Abstract: Systems and methods include receiving a request from a user device for access to an application; performing an authentication of the request via a customer Identity Provider (IDP); receiving a Security Assertion Markup Language (SAML) assertion from the customer IDP; and performing an action based on the SAML assertion, the action being one of blocking the request, allowing the request, and isolating the request.

Abstract: Systems and methods include, responsive to a request to access an application, wherein the application is in one of a public cloud, a private cloud, and an enterprise network, and wherein the user device is remote over the Internet, determining if a user of the user device is permitted to access the application and whether the application should be provided in an isolated browser; responsive to the determining, initiating an isolation session by creating secure tunnels between the user device, an isolation service operating the isolated browser, and the application based on connection information; loading the application in the isolated browser, via the secure tunnels; and responsive to traffic associated with the isolation session being to an external destination, forwarding the traffic to a cloud monitoring system.

Abstract: The present disclosure relates to systems and methods for synchronizing device states across two distributed systems. Various embodiments include a convergence mechanism also referred to as a device resync engine. The basis of the present system and methods is that any and every operation done between the two distributed systems, via Application Programming Interfaces (API's), pushes the system towards re-synchronization. This is achieved by providing an active feedback of the user's device state on every user action. For example, a user performs an authentication on one device; the two systems complete the authentication and additionally ensure all states of all devices owned by the user are in sync. By performing these small corrections for every user, the present systems and methods are able to re-converge into a synchronized state while keeping compute expanses low and process efficient.

Abstract: The present disclosure relates to systems and methods for synchronizing device states across two distributed systems. Various embodiments include a convergence mechanism also referred to as a device resync engine. The basis of the present system and methods is that any and every operation done between the two distributed systems, via Application Programming Interfaces (API's), pushes the system towards re-synchronization. This is achieved by providing an active feedback of the user's device state on every user action. For example, a user performs an authentication on one device; the two systems complete the authentication and additionally ensure all states of all devices owned by the user are in sync. By performing these small corrections for every user, the present systems and methods are able to re-converge into a synchronized state while keeping compute expanses low and process efficient.

Abstract: Systems and methods include, in a cloud node, receiving Mobile Device Management (MDM) data from a central authority, wherein the MDM data includes policy metadata specifying MDM functions for mobile devices associated with users of an enterprise; communicating to an application on a mobile device associated with a user, via a tunnel, wherein the application is configured for service discovery and connectivity; and providing the MDM data to the mobile device associated with the user via the tunnel.

Abstract: Systems and methods include, in a cloud node, receiving Mobile Device Management (MDM) data from a central authority, wherein the MDM data includes policy metadata specifying MDM functions for mobile devices associated with users of an enterprise; communicating to an application on a mobile device associated with a user, via a tunnel, wherein the application is configured for service discovery and connectivity; and providing the MDM data to the mobile device associated with the user via the tunnel.

Abstract: A cloud-based method of service function chaining using Security Assertion Markup Language (SAML) assertions includes receiving configuration information related to any of users, services, and correspondence between the users and the services; responsive to a request from a user, generating a SAML assertion for the request and attaching a stack of service tags with the SAML assertion, wherein the stack of service tags defines a service chain for the user and for the request; and providing the SAML assertion with the stack of service tags to the user in response to the request. The method can further include providing the SAML assertion by the user to one or more services, wherein each of the services creates a context based on the stack of service tags. Each of the services identifies itself in the stack and sends the SAML assertion to a next service or application in the stack.

Abstract: Systems and methods for replication and validation between a plurality of nodes in a cloud-based system forming a cluster include replicating a database and a software state between the plurality of nodes utilizing a replication algorithm which elects a master of the plurality of nodes and remaining nodes comprising peers, wherein the master is configured to perform the replicating; validating database sequences in the database at all of the plurality of nodes utilizing the replication algorithm to ensure sequential order of the validating between the plurality of nodes; and, responsive to differences between a peer and the master, performing a failure recovery in the database at the peer.

Abstract: Systems and methods for replication and validation between a plurality of nodes in a cloud-based system forming a cluster include replicating a database and a software state between the plurality of nodes utilizing a replication algorithm which elects a master of the plurality of nodes and remaining nodes comprising peers, wherein the master is configured to perform the replicating; validating database sequences in the database at all of the plurality of nodes utilizing the replication algorithm to ensure sequential order of the validating between the plurality of nodes; and, responsive to differences between a peer and the master, performing a failure recovery in the database at the peer.

Abstract: A cloud-based method of service function chaining using Security Assertion Markup Language (SAML) assertions includes receiving configuration information related to any of users, services, and correspondence between the users and the services; responsive to a request from a user, generating a SAML assertion for the request and attaching a stack of service tags with the SAML assertion, wherein the stack of service tags defines a service chain for the user and for the request; and providing the SAML assertion with the stack of service tags to the user in response to the request. The method can further include providing the SAML assertion by the user to one or more services, wherein each of the services creates a context based on the stack of service tags. Each of the services identifies itself in the stack and sends the SAML assertion to a next service or application in the stack.

Abstract: A cloud-based method, a system, and a cloud-based security system include receiving a request from a user for a cloud application at a proxy server; determining whether the user is authenticated based on a presence of cookies in the request; if the cookies are present, un-transforming the cookies by the proxy server and forwarding the request with the un-transformed cookies to the cloud application; and, if the cookies are not present, forwarding the request to the cloud application by the proxy server for authentication and transforming the cookies subsequent to the authentication prior to sending the cookies to the user.

Abstract: A cloud-based method, a system, and a cloud-based security system include receiving a request from a user for a cloud application at a proxy server; determining whether the user is authenticated based on a presence of cookies in the request; if the cookies are present, un-transforming the cookies by the proxy server and forwarding the request with the un-transformed cookies to the cloud application; and, if the cookies are not present, forwarding the request to the cloud application by the proxy server for authentication and transforming the cookies subsequent to the authentication prior to sending the cookies to the user.