Abstract: System calls to a kernel of a mobile computing device are monitored. A particular system call is intercepted relating to input/output (I/O) functionality of the mobile computing device. A data loss prevention (DLP) policy is identified that is applicable to the particular system call. An action is performed on the particular system call based at least in part on the DLP policy.

Abstract: Systems, methods, and apparatuses enable to enable the insertion and configuration of interface microservices at servers or other types of computing devices in a computing environment in response to changes to security policies affecting one or components of the computing environment. In one embodiment, a security application detects servers in a computing environment and generates profile data for the detected servers. The security application assigns detected servers to security policy groups by applying a set of filters to the generated profile data for each server in an order specified by a set of precedence rules. The security policy groups are each associated with one or more security policies that define security rules and other configurations used to provide security services to servers that are members of the corresponding security policy group.

Abstract: Systems, methods, and apparatuses enable optimizing a size of computer threat signature libraries used by computer security applications to detect potential occurrences of computer and network security threats. In an embodiment, a threat signature is a pattern used by a computer security application to detect instances of potential security threats. A threat signature library is a collection of individual threat signatures, the library used in conjunction with a threat library to enable detecting a range of threats to computing devices and networks (e.g., various known viruses, malware, spam, types of network-based attacks, etc.). Based on profile information collected for a computing device, a security orchestrator optimizes the size of security threat signature libraries to be used to provide security services to the device.

Abstract: Systems, methods, and apparatuses enable optimizing a size of computer threat signature libraries used by computer security applications to detect potential occurrences of computer and network security threats. In an embodiment, a threat signature is a pattern used by a computer security application to detect instances of potential security threats. A threat signature library is a collection of individual threat signatures, the library used in conjunction with a threat library to enable detecting a range of threats to computing devices and networks (e.g., various known viruses, malware, spam, types of network-based attacks, etc.). Based on profile information collected for a computing device, a security orchestrator optimizes the size of security threat signature libraries to be used to provide security services to the device.

Abstract: Systems, methods, and apparatuses enable an interface microservice to intercept and filter network traffic generated by virtual machines (VMs) and routed by a virtual switch (vSwitch). A vSwitch receiving network packets from the VMs is configured to route network packets to the interface microservice via a generated VLAN trunk. The interface microservice can retrieve and apply stored packet filters to the network packets intercepted by the microservice. If an intercepted network packet matches any of the applied packet filters, the interface microservice can perform various security operations, send the network packets to another microservice for security processing, or perform any other operations. For network packets which do not match a packet filter, the interface microservice forwards the packets to the originally intended destination.

Abstract: Systems and methods are disclosed that relate to network security within a virtual network, and how to add microservices in a scalable virtual network. For example, one embodiment discloses a method of receiving a deployment request to deploy a security microservice in a security service, the deployment request including a deployment specification. The method further includes determining whether an interface microservice is available on one or more hosts by accessing one or more host records for the one or more hosts, and selecting a host on which to deploy the security microservice utilizing the deployment specification. When the interface microservice does not exist on the selected host, the method further includes initializing the interface microservice on the selected host, attaching the interface microservice to a hypervisor of the selected host, connecting the security microservice to the interface microservice of the selected host, and deploying the security microservice on the selected host.

Abstract: Systems and methods are disclosed that relate to network security within a virtual network, and how to add microservices in a scalable virtual network. For example, one embodiment discloses a method of receiving a deployment request to deploy a security microservice in a security service, the deployment request including a deployment specification. The method further includes determining whether an interface microservice is available on one or more hosts by accessing one or more host records for the one or more hosts, and selecting a host on which to deploy the security microservice utilizing the deployment specification. When the interface microservice does not exist on the selected host, the method further includes initializing the interface microservice on the selected host, attaching the interface microservice to a hypervisor of the selected host, connecting the security microservice to the interface microservice of the selected host, and deploying the security microservice on the selected host.

Abstract: System calls to a kernel of a mobile computing device are monitored. A particular system call is intercepted relating to input/output (I/O) functionality of the mobile computing device. A data loss prevention (DLP) policy is identified that is applicable to the particular system call. An action is performed on the particular system call based at least in part on the DLP policy.

Abstract: Systems, methods, and apparatuses enable a network security system to more efficiently process and respond to events generated by hypervisors and other associated components of a networked computer system. In this context, a hypervisor event refers broadly to any action that occurs related to one or more components of a hypervisor (including the hypervisor itself, virtual servers hosted by the hypervisor, etc.) and/or to data identifying the occurrence of the action(s) (e.g., a log entry, a notification message, etc.). A security service obtains and analyzes event data from any number of different types of hypervisors, where each different type of hypervisor may represent events differently and/or make event data accessible in different ways, among other differences.

