automatic provisioning and configuration system for threat mitigation may be provided. Hardware and software resources may be automatically configured to designate a return path for forwarding clean data packets to a target network. A return path from a scrubbing center to the target network may be selected and configured, for example, based on the geographic location of the scrubbing center and information regarding available capacity of the return path to the target network, among other information. The system may provide for selection a list of Internet circuits already used by the customer. The system may also perform a set of dynamic checks to determine whether one or more of the Internet circuits are eligible for use for the return traffic.

Abstract: Systems and methods for improved DDoS mitigation by utilizing lightweight and tuned mitigation techniques are provided. A lightweight, tuned DDoS system provides protection from DDoS attacks by hosting a container hypervisor on a server that is isolated from other server processes. The container hypervisor may include protection containers and forensic containers. Traffic received at the server is directed through the protection containers to filter out malicious traffic prior to valid traffic being sent to other system processes. The protection containers may be specifically tuned to the service provided by the server. Additionally, malicious traffic may be directed from the protection containers to the forensics containers for extraction of forensic information to be directed to external threat intelligence systems for analysis.

Abstract: Examples of the present disclosure describe systems and methods for providing enhanced security in edge computing environments. A first aspect describes a method for moving security features dynamically applied to an application at a first deployment location to an application at a second deployment location. A second aspect describes a method for locally expanding/contracting an instance of a deployed application. A third aspect describes a method for redirected network traffic associated with detected malicious conduct from a first application deployment environment to a secured second application deployment environment. A fourth aspect describes a method for performing multi-stage network traffic filtering.

Abstract: Implementations include providing security services to workloads deployed across various types of network environments, such as public networks, private networks, hybrid networks, customer premise network environments, and the like, by redirecting traffic intended for the service device through a security environment of the first network. After application of the security features to the incoming traffic, the “clean” traffic may be transmitted to the service device instantiated on the separate network via a tunnel. Redirection of incoming traffic to the security-providing first network may include correlating a network address of the service device to a reserved network address of a block of reserved addresses and updating a Domain Name Server (DNS) or other address resolving system with the reserved address. The return transmission tunnel may be established between the security environment and the network address of the service device.

Abstract: Implementations described and claimed herein provide systems and methods for mitigating network threats. In one implementation, a provider edge device of a telecommunications network is configured to accept distributed denial of service mitigation rule propagation from a customer edge device of a customer network in communication with the provider edge device. A distributed denial of service mitigation rule for the customer network is received at the provider edge device from the customer edge device. The distributed denial of service mitigation rule includes one or more routing parameters and a mitigation action. The distributed denial of service mitigation rule is implemented locally on the provider edge device of the telecommunications network. A broadcasting of the distributed denial of service mitigation rule in the telecommunications network is prevented beyond the provider edge device.

Abstract: Aspects of the present disclosure involve utilizing network threat information to manage one or more security devices or policies of a communication network. The security system may receive threat intelligence data or information associated with potential threats to a communications network and process the threat intelligence data to determine one or more configurations to apply to security devices of a network. The system may then generate a rule or action to respond to the identified attack, such as a firewall rule for a firewall device to block traffic from the source of the attack. The threat intelligence information may include a confidence score indicating a calculated confidence in the identification of the malicious communications, which may be utilized by the system to determine the type of action taken on the security devices of the network in response to the information or data.

Abstract: Implementations described and claimed herein provide systems and methods for mitigating network threats. In one implementation, a provider edge device of a telecommunications network is configured to accept distributed denial of service mitigation rule propagation from a customer edge device of a customer network in communication with the provider edge device. A distributed denial of service mitigation rule for the customer network is received at the provider edge device from the customer edge device. The distributed denial of service mitigation rule includes one or more routing parameters and a mitigation action. The distributed denial of service mitigation rule is implemented locally on the provider edge device of the telecommunications network. A broadcasting of the distributed denial of service mitigation rule in the telecommunications network is prevented beyond the provider edge device.