Abstract: A method includes receiving, at a chaos level engine, initial input parameters. The method may further include, with the chaos level engine, determining scaled input parameters based on the initial input parameters. The scaled input parameters define how the initial input parameters effect a computing environment to be tested. The method may further include, with the chaos level engine determining a chaos level for performing a chaos experiment on the computing environment based on the scaled input parameters and sending the chaos level to the computing environment for the chaos experiment. The method may further include, with the chaos level engine, receiving, from the computing environment, feedback defining an impact caused by the chaos experiment created at the computing environment and an intended level of chaos.

Abstract: A system and method are provided that use an intelligence model that continuously learns and identifies changes within a production computing environment and determines if adjustments/changes to be made in the production computing environment are to be validated during testing based on a set of criteria. The intelligence model determines possible adjustments in a computing environment (and their impact during testing) that have been learned from stored/accumulated data associated with a plurality of production computing environments over time.

Abstract: Methods are provided in which a collaboration server connects at least two participants via respective user devices to a collaboration session. The collaboration server further distributes, to the respective user devices, media stream data and one or more customized graphical items that are distinguishably displayed in the collaboration session. The one or more customized graphical items are displayed in a foreground or a background associated with a collaboration space of first participant of the at least two participants. The collaboration server further detects a selection, by one of the respective user devices, of a graphical item from the one or more customized graphical items displayed in the collaboration space and performs at least one action associated with the graphical item during the collaboration session based on detecting the selection of the graphical item.

Abstract: Techniques for associating manufacturer usage description (MUD) security profiles for Internet-of-Things (IoT) device(s) with secure access service edge (SASE) solutions, providing for automated and scalable integration of IoT devices with SASE frameworks. A MUD controller may utilize a MUD uniform resource identifier (URI) emitted by an IoT device to fetch an associated MUD file from a MUD file server associated with a manufacturer of the IoT device. The MUD controller may determine that a security recommendation included in the MUD file is to be implemented by a cloud-based security service provided by the SASE service and cause the IoT device to establish a connection with a secure internet gateway associated with the cloud-based security service. Additionally, or alternatively, the MUD file may include SASE extensions indicating manufacturer recommended cloud-based security services. Further, cloud-based security services may be implemented if local services are unavailable.

Abstract: Systems, methods, and computer-readable media are provided for performing secure frame encryption as a service. For instance, a network device can receive a first request for encrypting a first media stream associated with a first endpoint. In response to the first request, the network device can obtain a first encryption key for encrypting the first media stream associated with the first endpoint. The network device can receive, from the first endpoint, a first plurality of media frames corresponding to the first media stream and encrypt each of the first plurality of media frames using the first encryption key to yield a first plurality of encrypted media frames. The network device can packetize the first plurality of encrypted media frames into a first plurality of data packets for transmission to a second endpoint.

Abstract: Systems, methods, and computer-readable media are provided for performing secure frame encryption as a service. For instance, a network device can receive a first request for encrypting a first media stream associated with a first endpoint. In response to the first request, the network device can obtain a first encryption key for encrypting the first media stream associated with the first endpoint. The network device can receive, from the first endpoint, a first plurality of media frames corresponding to the first media stream and encrypt each of the first plurality of media frames using the first encryption key to yield a first plurality of encrypted media frames. The network device can packetize the first plurality of encrypted media frames into a first plurality of data packets for transmission to a second endpoint.

Abstract: This disclosure describes techniques for exchanging keys associated with encrypted media sessions using blockchains. In an example method, one or more encrypted frames are generated by encrypting one or more media frames based on an encryption key. Data indicating a ledger in a blockchain is transmitted to one or more computing devices. The ledger includes a decryption key configured to decrypt the one or more encrypted frames. Data packets are generated by packetizing the one or more encrypted frames. The data packets are transmitted to the one or more computing devices.

