Abstract: The present systems and methods provide a user performance monitoring solution that enables the monitoring of application and device performance from the end user's point of view. The present systems and methods help Information Technology (IT) personnel to ensure the quality of digital experience across the enterprise. The present system is adapted to collect telemetry data from devices relative to the performance of all tiers of Internet Service Providers (ISPs), create a baseline of the performance of the ISPs based on a plurality of metrics and the collected telemetry data, train a Machine Learning (ML) model to assess blackout and brownout prediction accuracy at different performance values for the metrics, and identify a blackout or brownout, wherein a blackout or brownout is identified when real time performance is worse than the performance values identified by the model.

Abstract: Systems, methods, and computer-readable media for determine a neighborhood graph can include the following processes. A neighborhood graph system generates a neighborhood graph for a plurality of nodes in an enterprise network, the neighborhood graph representing a multi-hop connections between any two nodes of the plurality of nodes. A security score service determines a security score for each of the plurality of nodes to yield a plurality of scores. The neighborhood graph system updates the neighborhood graph of the plurality of nodes using the plurality of scores to provide a visual representation of securities of the plurality of nodes relative to each other.

Abstract: Systems, methods, and computer-readable media for attack surface score computation can include the following processes. An attack surface score service receives information identifying open ports associated with an application. The attack surface score service determines an attack surface score for the application based on the information and common attack ports. A policy engine determines whether to implement a policy for reducing vulnerability of the application to attacks to yield a determination. The policy engine implements a vulnerability reduction policy based on the determination.

Abstract: Systems, methods, and computer-readable media for determine a neighborhood graph can include the following processes. A neighborhood graph system generates a neighborhood graph for a plurality of nodes in an enterprise network, the neighborhood graph representing a multi-hop connections between any two nodes of the plurality of nodes. A security score service determines a security score for each of the plurality of nodes to yield a plurality of scores. The neighborhood graph system updates the neighborhood graph of the plurality of nodes using the plurality of scores to provide a visual representation of securities of the plurality of nodes relative to each other.

Abstract: The present disclosure relates to methods, systems, and non-transitory computer readable media for generating an application protectability index for network applications and a corresponding protectability scheme. In one aspect, a method includes identifying, by a network controller, network layers associated with an application; determining, by the network controller, a corresponding security index for the application at each of the network layers to yield a plurality of security indexes, each of the plurality of security indexes providing an objective assessment of protectability of the application at a corresponding one of the network layers; determining, by the network controller, an application protectability index; and providing an application protectability scheme for protecting the application based on the application protectability index.

Abstract: Systems, methods, and computer-readable media for attack surface score computation can include the following processes. An attack surface score service receives information identifying open ports associated with an application. The attack surface score service determines an attack surface score for the application based on the information and common attack ports. A policy engine determines whether to implement a policy for reducing vulnerability of the application to attacks to yield a determination. The policy engine implements a vulnerability reduction policy based on the determination.

Abstract: Systems, methods, and computer-readable media for application placement can include the following processes. A security score service determines a respective security posture score for each of a plurality of candidate hosts of an enterprise network. A user then identify a set of performance parameters and security parameters for a host in an enterprise network to execute a workload thereon. An application placement engine selects a host from the plurality of candidate hosts having a security posture score matching the performance parameters and the security parameters for executing the workload. An application deployment engine places the workload on the host.

Abstract: Systems, methods, and non-transitory computer-readable storage media are disclosed for detecting, identifying, and/or assessing hidden vulnerabilities in an enterprise network. In one example, a device may have one or more memories storing computer-readable instructions and one or more processors configured to execute the computer-readable instructions to receive vulnerability data of network components within an enterprise network. The vulnerability data can include identification of one or more vulnerabilities detected within the enterprise network. The device can then determine a vulnerability frequency and a machine frequency associated with each of the one or more vulnerabilities. The device can then determine a vulnerability score for each of the one or more vulnerabilities based on the vulnerability frequency and an inverse of the machine frequency, to yield a plurality of vulnerability scores. The device can then rank the one or more vulnerabilities based on the plurality of vulnerability scores.

Abstract: Systems and methods include monitoring user experience of one or more users accessing any of the Internet, cloud applications, and private applications; determining a user experience score for the one or more users; responsive to detecting a low user experience score for a user, performing one or more analyses on the user experience of the user; and determining a root cause of the low user experience score based on the one or more analyses. The systems and methods can include determining a remedial action for the user based on the root cause.

Abstract: Systems and methods provide for enriching flow data to analyze network security, availability, and compliance. A network analytics system can capture flow data and metadata from network elements. The network analytics system can enrich the flow data by in-line association of the flow data and metadata. The network analytics system can generate multiple planes with each plane representing a dimension of enriched flow data. The network analytics system can generate nodes for the planes with each node representing a unique value or set of values for the dimensions represented by planes. The network analytics system can generate edges for the nodes of the planes with each edge representing a flow between endpoints corresponding to the nodes. The network analytics system can update the planes in response to an interaction with the planes or in response to a query.

Abstract: Systems, methods, and computer-readable media for determine a neighborhood graph can include the following processes. A neighborhood graph system generates a neighborhood graph for a plurality of nodes in an enterprise network, the neighborhood graph representing a multi-hop connections between any two nodes of the plurality of nodes. A security score service determines a security score for each of the plurality of nodes to yield a plurality of scores. The neighborhood graph system updates the neighborhood graph of the plurality of nodes using the plurality of scores to provide a visual representation of securities of the plurality of nodes relative to each other.

