Abstract: Systems, devices, and techniques are disclosed for network security policy management. A file including code written using a Domain Specific Language (DSL) for network security may be received. A cloud native enforcement artifact may be generated from the code written using DSL in the file. A policy domain model including hierarchical data, relational data, and graph data for a network security policy may be generated from the code written using DSL in the file and the cloud native enforcement artifact. The policy domain model may be stored in a persistent storage.

Abstract: A network connectivity system identifies potential connection mechanisms between datacenter entities (e.g., between service instances) on the cloud platform. The network connectivity system provides recommendations including one or more connectivity paths that are preferred with respect to one or more indicators, for example, cost, latency, or security. Specifically, the network connectivity system receives a request to configure a network connection between a first service instance and a second service instance on the cloud platform. The first service instance and the second service instance may reside within the same or different datacenters, different geographical locations, and the like. A network connectivity system identifies, from network connectivity information, one or more connectivity mechanisms for establishing connection between a first datacenter entity (e.g., first service instance) and a second datacenter entity (e.g., second service instance).

Abstract: In an example, an apparatus may include a validation module configured to identify a security policy update from a security as code repository, wherein the identified security policy update is a candidate for deployment to a production environment having a plurality of attributes defined by an infrastructure as code repository; identify, from the plurality of attributes and using the infrastructure as code repository, individual attributes that correspond to the identified security policy update, wherein the identified individual attributes are identical to a subset of the plurality of attributes; generate a test environment based on the identified individual attributes; following deployment of the identified security policy update to the test environment, check for security exceptions or availability exceptions using the test environment; and output validation results based on a result of the checking. Other embodiments may be disclosed and/or claimed.

Abstract: A system is disclosed for acquiring and managing data regarding external IP (EIP) addresses of services offered in a trusted public cloud environment. The system monitors an application program interface of a service executing in a trusted public cloud environment for occurrence of an event that is related to an EIP of the service. When an event is detected, the system extract EIP related data and metadata of the service, generates a message with the extracted EIP data, and posts the message to a central message queue. The system monitors the message queue for the presence of a new message. Upon detecting a new message, the system processes the message, extracts EIP related data. metadata, and identifies an action. A central database that stores EIP related information of services executing in the trusted public cloud environment is updated based on the identified action.

Abstract: An emulsion polymerization process for preparation of ABS graft copolymer latex having reduced residual monomer content, wherein a grafting step c) comprises the steps: c1): feeding of 10 to 45 wt.-% of styrene and acrylonitrile in one portion to agglomerated butadiene rubber latex and addition of redox system initiator, then polymerization; c2): feeding remaining monomers in portions or continuously and further addition of redox system initiator; c3): addition of inorganic free radical initiator and continuation of polymerization, leads to ABS graft copolymers and thermoplastic molding compositions which can be used in the automotive industry.

Abstract: Disclosed are examples of systems, apparatus, methods and computer program products for automation of network security policy analysis and deployment. A server system can obtain a system input comprising two versions of a policy output. The system can generate a severity characteristic that indicates a severity of deploying the second version of the policy output. The system can then determine whether to deploy the second version of the policy output based on the severity characteristic. The system can then, in response to determining that the second version of the policy output is to be deployed, deploy the second version of the policy output to one of a plurality of clouds.

Abstract: Disclosed are examples of systems, apparatus, methods and computer program products providing network security orchestration and management across different clouds. In some implementations, network security information includes a set of security policies indicating permitted communications between or among computing resources. The network security information is converted to a cloud-independent representation. From the cloud-independent representation, policy sets can be generated, where each policy set is specific to a different cloud.

Abstract: Method, apparatus, and computer readable medium for detecting malware on a target computer system is described. A threat profile is obtained at the target computer, the threat profile having manifestation information for known malware, the manifestation information including effects of the known malware on computer systems infected by the known malware. Using the threat profile, at least a portion of the manifestation information is detected on the target computer. A confidence level for detection of potential malware is determined based on the at least a portion of the manifestation information detected. The potential malware on the target computer is convicted as malware for remediation if the confidence level satisfies a threshold confidence level.

Abstract: Techniques for managing ternary content-addressable memory (TCAM) in a network device/system are provided. In one embodiment, the network device/system can include one or more TCAMs and can execute a TCAM manager for each TCAM. Each TCAM manager can manage allocation of resources of its associated TCAM, as well as manage access to the TCAM by one or more network applications running on the device/system. In this way, the TCAM managers can hide TCAM implementation differences (e.g., different sizes, different capabilities, etc.) from the network applications and thereby enable the applications to interact with the TCAMs in a uniform manner.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to determine that a program related to a process begins to run, trace events related to the program when it is determined that the program should be monitored, and determine a number of events to be traced before the trace is concluded. The number of events to be traced can be related to the type of program. In addition, the number of events that are traced can be related to the activity of the program. A number of child events to be traced can be determined if the program has a child program. The traced child events can be combined with the events traced and the results can be analyzed to determining if the process includes malware.

Abstract: Techniques for managing ternary content-addressable memory (TCAM) in a network device/system are provided. In one embodiment, the network device/system can include one or more TCAMs and can execute a TCAM manager for each TCAM. Each TCAM manager can manage allocation of resources of its associated TCAM, as well as manage access to the TCAM by one or more network applications running on the device/system. In this way, the TCAM managers can hide TCAM implementation differences (e.g., different sizes, different capabilities, etc.) from the network applications and thereby enable the applications to interact with the TCAMs in a uniform manner.

Abstract: A method and apparatus for preventing data leakage of e-discovery data items is provided. In one embodiment, the method for automatically configuring e-discovery data for data leakage prevention includes processing filtering information regarding at least one e-discovery data item that is selected for data leakage prevention and generating data leakage prevention information for the selected at least one e-discovery data item, wherein the data leakage prevention information is used to filter the at least one data item.

Abstract: A process for the preparation of nanodimensional particles of oxides and sulphides of metals and metal clusters in a carbonaceous matrix. Inorganic salts of metals are thoroughly mixed with one or more of the polymers polyphenylene sulphide, polyphenylene oxide, polyphenylene selenide, polyphenylene telluride and polyacrylonitrile in a solvent mixture. The mixture is dried and pellets are made from the dried mixture by applying compaction loads in the range of 4000 to 8000 and more preferably 5000 to 5500 psi followed by heating at a temperature in the range of 400.degree. to 800.degree. C. in an inert atmosphere. The above pellets are cooled to room temperature slowly.