Abstract: The technology disclosed relates to configuring IoT devices for policy enforcement. In particular, the technology disclosed relates to configuring a plurality of special-purpose devices on a network segment of a network to steer outbound network traffic to an inline secure forwarder on the network segment instead of a default gateway on the network segment. The inline secure forwarder is configured to route the outbound network traffic to a policy enforcement point for a policy enforcement.

Abstract: The technology disclosed enables metadata-based policy enforcement for requests that do not include metadata relevant to a policy. In a particular example, a method provides, in a network security system interposed between clients and a cloud application, receiving an incoming request from a client directed towards the cloud application. In response to determining that the incoming request lacks metadata for enforcement of a policy, the method includes transmitting a synthetic request to obtain the metadata from the cloud application and receiving a response to the synthetic request. The response provides the metadata. The method further includes applying the policy to the incoming request based on the metadata.

Abstract: The technology disclosed describes a system. The system comprises a network security system interposed between clients and cloud applications. The network security system is configured to generate a synthetic request, and inject the synthetic request into an application session to transmit the synthetic request to a cloud application and receive a response to the synthetic request from the cloud application.

Abstract: The technology disclosed describes a system. The system comprises a network security system interposed between clients and cloud applications. The network security system is configured to process an incoming request from a client and generate metadata. The network security system is further configured to transmit the incoming request to a cloud application. The network security system is further configured to configure the metadata to expire after an expiration window. The network security system is further configured to receive, after the expiration window, a further incoming request from the client. The further incoming request is directed towards the cloud application and subject to policy enforcement that requires the expired metadata. The network security system is further configured to hold the further incoming request and transmit a synthetic request to the cloud application. The synthetic request is configured to retrieve the expired metadata from the cloud application.

Abstract: Virtual storage arrays consolidate branch data storage at data centers connected via wide area networks. Virtual storage arrays appear to storage clients as local data storage; however, virtual storage arrays actually store data at the data center. The virtual storage arrays overcomes bandwidth and latency limitations of the wide area network by predicting and prefetching storage blocks, which are then cached at the branch location. Virtual storage arrays leverage an understanding of the semantics and structure of high-level data structures associated with storage blocks to predict which storage blocks are likely to be requested by a storage client in the near future. Virtual storage arrays determine the association between requested storage blocks and corresponding high-level data structure entities to predict additional high-level data structure entities that are likely to be accessed. From this, the virtual storage array identifies the additional storage blocks for prefetching.

Abstract: A system and method for camera-based stress determination. The method includes: determining a plurality of regions-of-interest (ROIs) of a body part; determining a set of bitplanes in a captured image sequence for each ROI that represent HC changes using a trained machine learning model, the machine learning model trained with a hemoglobin concentration (HC) changes training set, the HC changes training set trained using bitplanes from previously captured image sequences of other human individuals as input and received cardiovascular data as targets; determining an HC change signal for each of the ROIs based on changes in the set of determined bitplanes; for each ROI, determining intervals between heartbeats based on peaks in the HC change signal; determining heart rate variability using the intervals between heartbeats; determining a stress level using at least one determination of a standard deviation of the heart rate variability; and outputting the stress level.

Abstract: The technology disclosed describes a system. The system comprises an edge network of a plurality of points of presence of a network security system. Points of presence in the plurality of points of presence are configured to intermediate traffic between clients and cloud applications and to use metadata to apply policies on the intermediated traffic. There are redundancies in metadata synchronization between the points of presence due to metadata migration to a second point of presence from a first point of presence handing off intermediation to the second point of presence within an application session. Each of the points of presence is configured with inline metadata generation logic. The inline metadata generation logic is configured to issue synthetic requests to provide the metadata to the second point of presence without requiring the metadata migration to the second point of presence.

Abstract: The technology disclosed relates to application-specific data flow for synthetic request injection for cloud security enforcement. In particular, it relates to data flow logic configured to inject an incoming request directed to a cloud application in a processing path of a particular network security system.

Abstract: The technology disclosed describes a network security system that is configured to configure a synthetic request with an object identifier, and to inject the synthetic request into an application session to transmit the synthetic request to a cloud application. The synthetic request is configured to retrieve object metadata about the object using the object identifier. The network security system is further configured to receive from the cloud application a response to the synthetic request. The response supplies the object metadata.

Abstract: The technology disclosed describes a system. The system comprises a network security system interposed between clients and cloud applications. The network security system is configured to process an incoming request from a client and generate metadata. The network security system is further configured to transmit the incoming request to a cloud application. The network security system is further configured to configure the metadata to expire after an expiration window. The network security system is further configured to receive, after the expiration window, a further incoming request from the client. The further incoming request is directed towards the cloud application and subject to policy enforcement that requires the expired metadata. The network security system is further configured to hold the further incoming request and transmit a synthetic request to the cloud application. The synthetic request is configured to retrieve the expired metadata from the cloud application.