Abstract: Systems, methods, and non-transitory computer-readable storage media are disclosed for detecting, identifying, and/or assessing hidden vulnerabilities in an enterprise network. In one example, a device may have one or more memories storing computer-readable instructions and one or more processors configured to execute the computer-readable instructions to receive vulnerability data of network components within an enterprise network. The vulnerability data can include identification of one or more vulnerabilities detected within the enterprise network. The device can then determine a vulnerability frequency and a machine frequency associated with each of the one or more vulnerabilities. The device can then determine a vulnerability score for each of the one or more vulnerabilities based on the vulnerability frequency and an inverse of the machine frequency, to yield a plurality of vulnerability scores. The device can then rank the one or more vulnerabilities based on the plurality of vulnerability scores.

Abstract: Systems, methods, and computer-readable media for application placement can include the following processes. A security score service determines a respective security posture score for each of a plurality of candidate hosts of an enterprise network. A user then identify a set of performance parameters and security parameters for a host in an enterprise network to execute a workload thereon. An application placement engine selects a host from the plurality of candidate hosts having a security posture score matching the performance parameters and the security parameters for executing the workload. An application deployment engine places the workload on the host.

Abstract: Systems, methods, and computer-readable media for attack surface score computation can include the following processes. An attack surface score service receives information identifying open ports associated with an application. The attack surface score service determines an attack surface score for the application based on the information and common attack ports. A policy engine determines whether to implement a policy for reducing vulnerability of the application to attacks to yield a determination. The policy engine implements a vulnerability reduction policy based on the determination.

Abstract: The present disclosure relates to methods, systems, and non-transitory computer readable media for generating an application protectability index for network applications and a corresponding protectability scheme. In one aspect, a method includes identifying, by a network controller, network layers associated with an application; determining, by the network controller, a corresponding security index for the application at each of the network layers to yield a plurality of security indexes, each of the plurality of security indexes providing an objective assessment of protectability of the application at a corresponding one of the network layers; determining, by the network controller, an application protectability index; and providing an application protectability scheme for protecting the application based on the application protectability index.

Abstract: Systems and methods provide for enriching flow data to analyze network security, availability, and compliance. A network analytics system can capture flow data and metadata from network elements. The network analytics system can enrich the flow data by in-line association of the flow data and metadata. The network analytics system can generate multiple planes with each plane representing a dimension of enriched flow data. The network analytics system can generate nodes for the planes with each node representing a unique value or set of values for the dimensions represented by planes. The network analytics system can generate edges for the nodes of the planes with each edge representing a flow between endpoints corresponding to the nodes. The network analytics system can update the planes in response to an interaction with the planes or in response to a query.

Abstract: Systems, methods, and computer-readable media for flow stitching network traffic flow segments at a middlebox in a network environment. In some embodiments, flow records of traffic flow segments at a middlebox in a network environment are collected. The flow records can include transaction identifiers assigned to the traffic flow segments. Sources and destinations of the traffic flow segments with respect to the middlebox can be identified using the flow records. Further, the traffic flow segments can be stitched together to form a plurality of stitched traffic flows at the middlebox based on the transaction identifiers and the sources and destinations of the traffic flow segments in the network environment with respect to the middlebox. A configuration of the middlebox operating in the network environment can be identified based on the stitched traffic flows at the middlebox in the network environment.

Abstract: Systems, methods, and computer-readable media for flow stitching network traffic flow segments at a middlebox in a network environment. In some embodiments, flow records of traffic flow segments at a middlebox in a network environment are collected. The flow records can include transaction identifiers assigned to the traffic flow segments. Sources and destinations of the traffic flow segments with respect to the middlebox can be identified using the flow records. Further, the traffic flow segments can be stitched together to form a plurality of stitched traffic flows at the middlebox based on the transaction identifiers and the sources and destinations of the traffic flow segments in the network environment with respect to the middlebox. A configuration of the middlebox operating in the network environment can be identified based on the stitched traffic flows at the middlebox in the network environment.

Abstract: Systems, methods, and computer-readable media for flow stitching network traffic flow segments across middleboxes. A method can include collecting flow records of traffic flow segments at a first middlebox and a second middlebox in a network environment including one or more transaction identifiers assigned to the traffic flow segments. Sources and destinations of the traffic flow segments can be identified with respect to the first middlebox and the second middlebox. Corresponding subsets of the traffic flow segments can be stitched together to from a first stitched traffic flow at the first middlebox and a second stitched traffic flow at the second middlebox. The first and second stitched traffic flows can be stitched together to form a cross-middlebox stitched traffic flow across the first middlebox and the second middlebox. The cross-middlebox stitched traffic flow can be incorporated as part of network traffic data for the network environment.

Abstract: Systems and methods provide for enriching flow data to analyze network security, availability, and compliance. A network analytics system can capture flow data and metadata from network elements. The network analytics system can enrich the flow data by in-line association of the flow data and metadata. The network analytics system can generate multiple planes with each plane representing a dimension of enriched flow data. The network analytics system can generate nodes for the planes with each node representing a unique value or set of values for the dimensions represented by planes. The network analytics system can generate edges for the nodes of the planes with each edge representing a flow between endpoints corresponding to the nodes. The network analytics system can update the planes in response to an interaction with the planes or in response to a query.