Abstract: Systems and methods are described herein generally relating to network security, and in particular, embodiments described relate to systems and methods for deploying microservices in a networked microservices system. For example, a method is disclosed, which calls for receiving a request to instantiate a microservice, selecting a suitable virtual machine (VM), wherein the selecting comprises calculating the suitability of the virtual machine based on a property load and a property weight, deploying the microservice on the selected virtual machine, configuring the microservice to communicate with an interface microservice, and configuring the microservice to perform security processing on packets processed within a security service.

Abstract: Systems and methods are described herein generally relating to network security, and in particular, embodiments described generally relate to systems and methods for selecting microservices to process protocol data streams. For example, a method is disclosed, which calls for receiving a protocol packet, the protocol packet comprising a sequence number, generating a difference by subtracting a protocol message base from the sequence number, generating a first quotient by dividing the difference by a protocol common message length, generating a second value using the first quotient, determining a Transmission Control Protocol (TCP) reassembly resource using the generated second value, and transmitting the protocol packet to the determined TCP reassembly resource.

Abstract: A set of attributes of a particular asset of a computing environment is identified that are determined from data collected by one or more utilities in the computing environment. A criticality rating is automatically determined for the particular asset based at least in part on the set of attributes. A security activity is caused to be performed relating to the particular asset based on the automatically determined criticality rating of the particular asset.

Abstract: System, methods, and apparatuses enable a network security system to more efficiently deploy security profiles to virtual servers managed by the network security application. For example, a network security application is enabled to more efficiently deploy security profiles to new virtual servers as the virtual servers are created in a computing environment, where the new virtual servers may have varying security requirements. A security profile herein refers to a set of security policy configurations related to various functions of a virtual server including, for example, to which networks a virtual server is permitted to access, security configurations for applications running on the virtual server, user permissions, etc.

Abstract: System, methods, and apparatuses enable a network security system to more efficiently process system events. For example, the disclosed approaches may be used to improve the way in which a security service processes events (e.g., network traffic, files, email messages, etc.) in order to detect various types of network security threats (e.g., network intrusion attempts, viruses, spam, and other potential network security issues).

Abstract: System calls to a kernel of a mobile computing device are monitored. A particular system call is intercepted relating to input/output (I/O) functionality of the mobile computing device. A data loss prevention (DLP) policy is identified that is applicable to the particular system call. An action is performed on the particular system call based at least in part on the DLP policy.

Abstract: Systems and methods are described herein generally relating to network security, and in particular, embodiments described generally relate to real-time configurable load determination. For example, a method is disclosed, which calls for receiving a request to perform a security service, performing the security service on data included with the request; calculating a service load associated with and during the performing the security service, and transmitting a response to the request, wherein the response includes the calculated service load.

Abstract: A system, method, and non-transitory computer-readable relating to network security are disclosed. In particular, embodiments described generally relate to systems and methods of stateless processing in a fault-tolerant microservice environment. In one example, a method is disclosed, which includes transmitting, by a first microservice, packet data and a context associated therewith; receiving the packet data and the context by a second microservice, the second microservice to: use the context to determine what security processing to perform, perform the security processing over the packet data, and transmit resulting data and the context to a third microservice; and receiving the resulting data and the context by the third microservice, the third microservice to: use the context to determine what security processing to perform, and perform the security processing over the resulting data.

Abstract: System, methods, and apparatuses enable a network security system to more efficiently perform pattern matching against data items. For example, the disclosed approaches may be used to improve the way in which a deep packet inspection (DPI) microservice performs pattern matching against data items (e.g., network traffic, files, email messages, etc.) in order to detect various types of network security threats (e.g., network intrusion attempts, viruses, spam, and other potential network security issues). A DPI microservice generally refers to an executable component of a network security system that monitors and performs actions relative to input data items for purposes related to computer network security.

Abstract: Systems and methods are disclosed that relate to network security to monitor and report threats in network traffic of a datacenter. For example, one embodiment discloses a method of receiving, by a first security microservice, a first channel data encapsulation packet encapsulating a first encapsulation context and a first encapsulated data, performing a security service on the first encapsulated data using the first encapsulation context, transmitting by the first security microservice a second channel data encapsulation packet to a second security microservice, wherein the second channel encapsulation packet comprises a request for security services, receiving by the first security microservice a response from the second security microservice comprising a second security microservice context, a second security microservice timestamp, and a second security microservice load.

Abstract: System, methods, and apparatuses enable a network security system to more efficiently perform pattern matching against data items. For example, the disclosed approaches may be used to improve the way in which a deep packet inspection (DPI) microservice performs pattern matching against data items (e.g., network traffic, files, email messages, etc.) in order to detect various types of network security threats (e.g., network intrusion attempts, viruses, spam, and other potential network security issues). A DPI microservice generally refers to an executable component of a network security system that monitors and performs actions relative to input data items for purposes related to computer network security.