Abstract: In one embodiment, a device obtains transaction data regarding a user account of an application performing a transaction within the application to access a particular document. The transaction data is captured by instrumentation code inserted into the application at runtime. The device identifies, based on the transaction data, a data mining policy for the transaction. The device generates, based on the data mining policy, identification information associated with the user account and the particular document. The device inserts, via the instrumentation code, tracing data into the particular document that causes a client that opens the particular document to send a web request for a uniform resource locator (URL) associated with the identification information.

Abstract: Techniques are provided for an “on demand” or event-triggered end user monitoring/remote user monitoring (EUM/RUM) solution that is activated when the user has requested it, or an event (conditions of which are set by a user) occurs that triggers activation of the EUM/RUM solution. This EUM/RUM may be completely integrated into an enterprise IT Help Desk system, whereby support “tickets” are automatically generated when the monitoring solution is instantiated.

Abstract: Techniques and apparatus for managing a message relaying system are described. One technique includes an access point (AP) detecting a first signal and a second signal from a computing device. A validation of the first signal is performed based on parameters of the first signal and the second signal. After the validation, information associated with the first signal is transmitted to a computing system. In another technique, the computing system may designate one of multiple APs reporting information regarding first signals as a primary reporting AP and designate the remaining APs as secondary reporting APs. The computing system may instruct the secondary reporting APs to refrain from reporting information regarding first signals to the computing system.

Abstract: In one embodiment, a device obtains transaction data regarding a transaction attempted within a software development environment, wherein the transaction data is captured by instrumentation code inserted into the software development environment at runtime. The device identifies, based on the transaction data, an access policy for the transaction. The device makes, based on the access policy, a determination that the transaction is not authorized. The device causes, via the instrumentation code, the transaction to be blocked from completing within the software development environment.

Abstract: Techniques for a TCP proxy to communicate over a LEO satellite network on behalf of a client device by selecting a TCP congestion-control algorithm that is optimal for the LEO satellite network based on the time of day and/or location of the TCP proxy. Based on the locations of satellites during the day as they traverse predefined and patterned orbital paths, different TCP congestion-control algorithms may be more optimized to communicate data through the LEO satellite network. However, client devices generally use a single TCP congestion-control algorithm to communicate over WAN networks. Accordingly, a TCP proxy may be inserted on, for example, a router to communicate with the client device using a TCP congestion-control algorithm that the client device is configured to use, but then communicate over the LEO satellite network using a different TCP congestion-control algorithm that is optimal based on the time of day and/or other factors.

Abstract: Methods and apparatuses for prioritizing transactions are disclosed. An example method of an application performance monitor (APM) comprises intercepting a first packet being transmitted in a network that is monitored by the APM; determining that the first packet is associated with a transaction of the web application that is to be provided with an alternate level of service; modifying a field in the first packet to include metadata interpretable by at least one network device in the network to cause the at least one network device to provide the alternate level of service; and injecting the first packet into the network. The APM may cause network devices to prioritize a specific transaction of an application based on importance.

Abstract: Methods are provided to perform a name resolution triggered monitoring agent selection for full stack observability. The methods involve obtaining a name resolution request for an enterprise service to be accessed by an endpoint device. A plurality of service instances are configured to provide the enterprise service. The methods further involve determining, based on the name resolution request, a monitoring agent from a plurality of monitoring agents of a monitoring service that monitors performance of the enterprise service and selecting a service instance, from the plurality of service instances, that is associated with the monitoring agent in a name resolution record. The methods further involve providing, to the endpoint device, location information for accessing the service instance and provisioning the monitoring agent to monitor the performance of the enterprise service executed by the service instance for the endpoint device.

Abstract: In one embodiment, a device obtains transaction data regarding a transaction attempted by a client of an online application within the online application. The transaction data is captured by instrumentation code inserted into the online application at runtime. The device identifies, based on the transaction data, traffic in a network associated with the transaction. The device associates, based on the transaction data, a measure of importance with the traffic. The device causes the traffic to be sent by a networking device in the network according to its associated measure of importance.

Abstract: A method is provided that is performed using an application performance management agent running on an application and/or application microservices. The method comprises detecting a request to the application and/or application microservices for data, and inserting data compliance metadata into packet headers of packets that are to be sent in response to the request by the application and/or application microservices. The data compliance metadata comprises data-compliance markings associated with the data based on user/operator-defined data compliance requirements. The method further includes causing the packets to be sent into a network so that one or more network devices or services in the network can read the data compliance metadata and apply packet handling policies.

