Abstract: In one implementation, traffic in a mobile network is offloaded to a security as a service server or a cloud server. A mobile access gateway (MAG) in the mobile network identifies one or more mobile nodes that are configured for communication on the mobile network. The MAG receives a message that includes an address of a mobile node and sends a request based on the message to the security as a service server. The MAG forwards traffic flows to the security as a service server according to the message, which is configured to detect an indication of malicious software in the traffic flows and/or filter content of the traffic flows according to a user profile.

Abstract: Disclosed are systems, methods, and computer-readable storage media for fog enabled telemetry in real time multimedia applications. An edge computing device can receive first sensor data from at least a first sensor and a collaboration data stream from a first client device. The collaboration data stream can including at least one of chat, audio or video data. The edge computing device can convert the first sensor data into a collaboration data stream format, yielding a first converted sensor data, and then embed the first converted sensor data into the collaboration data stream, yielding an embedded collaboration data stream. The edge computing device can then transmit the embedded collaboration data stream to an intended recipient.

Abstract: In one implementation, a network device provides a single signoff service to one or more endpoints in software as a service (SaaS) sessions. The network device is configured to monitor a session between a software as a service (SaaS) provider and an endpoint device and to identify a network event trigger associated with the session. In response to the network event trigger, a signoff message is generated to the SaaS provider by the network device. The SaaS provider is configured to purge the session in response to the signoff message.

Abstract: In one implementation, a network device provides a single signoff service to one or more endpoints in software as a service (SaaS) sessions. The network device is configured to monitor a session between a software as a service (SaaS) provider and an endpoint device and to identify a network event trigger associated with the session. In response to the network event trigger, a signoff message is generated to the SaaS provider by the network device. The SaaS provider is configured to purge the session in response to the signoff message.

Abstract: In one implementation, identity based security features and policies are applied to endpoint devices behind an intermediary device, such as a network address translation device. The access network switch authenticates an endpoint based on a user identity and a credential. A hypertext transfer protocol (HTTP) packet is generated or modified to include the user identity in an inline header. The HTTP packet including the user identity is sent to a policy enforcement device to look up one or more policies for the endpoint. The access switch receives traffic from the policy enforcement device that is filtered according the user identity. Subsequent TCP connections may also include identity information within the TCP USER_HINT option in a synchronization packet thus allowing identity propagation for other applications and protocols.

Abstract: In one implementation, identity based security features and policies are applied to endpoint devices behind an intermediary device, such as a network address translation device. The access network switch authenticates an endpoint based on a user identity and a credential. A hypertext transfer protocol (HTTP) packet is generated or modified to include the user identity in an inline header. The HTTP packet including the user identity is sent to a policy enforcement device to look up one or more policies for the endpoint. The access switch receives traffic from the policy enforcement device that is filtered according the user identity. Subsequent TCP connections may also include identity information within the TCP USER_HINT option in a synchronization packet thus allowing identity propagation for other applications and protocols.

Abstract: In one implementation, traffic in a mobile network is offloaded to a security as a service server or a cloud server. A mobile access gateway (MAG) in the mobile network identifies one or more mobile nodes that are configured for communication on the mobile network. The MAG receives a message that includes an address of a mobile node and sends a request based on the message to the security as a service server. The MAG forwards traffic flows to the security as a service server according to the message, which is configured to detect an indication of malicious software in the traffic flows and/or filter content of the traffic flows according to a user profile.