Abstract: There is disclosed computer-implemented system and method of providing a wireless access point (WAP), including dividing the WAP into at least two virtual networks, wherein a first virtual network is for devices that authenticate using a first authentication protocol and a second virtual network is for devices that authenticate using a second authentication protocol, wherein the second authentication protocol is more secure than the first authentication protocol; and onboarding devices to the WAP, and assigning the devices to the at least two virtual networks according to the authentication protocols they use to authenticate to the WAP.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to improve the inspection of network data flows. An example apparatus includes memory, and processor circuitry to execute machine readable instructions to at least identify network domains accessible by at least one client device in a geographic location of interest, associate the identified network domains with Autonomous System Numbers (ASNs), create a list of respective ones of the ASNs that include a non-malicious status corresponding to Internet protocol (IP) addresses associated with respective ones of the identified network domains, and in response to receiving a reputation request corresponding to a destination IP address, cause inspection of a data flow to be skipped when the destination IP address is associated with the list of non-malicious ASNs.

Abstract: There is disclosed in an example a gateway device, including a hardware computing platform, and a secure domain name system (DNS) engine having circuitry and stored instructions to-program the circuitry, the secure DNS engine to communicatively couple to an endpoint via a local network, begin a secure DNS transaction with the endpoint, determine whether the endpoint supports delegated credentials, and after determining that the endpoint supports delegated credentials, establish a secure DNS session with the endpoint using a delegated credential.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed that determine a dynamic password update notification interval based on a breach risk classification and an automatic password update mechanism of an online service with which a user has an account. The disclosed methods, apparatus, systems, and articles of manufacture generate a password update suggestion and/or an automatic password update for the user at the dynamic password update notification interval determined by the processor circuitry.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to analyze telemetry data of a network device for malicious activity. An example apparatus includes an interface to obtain first telemetry data, a rules generator to, using the first telemetry data, generate a global block list using a machine learning model, the machine learning model generated based on a device specific block list and a device specific allow list, and a model manager to transmit the global block list to a gateway, the gateway to facilitate on-path classification of second telemetry data.

Abstract: There is disclosed a computer-implemented system and method of detecting a device that deceptively misidentifies itself on a home network, including sending, to the device, discovery probes, and receiving in response to the discovery probes a self-reported identity; performing a verification of the self-reported identity, comprising over a time greater than one hour, monitoring network traffic from the device to determine whether network traffic over the time is consistent with expected network traffic for the self-reported identity; and upon determining that the network traffic is not consistent, designating the device as potentially deceptively misidentified, and acting to mitigate the device's activity.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to build privacy preserving models. An example apparatus disclosed herein includes processor circuitry to initialize a local model with tokenized parameters associated with server telemetry data, the tokenized parameters included in a first modeling plan retrieved from a server, cause the local model to train based on trigger parameters from the first modeling plan, the local model to train with (a) the tokenized parameters associated with the server telemetry data and (b) client telemetry data, calculate an accuracy metric of the local model based on client-side ground truth data, and label the local model as one of valid or invalid based on a comparison between the accuracy metric and an accuracy threshold.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; a network interface to communicatively couple to a network; and a network gateway engine to identify devices on the network, the network gateway engine including instructions encoded within the memory to instruct the processor to provide two-phase identification for a device newly-identified on the network, including: a static identification phase including applying discovery probes to the newly-identified device; and a dynamic identification phase including collecting network telemetry for the newly-identified device over time and analyzing the collected network telemetry to determine if the network telemetry is consistent with expected network usage for the newly-discovered device.

Abstract: There is disclosed in one example an enrollment over secure transport (EST)-capable gateway device, including: a hardware platform including a processor and a memory; a first network interface to communicatively couple to an external network, including an external DNS server; a second network interface to communicatively couple to a home network; a caching DNS server including a local DNS cache, and logic to provide DNS services to the home network; and an EST proxy to authenticate to a local endpoint on the home network, provision a DNS server certificate on the local endpoint, provision an authentication domain name (ADN) on the local endpoint, and provide encrypted domain name system (DNS) services to the local endpoint.