Abstract: Systems, methods, and computer-readable media are provided for dynamic allocation of network security resources and measures to network traffic between end terminals on a network and a network destination, based in part on an independently sourced reputation score of the network destination. In one aspect, a method includes receiving, at a cloud network controller, a request from an end terminal for information on a network destination; determining, at the cloud network controller, a reputation score for the network destination; determining, at the cloud network controller, one or more security measures to be applied when accessing the network destination, based on the reputation score; and communicating, by the cloud network controller, the one or more security measures to the end terminal, wherein the end terminal communicates the one or more security measures to a third-party security service provider for applying to communications between the end terminal and the network destination.

Abstract: Techniques for a network controller associated with a firewall service to determine a network policy based on operational tolerances associated with a device, and cause the network policy to be provisioned at the firewall service where control commands, such as, for example, supervisory control and data acquisition (SCADA) commands, may be allowed or denied transmission to the device based on the operational tolerance(s) associated with the device. In some examples, the network controller may be configured as a manufacturer usage description (MUD) controller configured to transmit a MUD uniform resource identifier (URI), emitted by the device, to a MUD file server associated with the manufacturer of the device. The MUD file may be enhanced to include the operational tolerances associated with the device and transmitted back to the MUD controller where it may be parsed to determine a corresponding network policy.

Abstract: Techniques for a context-aware secure access service edge (SASE) engine for generating security profile(s) associated with endpoint device(s) accessing the network and using the security profile(s) to evaluate a traffic flow from the endpoint device(s). The SASE engine may execute on an edge device of a computing resource network and may be configured to maintain a security profile database including an endpoint security profile mapping. Endpoint device(s) accessing the network may share endpoint, application, and/or user specific information with the SASE engine so that the SASE engine may generate a security profile specific to the endpoint, application, and/or user. Additionally, an enterprise network, associated with endpoint device(s) accessing the network, may provide default SASE security profile templates to the SASE engine.

Abstract: Techniques are described herein for implementing and using a secure access service edge (SASE) exchange system to allow SASE providers to share SASE services with other providers. A SASE exchange system may be used by any number of SASE providers to support SASE roaming by user endpoints between different SASE providers. A user endpoint may use SASE roaming to access additional sets of SASE services and capabilities that cannot be provided by a home SASE provider and/or other current SASE provider(s) of the user endpoint. In some examples, a SASE exchange system may be used to transition user endpoints from one SASE provider to another. Additionally or alternatively, the SASE exchange system may determine a combination of SASE providers that can be used to provide different subsets of shared SASE services/capabilities to a user endpoint.

Abstract: Techniques for associating manufacturer usage description (MUD) security profiles for Internet-of-Things (IoT) device(s) with secure access service edge (SASE) solutions, providing for automated and scalable integration of IoT devices with SASE frameworks. A MUD controller may utilize a MUD uniform resource identifier (URI) emitted by an IoT device to fetch an associated MUD file from a MUD file server associated with a manufacturer of the IoT device. The MUD controller may determine that a security recommendation included in the MUD file is to be implemented by a cloud-based security service provided by the SASE service and cause the IoT device to establish a connection with a secure internet gateway associated with the cloud-based security service. Additionally, or alternatively, the MUD file may include SASE extensions indicating manufacturer recommended cloud-based security services. Further, cloud-based security services may be implemented if local services are unavailable.

Abstract: Techniques for associating manufacturer usage description (MUD) security profiles for Internet-of-Things (IoT) device(s) with secure access service edge (SASE) solutions, providing for automated and scalable integration of IoT devices with SASE frameworks. A MUD controller may utilize a MUD uniform resource identifier (URI) emitted by an IoT device to fetch an associated MUD file from a MUD file server associated with a manufacturer of the IoT device. The MUD controller may determine that a security recommendation included in the MUD file is to be implemented by a cloud-based security service provided by the SASE service and cause the IoT device to establish a connection with a secure internet gateway associated with the cloud-based security service. Additionally, or alternatively, the MUD file may include SASE extensions indicating manufacturer recommended cloud-based security services. Further, cloud-based security services may be implemented if local services are unavailable.

