Abstract: Network traffic inspection is disclosed. An application executing on a client device as an operating system that uses a virtual private network (VPN) stack of the operating system intercepts a first IP packet. The application determines that a policy should be applied to the intercepted first IP packet. The policy is applied to the intercepted first IP packet.

Abstract: Network traffic inspection is disclosed. An application executing on a client device as an operating system that uses a virtual private network (VPN) stack of the operating system intercepts a first IP packet. The application determines that a policy should be applied to the intercepted first IP packet. The policy is applied to the intercepted first IP packet.

Abstract: Network traffic inspection is disclosed. An application executing on a client device as an operating system that uses a virtual private network (VPN) stack of the operating system intercepts a first IP packet. The application determines that a policy should be applied to the intercepted first IP packet. The policy is applied to the intercepted first IP packet.

Abstract: Techniques for inspecting network traffic are disclosed. An application executing as an operating system extension that uses a virtual private network (VPN) stack of the operating system intercepts an Internet protocol (IP) packet for delivery to a remote computer system. A determination is made of an alteration action to take in response to intercepting the packet. The determined action is taken.

Abstract: A reverse TCP/IP stack infrastructure is disclosed. In an example use, an application executing on a client device as an operating system extension that uses a virtual private network stack of the operating system intercepts a first IP packet generated by a client program. The application determines that the first IP packet comprises a Transmission Control Protocol synchronize message and opens a socket to a destination Internet Protocol address and destination port. A synchronize acknowledgement is received. A packet to transmit to the client program is synthesized that includes a synchronize acknowledgment.

Abstract: Network traffic inspection is disclosed. An application executing on a client device as an operating system that uses a virtual private network (VPN) stack of the operating system intercepts a first IP packet. The application determines that a policy should be applied to the intercepted first IP packet. The policy is applied to the intercepted first IP packet.

Abstract: Network traffic inspection is disclosed. An application executing on a client device as an operating system that uses a virtual private network (VPN) stack of the operating system intercepts a first IP packet. The application determines that a policy should be applied to the intercepted first IP packet. The policy is applied to the intercepted first IP packet.

Abstract: Techniques for inspecting network traffic are disclosed. An application executing as an operating system extension that uses a virtual private network (VPN) stack of the operating system intercepts an Internet protocol (IP) packet for delivery to a remote computer system. A determination is made of an action to take in response to intercepting the packet. The determined action is taken.

Abstract: Techniques for inspecting network traffic are disclosed. An application executing as an operating system extension that uses a virtual private network (VPN) stack of the operating system intercepts an Internet protocol (IP) packet for delivery to a remote computer system. A determination is made of an action to take in response to intercepting the packet. The determined action is taken.

Abstract: An access proxy system is disclosed. A proxy server receives, from a client device, a request to access a protected resource. The protected resource represents a mapping between a user-facing domain and an internal domain that is only accessible from behind a set of one or more proxies that includes the proxy server. In response to receiving a grant of permission by an access policy engine, the proxy server proxies access to the protected resource using a mutual-TLS connection with the client device.

Abstract: A mobile device application executing on a mobile device as an operating system extension that uses a virtual private network (VPN) stack of the operating system intercepts a first Internet protocol (IP) packet for delivery to a remote computer system. The application determines that the intercepted first IP packet is associated with sensitive information. In response creates a VPN tunnel between the remote computer system to securely send data from the mobile device to the remote computer system.

Abstract: Techniques for inspecting network traffic are disclosed. An application executing as an operating system extension that uses a virtual private network (VPN) stack of the operating system intercepts an Internet protocol (IP) packet for delivery to a remote computer system. A determination is made, by the application, that the intercepted IP packet indicates a security threat. The intercepted IP packet is prevented from being delivered to the remote computer system based on the determination.

Abstract: Methods, apparatuses, and embodiments related to a technique for inspecting network traffic. In an example, a user downloads and installs a security application at his computer as an operating system extension, resulting in the security application being initialized by the operating system during initialization of the operating system, such as during power on or reset. An application utilized by the user sends an Internet Protocol (IP) packet for delivery to a remote computer system. The IP packet is intercepted by the security application via a network extension service of the operating system. If a determination is made that the IP packet indicates a security threat, the security application prevents the IP packet from being transmitted to a network for delivery to the remote computer system and displays a message indicating the security threat.

Abstract: Technology is disclosed for preventing an exfiltration of a data associated with an application executing on a mobile device. The technology can migrate the application from a computing platform of the mobile device to a secure computing platform, where the secure computing platform is independent of the computing platform of the mobile device. The technology can further receive a request to access the application through the mobile device, execute the requested application on the secure computing platform, and provide an access to the requested application executing on the secure computing platform through the mobile device. The access provided through the mobile device includes displaying information on the mobile device, where the displayed information includes data generated by the execution of requested application on the secure platform.

Abstract: Technology is disclosed for preventing an exfiltration of a data associated with an application executing on a mobile device. The technology can migrate the application from a computing platform of the mobile device to a secure computing platform, where the secure computing platform is independent of the computing platform of the mobile device. The technology can further receive a request to access the application through the mobile device, execute the requested application on the secure computing platform, and provide an access to the requested application executing on the secure computing platform through the mobile device. The access provided through the mobile device includes displaying information on the mobile device, where the displayed information includes data generated by the execution of requested application on the secure platform.