Abstract: Machine learning techniques are described for analyzing information network traffic to identify different devices connected to a network. Transmitted network packets may be passively collected and analyzed. In some cases the described techniques may be used to identify distinct devices connected to a network even though the collected and analyzed packets may lack a unique device identifier, such as a media access control (MAC) identifier, corresponding to a device that originated the packets.

Abstract: Techniques are disclosed for generating a combined visual representation of subsets of devices associated with corresponding sub-networks of a private network, where at least two devices in corresponding sub-networks share a same private internet protocol (IP) address. The system generates a separate profile for each device using a combination of elements including at least (a) a private IP address corresponding to the device and (b) a network identifier corresponding to a sub-network associated with the device. These sub-networks and their constituent devices may be visually represented in corresponding user interface elements.

Abstract: Presenting, at a graphical user interface (GUI), device photos and risk categories associated with devices in a network is described. Data packets communicated in a network are detected. Based on the detected data packets, a set of devices in the network are determined. A set of device photos associated respectively with the set of devices are determined. A GUI concurrently presents the set of device photos to indicate the set of devices detected in the network. The set of devices may be filtered, sorted, and/or grouped based on various criteria. The GUI may present the device photos according to the filtering, sorting, and/or grouping. Additionally or alternatively, risk scores associated respectively with the set of devices are determined. The set of devices are categorized into respective risk categories based on the associated risk scores. A GUI concurrently presents a set of risk categories and information associated with each risk category.

Abstract: Techniques for identifying and mapping applications to devices in a network are disclosed. A system monitors data transmitted on a network to identify a plurality of data traffic patterns in the network. Based on the plurality of data traffic patterns, the system identifies a plurality of applications associated with respective subsets of the data, the plurality of applications including a first and a second application. The system determines that a particular network infrastructure element, among the plurality of network infrastructure elements, processes data associated with the first application. The system stores a mapping between the particular network infrastructure element and the first application.

Abstract: Techniques are disclosed for generating a combined visual representation of subsets of devices associated with corresponding sub-networks of a private network, where at least two devices in corresponding sub-networks share a same private internet protocol (IP) address. The system generates a separate profile for each device using a combination of elements including at least (a) a private IP address corresponding to the device and (b) a network identifier corresponding to a sub-network associated with the device. These sub-networks and their constituent devices may be visually represented in corresponding user interface elements.

Abstract: Techniques for identifying and mapping applications to devices in a network are disclosed. A system monitors data transmitted on a network to identify a plurality of data traffic patterns in the network. Based on the plurality of data traffic patterns, the system identifies a plurality of applications associated with respective subsets of the data, the plurality of applications including a first and a second application. The system determines that a particular network infrastructure element, among the plurality of network infrastructure elements, processes data associated with the first application. The system stores a mapping between the particular network infrastructure element and the first application.

Abstract: Techniques for generating and enforcing security policies for device clusters are disclosed. A security manager generates a plurality of clusters of devices for applying security policies. For each cluster of devices, the security manager trains a machine learning model to indicate whether a particular data flow associated with a device in the particular cluster of devices is allowed or denied. The security manager detects a data flow corresponding to a device. If the security manager determines that the device corresponds to a first cluster of devices, the security manager identifies a first trained machine learning model corresponding to the first cluster of devices. The security manager applies the first trained machine learning model to the first data flow to determine whether the first data flow is to be allowed or denied. The security manager allows or denies the first data flow based on the applying operation.

Abstract: Machine learning techniques are described for analyzing information network traffic to identify different devices connected to a network. Transmitted network packets may be passively collected and analyzed. In some cases the described techniques may be used to identify distinct devices connected to a network even though the collected and analyzed packets may lack a unique device identifier, such as a media access control (MAC) identifier, corresponding to a device that originated the packets.

Abstract: Systems and methods described may deduce that a machine is in use for a period of time preceding and/or subsequent to a detected operation. The deduction of the usage period may be based on a type of the detected operation. The system may deduce that a machine is in-use during a period of time that spans from (a) a first point-in-time when a first type of operation was detected to (b) a second point-in-time when a second type of operation was detected.

Abstract: Presenting, at a graphical user interface (GUI), device photos and risk categories associated with devices in a network is described. Data packets communicated in a network are detected. Based on the detected data packets, a set of devices in the network are determined. A set of device photos associated respectively with the set of devices are determined. A GUI concurrently presents the set of device photos to indicate the set of devices detected in the network. The set of devices may be filtered, sorted, and/or grouped based on various criteria. The GUI may present the device photos according to the filtering, sorting, and/or grouping. Additionally or alternatively, risk scores associated respectively with the set of devices are determined. The set of devices are categorized into respective risk categories based on the associated risk scores. A GUI concurrently presents a set of risk categories and information associated with each risk category.