Abstract: Techniques are described herein for generating network topologies based on models, and deploying the network topologies across hybrid clouds and other computing environments that include multiple workload resource domains. A topology deployment system may receive data representing a logical topology model, and may generate a network topology for deployment based on the logical model. The network topology may include various services and/or other resources provided by different tenants in the computing environment, and tenant may be associated with different set of resources and deployment constraints. The topology deployment system may determine and generate the network topology to use the various resources and comply with various deployment constraints of the different tenants providing the services, and the tenants consuming the network topology.

Abstract: This disclosure describes techniques for selectively providing access to a physical space. An example method includes identifying a location of a device associated with an authorized user based on an electromagnetic signal received by at least one sensor from the device. The electromagnetic signal has a frequency that is greater than or equal to 24 gigahertz (GHz). The example method further includes determining that the location of the device is within a threshold distance of a location of a threshold to a secured space and determining that an authentication score indicating that an individual carrying the device is the authorized user is greater than a threshold score. The authentication score is associated with multiple authentication factors identified by the device. Based on determining that the authentication score is greater than the threshold score, the threshold is unlocked and/or opened.

Abstract: A method includes receiving, at a chaos level engine, initial input parameters. The method may further include, with the chaos level engine, determining scaled input parameters based on the initial input parameters. The scaled input parameters define how the initial input parameters effect a computing environment to be tested. The method may further include, with the chaos level engine determining a chaos level for performing a chaos experiment on the computing environment based on the scaled input parameters and sending the chaos level to the computing environment for the chaos experiment. The method may further include, with the chaos level engine, receiving, from the computing environment, feedback defining an impact caused by the chaos experiment created at the computing environment and an intended level of chaos.

Abstract: Methods are provided in which a collaboration server connects at least two participants via respective user devices to a collaboration session. The collaboration server further distributes, to the respective user devices, media stream data and one or more customized graphical items that are distinguishably displayed in the collaboration session. The one or more customized graphical items are displayed in a foreground or a background associated with a collaboration space of first participant of the at least two participants. The collaboration server further detects a selection, by one of the respective user devices, of a graphical item from the one or more customized graphical items displayed in the collaboration space and performs at least one action associated with the graphical item during the collaboration session based on detecting the selection of the graphical item.

Abstract: Methods are provided in which a collaboration server connects at least two participants via respective user devices to a collaboration session. The collaboration server further distributes, to the respective user devices, media stream data and one or more customized graphical items that are distinguishably displayed in the collaboration session. The one or more customized graphical items are displayed in a foreground or a background associated with a collaboration space of first participant of the at least two participants. The collaboration server further detects a selection, by one of the respective user devices, of a graphical item from the one or more customized graphical items displayed in the collaboration space and performs at least one action associated with the graphical item during the collaboration session based on detecting the selection of the graphical item.

Abstract: Methods are provided in which a collaboration server connects at least two participants via respective user devices to a collaboration session. The collaboration server further distributes, to the respective user devices, media stream data and one or more customized graphical items that are distinguishably displayed in the collaboration session. The one or more customized graphical items are displayed in a foreground or a background associated with a collaboration space of first participant of the at least two participants. The collaboration server further detects a selection, by one of the respective user devices, of a graphical item from the one or more customized graphical items displayed in the collaboration space and performs at least one action associated with the graphical item during the collaboration session based on detecting the selection of the graphical item.

Abstract: Disclosed is a system and method of providing a segment routing as a service application. The method includes receiving a configuration of an internet protocol environment. The configuration can be a layer 3 configuration of a single cloud environment or even across multiple cloud environments. The configuration defines routing, forwarding, and paths in the environment between different entities such as virtual machines. The method includes receiving a parameter associated with a workload of a tenant. The parameter can be a service level agreement (i.e., a best bandwidth available), a pathway requirement, a parameter associated with specific workload, and so forth. Based on the configuration and the parameter, the method includes generating tenant-defined layer 3 overlay segment routing rules that define how the workload of the tenant will route data in the internet protocol environment using segment routing.