Abstract: Centralized management of web application firewalls (WAFs) is disclosed. Network-security devices in data centers perform server load balancing and implement WAFs for applications. Vendor-specific bridges map application and system parameters for use by a management process. Policies for policy-name/device pairs are provided and grouped into policy groups, which can be included with global parent policy groups. Portions of policy metadata can be retrieved without degrading system performance to detect changes, which can then be synchronized across other applicable policies, groups, devices, and WAFs.

Abstract: Centralized management of web application firewalls (WAFs) is disclosed. Network-security devices in data centers perform server load balancing and implement WAFs for applications. Vendor-specific bridges map application and system parameters for use by a management process. Policies for policy-name/device pairs are provided and grouped into policy groups, which can be included with global parent policy groups. Portions of policy metadata can be retrieved without degrading system performance to detect changes, which can then be synchronized across other applicable policies, groups, devices, and WAFs.

Abstract: A system that includes a threat management server configured to store a device log identifying device information for endpoint devices that have passed authentication. The threat management server is configured to determine that first device information for an endpoint device obtained from a switch and second device information for the endpoint device from the device log file do not match, and, in response, block the endpoint device from accessing a network. The switch is operably coupled to the threat management server and configured to collect the first device information for the endpoint device and send it to the threat management engine.

Abstract: An information security system that includes a switch operably coupled to a device. The switch includes a plurality of ports configured to provide network connectivity for one or more endpoint devices to a network. The device is configured to receive a MAC address and a device type for an endpoint device. The device is further configured to determine that the MAC address for the endpoint device is not present in a device information table that comprises MAC addresses of previously authenticated endpoint devices and to identify a device type category from a set of device type categories that correspond with the device type for the endpoint device. The device is further configured to identify one or more flags linked with the identified device type category and to set a port status for the port where the endpoint device is connected based on the identified one or more flags.

Abstract: A system includes a switch that includes a plurality of ports and a threat management server coupled to the switch. The threat management server includes a memory and a threat management engine. The memory stores a port exemption log identifying ports on the switch configured to bypass authentication, and device information for endpoint devices connected to the ports on the switch configured to bypass authentication. The threat management engine is configured to receive an exemption request requesting an authentication exemption for a first port, add the first port to the port exemption log, and send an exemption command to the switch identifying the first port. The exemption command triggers the switch to bypass authentication for the first port.

Abstract: An information security system that includes a switch operably coupled to a device. The switch includes a plurality of ports configured to provide network connectivity for one or more endpoint devices to a network. The device is configured to receive device information for an endpoint device connected to a port of the switch, to identify a MAC address in the device information table that matches the MAC address for the endpoint device, and to identify a device type for the identified MAC address in the device information table. The device is further configured to determine that the device type for the endpoint device does not match the device type for the identified MAC address in the device information table and to set a port status for the port to blocked in response to determining that the device types do not match.

Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the device connecting to a port on the switch. The threat management server determines the endpoint device is present in a device log file. The threat management server determines the number of times the endpoint device has failed authentication exceeds a first threshold value within a first time period and the number of times the endpoint device has passed authentication is less than a second threshold value within a second time period. The threat management server determines the endpoint device does not have a lease for the port on the switch and sends a reroute command to the switch to transform the destination of traffic associated with the endpoint device to a safe zone.

Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the endpoint device connecting to a port on the switch. The threat management server determines the endpoint device is present in a blacklist based on the device identifier in response to receiving the device identifier. The threat management server determines the endpoint device is blocked from one or more second ports on the switch. The threat management server blocks the endpoint device from accessing the network via the first port on the switch in response to determining the endpoint device is blocked from the one or more other ports on the switch.

Abstract: An information security system that includes a switch operably coupled to a device. The switch includes a plurality of ports configured to provide network connectivity for one or more endpoint devices to a network. The device is configured to receive device information for an endpoint device connected to a port of the switch, to identify a MAC address in the device information table that matches the MAC address for the endpoint device, and to identify a device type for the identified MAC address in the device information table. The device is further configured to determine that the device type for the endpoint device does not match the device type for the identified MAC address in the device information table and to set a port status for the port to blocked in response to determining that the device types do not match.