Abstract: Presenting, at a graphical user interface (GUI), device photos and risk categories associated with devices in a network is described. Data packets communicated in a network are detected. Based on the detected data packets, a set of devices in the network are determined. A set of device photos associated respectively with the set of devices are determined. A GUI concurrently presents the set of device photos to indicate the set of devices detected in the network. The set of devices may be filtered, sorted, and/or grouped based on various criteria. The GUI may present the device photos according to the filtering, sorting, and/or grouping. Additionally or alternatively, risk scores associated respectively with the set of devices are determined. The set of devices are categorized into respective risk categories based on the associated risk scores. A GUI concurrently presents a set of risk categories and information associated with each risk category.

Abstract: Techniques for presenting, at a graphical user interface (GUI), a constellation view of communications associated with node groups of a network disclosed. A GUI presents icons arranged on concentric rings. Icons on one ring represent device groups. Icons on another ring represent address groups. Icons on another ring represent intranet groups. Each icon is selectable to request information about the communications of the corresponding node group. Connections are drawn between the selected icon and other icons to represent the communications. Each connection is selectable to request additional information regarding the communication.

Abstract: Examples described herein include a method and system for determining a number of controllers in a Network Authentication Server (NAS) controller cluster, wherein each of the controllers in the NAS controller cluster includes a unique Physical Internet Protocol (PIP) address; creating a number of unique Virtual Internet Protocol (VIP) addresses for use by an external authentication server (EAS) to communicate with the controllers in the NAS controller cluster, wherein the number of VIP addresses is to be proportional to the number of PIP addresses; and mapping each controller in the NAS controller cluster to a plurality of VIP addresses, wherein the VIP addresses are to have different priorities for different controllers in the NAS controller cluster.

Abstract: The present disclosure discloses a method and a network device for failure detection of nodes in a cluster. Specifically, a network device transmits data to another device at a first time. The network device then receives an acknowledgment of the data from the second device at a second time. Next, the network device determines a Round Trip Time (RTT) for the first device and the second device based on the first time and the second time. Based on the RTT, the network device determines a first frequency for transmitting a heartbeat protocol message between the first device and the second device, and transmits a heartbeat protocol message between the first device and the second device at the first frequency.

Abstract: Techniques for determining a device profile and anomalous behavior associated with a device in a network are disclosed. Attribute values associated with a target device are determined based on data packets detected from a network. A subset of a set of classifiers associated with the available attribute values are selected. The attribute values are applied to the selected classifiers to determine a respective candidate device profile. A current device profile is determined for the target device based on the candidate device profiles. The current device profile indicates expected attribute values for the target device. Current attribute values are compared to the expected attribute values to determine whether there is any anomalous behavior associated with the target device.

Abstract: Techniques for presenting, at a graphical user interface (GUI), a constellation view of communications associated with node groups of a network disclosed. A GUI presents icons arranged on concentric rings. Icons on one ring represent device groups. Icons on another ring represent address groups. Icons on another ring represent intranet groups. Each icon is selectable to request information about the communications of the corresponding node group. Connections are drawn between the selected icon and other icons to represent the communications. Each connection is selectable to request additional information regarding the communication.

Abstract: Techniques for presenting, at a graphical user interface (GUI), a constellation view of communications associated with node groups of a network disclosed. A GUI presents icons arranged on concentric rings. Icons on one ring represent device groups. Icons on another ring represent address groups. Icons on another ring represent intranet groups. Each icon is selectable to request information about the communications of the corresponding node group. Connections are drawn between the selected icon and other icons to represent the communications. Each connection is selectable to request additional information regarding the communication.

Abstract: Presenting, at a graphical user interface (GUI), device photos and risk categories associated with devices in a network is described. Data packets communicated in a network are detected. Based on the detected data packets, a set of devices in the network are determined. A set of device photos associated respectively with the set of devices are determined. A GUI concurrently presents the set of device photos to indicate the set of devices detected in the network. The set of devices may be filtered, sorted, and/or grouped based on various criteria. The GUI may present the device photos according to the filtering, sorting, and/or grouping. Additionally or alternatively, risk scores associated respectively with the set of devices are determined. The set of devices are categorized into respective risk categories based on the associated risk scores. A GUI concurrently presents a set of risk categories and information associated with each risk category.

Abstract: Techniques for determining a device profile and anomalous behavior associated with a device in a network are disclosed. Attribute values associated with a target device are determined based on data packets detected from a network. A subset of a set of classifiers associated with the available attribute values are selected. The attribute values are applied to the selected classifiers to determine a respective candidate device profile. A current device profile is determined for the target device based on the candidate device profiles. The current device profile indicates expected attribute values for the target device. Current attribute values are compared to the expected attribute values to determine whether there is any anomalous behavior associated with the target device.

Abstract: A non-transitory computer readable medium comprising instructions which, when executed by one or more hardware processors, causes performance of operations comprising: analyzing, by a first network coordination device, at least one session of the client device for selected characteristics, the first network coordination device being the primary network coordination device for the client device; and providing, by the first network coordination device, current session information of the at least one session of the client device having the selected characteristics to the second network coordination device, the second network coordination device being the standby network coordination device for the client device is shown.