Abstract: There is disclosed a system and method of providing services on a home gateway, including providing a set of security scans for traffic to and from a plurality of devices on a home network; cryptographically verifying that a secured device from the plurality of devices provides for itself internal security services; and based on the cryptographic verification, skipping at least one security scan of the set of security scans for traffic of the secured device.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to build privacy preserving models. An example apparatus disclosed herein includes a training manager to generate a first modeling plan for client-side resources, and transmit the first modeling plan to the client-side resources. The example apparatus also includes a data aggregator to search for a primary validation flag in response to retrieving client-side model parameters, and an accuracy calculator to, in response to detecting the primary validation flag, perform a secondary validation corresponding to the client-side model parameters using a server-side ground truth data set, and determine whether to update the global model with the client-side model parameters based on a comparison of results of the secondary validation and a validation threshold.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to verify application permission safety.

Abstract: There is disclosed in an example a gateway device, including a hardware computing platform, and a secure domain name system (DNS) engine having circuitry and stored instructions to-program the circuitry, the secure DNS engine to communicatively couple to an endpoint via a local network, begin a secure DNS transaction with the endpoint, determine whether the endpoint supports delegated credentials, and after determining that the endpoint supports delegated credentials, establish a secure DNS session with the endpoint using a delegated credential.

Abstract: By way of example, a method includes, responsive to a user request to download, from the internet, a downloadable file with executable content, downloading a portion of the downloadable file, wherein the downloadable file is not executable with the portion; after download the portion of the downloadable file, scanning the portion of the downloadable file for malware characteristics to classify the downloadable file; and completing downloading the downloadable file only after determining, based on the scanning of the portion of the downloadable file, that the downloadable file is not malware.

Abstract: There is disclosed in an example, a gateway apparatus, including a hardware platform having a processor and a memory; a wireless network interface; and instructions encoded within the memory to instruct the processor to: provide a first virtual access point (VAP) secured by an IEEE 802.1x extensible authentication protocol (EAP) enterprise security method; provide a second VAP secured by a WiFi protected access pre-shared key (WPA-PSK) method; onboard a device, comprising determining whether the device supports the EAP method, and enrolling the device with the EAP method if the device supports the EAP method; and if the device does not support the EAP method, enrolling the device with the WPA-PSK method.

Abstract: There is disclosed in one example a network gateway device, including: a hardware platform including a processor and a memory; a network interface, including network interface hardware; and instructions encoded within the memory to instruct the processor to: receive from an endpoint device, via the network interface, a signed security posture data structure, the signed security posture data structure including information about a security posture of the endpoint device; cryptographically verify the signed security posture data structure; and according to the signed security posture data structure, assign a network security policy to the endpoint device.

Abstract: There is disclosed in one example an enrollment over secure transport (EST)-capable gateway device, including: a hardware platform including a processor and a memory; a first network interface to communicatively couple to an external network, including an external DNS server; a second network interface to communicatively couple to a home network; a caching DNS server including a local DNS cache, and logic to provide DNS services to the home network; and an EST proxy to authenticate to a local endpoint on the home network, provision a DNS server certificate on the local endpoint, provision an authentication domain name (ADN) on the local endpoint, and provide encrypted domain name system (DNS) services to the local endpoint.

Abstract: There is disclosed in an example a gateway device, including a hardware computing platform, and a secure domain name system (DNS) engine having circuitry and stored instructions to-program the circuitry, the secure DNS engine to communicatively couple to an endpoint via a local network, begin a secure DNS transaction with the endpoint, determine whether the endpoint supports delegated credentials, and after determining that the endpoint supports delegated credentials, establish a secure DNS session with the endpoint using a delegated credential.

Abstract: There is disclosed in one example a hardware computing platform, including: a processor; a memory; a network interface; and a security module, including instructions to cause the processor to: receive a request to download a file via the network interface; download a first portion of the file into a buffer of the memory; analyze the first portion for malware characteristics; assign a security classification to the file according to the analysis of the first portion; and act on the security classification.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor, a memory, and a network interface; and instructions encoded within the memory to instruct the processor to: receive an incoming packet via the network interface; extract from the incoming packet a source port and a source internet protocol (IP) address; correlate the source port and source IP to a device identifier (ID); receive a network policy for the device ID; and apply the network policy to the incoming packet.