Abstract: An information security system that includes a switch operably coupled to a device. The switch includes a plurality of ports configured to provide network connectivity for one or more endpoint devices to a network. The device is configured to receive a MAC address and a device type for an endpoint device. The device is further configured to determine that the MAC address for the endpoint device is not present in a device information table that comprises MAC addresses of previously authenticated endpoint devices and to identify a device type category from a set of device type categories that correspond with the device type for the endpoint device. The device is further configured to identify one or more flags linked with the identified device type category and to set a port status for the port where the endpoint device is connected based on the identified one or more flags.

Abstract: A system that includes a plurality of access points and a device tracking controller. The device tracking controller is configured to receive a navigation request identifying an item and to determine an item location for the item. The device tracking controller is further configured to receive signal strength information for the endpoint device from at least one access point from the plurality of access points. The device tracking controller is further configured to determine a location for the at least one access point and to determine a user location for the endpoint device based on the location of the at least one access point. The device tracking controller is further configured to determine a path between the user location and the item location within an environment and to send path instructions for the path to the endpoint device.

Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device and a port identifier identifying a port on the switch to a threat management server in response to the device passing authentication. The threat management server determines the endpoint device has a block on the port of the switch using the device identifier and the port identifier. The threat management server determines a block timeout period for the endpoint device and the port on the switch has expired. The threat management server removes the block for the endpoint device on the port on the switch in response to determining the block timeout period for the endpoint device and the port on the switch has expired.

Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the endpoint device connecting to a port on the switch. The threat management server determines the endpoint device is present in a blacklist based on the device identifier in response to receiving the device identifier. The threat management server determines the endpoint device is blocked from one or more second ports on the switch. The threat management server blocks the endpoint device from accessing the network via the first port on the switch in response to determining the endpoint device is blocked from the one or more other ports on the switch.

Abstract: A system includes a switch that includes a plurality of ports and a threat management server coupled to the switch. The threat management server includes a memory and a threat management engine. The memory stores a port exemption log identifying ports on the switch configured to bypass authentication, and device information for endpoint devices connected to the ports on the switch configured to bypass authentication. The threat management engine is configured to receive an exemption request requesting an authentication exemption for a first port, add the first port to the port exemption log, and send an exemption command to the switch identifying the first port. The exemption command triggers the switch to bypass authentication for the first port.

Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the device connecting to a port on the switch. The threat management server determines the endpoint device is present in a device log file. The threat management server determines the number of times the endpoint device has failed authentication exceeds a first threshold value within a first time period and the number of times the endpoint device has passed authentication is less than a second threshold value within a second time period. The threat management server determines the endpoint device does not have a lease for the port on the switch and sends a reroute command to the switch to transform the destination of traffic associated with the endpoint device to a safe zone.

Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the endpoint device connecting to a port on the switch. The threat management server determines the endpoint device is present in a blacklist based on the device identifier in response to receiving the device identifier. The threat management server determines the endpoint device is blocked from one or more second ports on the switch. The threat management server blocks the endpoint device from accessing the network via the first port on the switch in response to determining the endpoint device is blocked from the one or more other ports on the switch.

Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device and a port identifier identifying a port on the switch to a threat management server in response to the device passing authentication. The threat management server determines the endpoint device is present in the black list using the device identifier. The threat management server determines the endpoint device has a block on the port of the switch using the port identifier. The threat management server removes the block for the endpoint device on the port on the switch in response to determining the endpoint device has the block on the port of the switch.

Abstract: A system that includes a threat management server configured to store a device log identifying device information for endpoint devices that have passed authentication. The threat management server is configured to determine that first device information for an endpoint device obtained from a switch and second device information for the endpoint device from the device log file do not match, and, in response, block the endpoint device from accessing a network. The switch is operably coupled to the threat management server and configured to collect the first device information for the endpoint device and send it to the threat management engine.

Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the endpoint device connecting to a port on the switch. The threat management server identifies the endpoint device for removal in response to receiving the device identifier. The threat management server determines the number of times the endpoint device has failed authentication exceeds a first threshold value within a first time period. The threat management server blocks the endpoint device from accessing the network via the port on the switch in response to identifying the endpoint device for removal.

Abstract: A system that includes a threat management server configured to store a port exemption log that identifies ports on a switch configured to bypass authentication and endpoint devices connected the ports configured to bypass authentication. The threat management server interrogates a switch for switch information identifying ports on the switch configured to bypass authentication and endpoint devices connected the ports configured to bypass authentication. The threat management server compares the switch information to the information in the port exemption log. The threat management server identifies a port based on differences between the received switch information and the port exemption log and enables port authentication for the identified port in response to identifying the differences.