Abstract: This disclosure describes techniques for redirecting data traffic based on endpoint risk. An example method includes determining a risk associated with a first endpoint connected to a redirection point; determining that the risk exceeds a threshold; and based on determining that the risk exceeds the threshold, causing the redirection point to direct data traffic to a second endpoint and to refrain from directing the data traffic to the first endpoint.

Abstract: This disclosure describes techniques for authentication using wearable devices. An example method includes determining that a user is wearing a secondary device; determining that the secondary device has detected a signal output by a primary device; determining that the user has confirmed an authentication factor output by the primary device; and enabling the user to access a secured resource via the primary device.

Abstract: This disclosure describes techniques for selectively providing access to a physical space. An example method includes identifying a location of a device associated with an authorized user based on an electromagnetic signal received by at least one sensor from the device. The electromagnetic signal has a frequency that is greater than or equal to 24 gigahertz (GHz). The example method further includes determining that the location of the device is within a threshold distance of a location of a threshold to a secured space and determining that an authentication score indicating that an individual carrying the device is the authorized user is greater than a threshold score. The authentication score is associated with multiple authentication factors identified by the device. Based on determining that the authentication score is greater than the threshold score, the threshold is unlocked and/or opened.

Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on learning and generating a control flow directed graph. The techniques and systems include receiving a report of a first anomaly based on real-time control flow graph diagram monitoring of an application at a first system and receiving a second report of a second anomaly from a second system. An exploit report may be generated by providing the first report and the second report to a machine learning model trained to output information related to an exploit based on input reports, and subsequently to provide the output information to a cloud-based reporting tool.

Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on learning and generating a control flow directed graph. The techniques and systems include determining telemetry representing execution of a process on a computing system and accessing a learned control flow diagram graph for the process. A transfer of an instruction pointer is determined based on the telemetry and a validity of the transfer is determined based on the learned control flow directed graph. If invalid, then an action to terminate the process is determined, otherwise the action may be allowed to execute when valid.

Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on learning and generating a control flow directed graph. The techniques and systems include determining an observation phase for a process or application on a computing device. During the observation phase, CPU telemetry is determined and used to generate a control flow directed graph. After the control flow directed graph is generated, a monitoring phase may be entered where transfers of instruction pointers are monitored based on the control flow directed graph to identify invalid transfers.

Abstract: A trigger to enable data traffic replication in a wireless network may be provided. A data packet comprising a Differentiated Service Code Point (DSCP) field in a header may be received. A determination may be made that the data packet comprises a candidate traffic for bi-casting. In response to determining that the data packet comprises the candidate traffic for bi-casting, a flag may be set in the DSCP field in the header of the data packet. The flag triggers bi-casting of the data packet. The data packet may be sent to a destination device.

Abstract: This disclosure describes techniques for performing enhanced authentication of a device based on physical proximity of the device to one or more other authenticated devices. An example method includes performing a first authentication of a first device or a first user and connecting the first device to a protected resource. Based on determining that the first device is within a threshold distance of a second, authenticated, device, a reauthentication interval is selected. Based on determining that the reauthentication interval has expired, a second authentication is initiated by transmitting, to the first device or a third device associated with the first user, a request for an authentication factor.

Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on observing and generating a control flow directed graph. The techniques and systems include determining an observation phase for a process or application on a computing device. During the observation phase, CPU telemetry is determined and used to generate a control flow directed graph. After the control flow directed graph is generated, a monitoring phase may be entered where transfers of instruction pointers are monitored based on the control flow directed graph to identify invalid transfers. Transition to the monitoring phase may be based on determining a confidence score in the observed control flow directed graph and causing the transition when the confidence score is above a threshold.

Abstract: Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on learning and generating a control flow directed graph. The techniques and systems include determining a learned control flow directed graph for a process executed on the computing system. A vulnerability may be determined or identified within the process as well as a software bill of materials for the process. A code portion of the process associated with the vulnerability is determined based on the software bill of materials. A tainted control flow directed graph is generated based on the code portion and excluded from the learned control flow directed graph. The adjusted control flow directed graph may be used to prevent execution of the vulnerability.

Abstract: Method for application control and Quality of Service (QoS) handling may be provided. A request may be received for scheduling a communication between an Access Point (AP) and a user device for sending data of an application. It may be determined that the request does not comprise network characteristics of the application. In response to determining that the request does not comprise the network characteristics of the application, the network characteristics may be requested from a Wireless Local Area Network (WLAN) controller. The network characteristics may be received from the WLAN controller. Schedules for the application may be determined based on the network characteristics. The schedules may be enabled.