Abstract: The technology disclosed relates to an inline proxy configured with synthetic request injection logic to intercept incoming requests during an application session, and generate, during the application session, synthetic requests that are separate from the incoming requests.

Abstract: The technology disclosed describes a system. The system comprises a network security system interposed between clients and cloud applications. The network security system is configured to receive one or more incoming requests towards a cloud application from a client during an application session, inject one or more synthetic requests into the application session to transmit the synthetic requests to the cloud application, and receive one or more responses to the synthetic requests from the cloud application. The synthetic requests are constructed using one or more parameters of the incoming requests, and do not transmit the incoming requests.

Abstract: The technology disclosed describes a system. The system comprises a network security system interposed between clients and cloud applications. The network security system is configured to generate a synthetic request, and inject the synthetic request into an application session to transmit the synthetic request to a cloud application and receive a response to the synthetic request from the cloud application.

Abstract: The technology disclosed relates to using synthetic request injection to improve cloud object security posture management.

Abstract: A system and method for camera-based stress determination. The method includes: determining a plurality of regions-of-interest (ROIs) of a body part; determining a set of bitplanes in a captured image sequence for each ROI that represent HC changes using a trained machine learning model, the machine learning model trained with a hemoglobin concentration (HC) changes training set, the HC changes training set trained using bitplanes from previously captured image sequences of other human individuals as input and received cardiovascular data as targets; determining an HC change signal for each of the ROIs based on changes in the set of determined bitplanes; for each ROI, determining intervals between heartbeats based on peaks in the HC change signal; determining heart rate variability using the intervals between heartbeats; determining a stress level using at least one determination of a standard deviation of the heart rate variability; and outputting the stress level.

Abstract: A system for navigation detection and inclination measurement of advanced hydraulic supports, including a detection device module, a signal transfer transmission module, connected to the detection device module, and used to integrate ultrasonic signals and inclination signals received from all advanced hydraulic supports and then wirelessly transmit all the signals to an analysis and processing module. The analysis and processing module, connected to the signal transfer transmission module, and used to receive the signals from the signal integration and transmission device for analysis, where if an analysis result shows an abnormal situation, an alarm will b e immediately given to a worker. If the analysis result shows a continuous abnormal situation, or a relatively large value indicating the abnormal situation is generated, a command will be immediately sent to make the advanced hydraulic supports stop operating in a current mode.

Abstract: A spray-capillary device is configured to process ultra-low-volume samples. The spray-capillary device includes a capillary tube that includes a lumen, an inner surface, an outer surface, an inlet end for receiving a fluid, and a discharge end having a porous section. A polymer material may be applied to the inner surface to form a polymer coating thereon. A downstream connector provides an interface between the porous section of the capillary tube, a conductive fluid, and a high voltage electrical source. The application of voltage to the downstream connector causes electrospray ionization, which can be used to draw ultra-low-volume samples into the inlet end. A gas injection assembly can be used to increase the pressure on the inlet end of the capillary tube to encourage movement of the sample therethrough. The spray-capillary device may be used to provide the ultra-low-volume samples to a mass spectrometer or other suitable analytic device.

Abstract: A spray-capillary device is configured to process ultra low-volume samples. The spray-capillary device includes a spray capillary that includes an inlet end and a discharge end. The spray capillary includes a porous section at the discharge end. A downstream connector provides an interface between the porous section of the spray capillary, a conductive fluid, and a high voltage electrical source. The application of voltage to the downstream connector causes electrospray ionization, which can be used to draw ultra law volume samples into the inlet end. A gas injection assembly can be used to increase the pressure on the inlet end of the spray capillary to encourage movement of the sample through the spray capillary. The spray-capillary device is well suited for providing ultra low samples to a mass spectrometer detection device.

Abstract: The technology disclosed describes a system. The system comprises a network security system interposed between clients and cloud applications. The network security system is configured to receive one or more incoming requests from a client during an application session, inject one or more synthetic requests into the application session independently of the incoming requests to transmit the synthetic requests to the cloud application, and receive one or more responses to the synthetic requests from the cloud application.

Abstract: A system for navigation detection and inclination measurement of advanced hydraulic supports, including a detection device module, a signal transfer transmission module, connected to the detection device module, and used to integrate ultrasonic signals and inclination signals received from all advanced hydraulic supports and then wirelessly transmit all the signals to an analysis and processing module. The analysis and processing module, connected to the signal transfer transmission module, and used to receive the signals from the signal integration and transmission device for analysis, where if an analysis result shows an abnormal situation, an alarm will b e immediately given to a worker. If the analysis result shows a continuous abnormal situation, or a relatively large value indicating the abnormal situation is generated, a command will be immediately sent to make the advanced hydraulic supports stop operating in a current mode.