Abstract: A first device may receive content from a second device based on a request for the content. The first device may be located between the second device and a third device. The first device may determine a value for a portion of the content using a function, where the value is to be used to analyze the content. The value may uniquely identify the portion of the content. The first device may determine whether a classification of the content can be determined. The first device may selectively determine the classification of the content by providing the value or the portion of the content corresponding to the value, to a fourth device when the classification cannot be determined, or determine the classification of the content using a data store when the classification can be determined. The first device may perform an action with respect to the content.

Abstract: A device may receive client cipher information, associated with initiating a secure session, identifying at least one key exchange cipher supported by a client device associated with the secure session. The device may determine, based on the client cipher information, that a Diffie-Hellman key exchange is to be used to establish the secure session. The device may determine whether a server device, associated with the secure session, supports use of the Diffie-Hellman key exchange. The device may manage establishment of the secure session using a first decryption technique based on determining that the server device does not support the use of the Diffie-Hellman key exchange, or manage establishment of the secure session using a second decryption technique based on determining that the server device supports the use of the Diffie-Hellman key exchange or being unable to determine whether the server device supports the use of the Diffie-Hellman key exchange.

Abstract: A device may receive a request for a network service configuration (NSC) that is to be used to configure network devices. The device may select a graphical data model that has been trained via machine learning to analyze a dataset that includes information relating to a set of network configuration services, where aspects of a subset of the set of network configuration services have been created over time. The device may determine, by using the graphical data model, a path through a set of states of the graphical data model, where the path corresponds to a particular NSC. The device may select the particular NSC based on the path determined. The device may perform a first group of actions to provide data identifying the particular NSC for display, and/or a second group of actions to implement the particular NSC on the network devices.

Abstract: A device may receive a request for a network service configuration (NSC) that is to be used to configure network devices. The device may select a graphical data model that has been trained via machine learning to analyze a dataset that includes information relating to a set of network configuration services, where aspects of a subset of the set of network configuration services have been created over time. The device may determine, by using the graphical data model, a path through a set of states of the graphical data model, where the path corresponds to a particular NSC. The device may select the particular NSC based on the path determined. The device may perform a first group of actions to provide data identifying the particular NSC for display, and/or a second group of actions to implement the particular NSC on the network devices.

Abstract: A network device may receive network traffic for an application. The network device may identify an application layer protocol being used for the network traffic. The network device may obtain contextual information, from the network traffic, to obtain an item of contextual information, and the item of contextual information may be selected based on the application layer protocol. The network device may determine that the item of contextual information matches a stored item of contextual information. The network device may determine that a threshold has been met with regard to the stored item of contextual information. The network device may generate an application signature for the application based on the item of contextual information. The network device may send the application signature to another device to permit the other device to identify the application based on the application signature.

Abstract: A device may receive a request for a network service configuration (NSC) that is to be used to configure network devices. The device may select a graphical data model that has been trained via machine learning to analyze a dataset that includes information relating to a set of network configuration services, where aspects of a subset of the set of network configuration services have been created over time. The device may determine, by using the graphical data model, a path through a set of states of the graphical data model, where the path corresponds to a particular NSC. The device may select the particular NSC based on the path determined. The device may perform a first group of actions to provide data identifying the particular NSC for display, and/or a second group of actions to implement the particular NSC on the network devices.

Abstract: A first device may receive content from a second device based on a request for the content. The first device may be located between the second device and a third device. The first device may determine a value for a portion of the content using a function, where the value is to be used to analyze the content. The value may uniquely identify the portion of the content. The first device may determine whether a classification of the content can be determined. The first device may selectively determine the classification of the content by providing the value or the portion of the content corresponding to the value, to a fourth device when the classification cannot be determined, or determine the classification of the content using a data store when the classification can be determined. The first device may perform an action with respect to the content.

Abstract: A first device may receive content from a second device based on a request for the content. The first device may be located between the second device and a third device. The first device may determine a value for a portion of the content using a function, where the value is to be used to analyze the content. The value may uniquely identify the portion of the content. The first device may determine whether a classification of the content can be determined. The first device may selectively determine the classification of the content by providing the value or the portion of the content corresponding to the value, to a fourth device when the classification cannot be determined, or determine the classification of the content using a data store when the classification can be determined. The first device may perform an action with respect to the content.

Abstract: A network device may receive network traffic for an application. The network device may identify an application layer protocol being used for the network traffic. The network device may obtain contextual information, from the network traffic, to obtain an item of contextual information, and the item of contextual information may be selected based on the application layer protocol. The network device may determine that the item of contextual information matches a stored item of contextual information. The network device may determine that a threshold has been met with regard to the stored item of contextual information. The network device may generate an application signature for the application based on the item of contextual information. The network device may send the application signature to another device to permit the other device to identify the application based on the application signature.

Abstract: A network device may receive network traffic for an application. The network device may identify an application layer protocol being used for the network traffic. The network device may obtain contextual information, from the network traffic, to obtain an item of contextual information, and the item of contextual information may be selected based on the application layer protocol. The network device may determine that the item of contextual information matches a stored item of contextual information. The network device may determine that a threshold has been met with regard to the stored item of contextual information. The network device may generate an application signature for the application based on the item of contextual information. The network device may send the application signature to another device to permit the other device to identify the application based on the application signature.

Abstract: A device may receive a set of packets. The device may select a first one or more packets, of the set of packets, for a Layer 7 (L-7) inspection based on a type of network traffic associated with the set of packets. The device may perform the L-7 inspection on the first one or more packets. The device may determine contextual information associated with the first one or more packets based on the L-7 inspection. The device may offload a second one or more packets, of the set of packets, for a Layer 4 (L-4) inspection without performing the L-7 inspection based on the contextual information associated with the first one or more packets.

Abstract: A first device may receive content from a second device based on a request for the content. The first device may be located between the second device and a third device. The first device may determine a value for a portion of the content using a function, where the value is to be used to analyze the content. The value may uniquely identify the portion of the content. The first device may determine whether a classification of the content can be determined. The first device may selectively determine the classification of the content by providing the value or the portion of the content corresponding to the value, to a fourth device when the classification cannot be determined, or determine the classification of the content using a data store when the classification can be determined. The first device may perform an action with respect to the content.

Abstract: A device may receive client cipher information, associated with initiating a secure session, identifying at least one key exchange cipher supported by a client device associated with the secure session. The device may determine, based on the client cipher information, that a Diffie-Hellman key exchange is to be used to establish the secure session. The device may determine whether a server device, associated with the secure session, supports use of the Diffie-Hellman key exchange. The device may manage establishment of the secure session using a first decryption technique based on determining that the server device does not support the use of the Diffie-Hellman key exchange, or manage establishment of the secure session using a second decryption technique based on determining that the server device supports the use of the Diffie-Hellman key exchange or being unable to determine whether the server device supports the use of the Diffie-Hellman key exchange.

Abstract: A device may receive client cipher information, associated with initiating a secure session, identifying at least one key exchange cipher supported by a client device associated with the secure session. The device may determine, based on the client cipher information, that a Diffie-Hellman key exchange is to be used to establish the secure session. The device may determine whether a server device, associated with the secure session, supports use of the Diffie-Hellman key exchange. The device may manage establishment of the secure session using a first decryption technique based on determining that the server device does not support the use of the Diffie-Hellman key exchange, or manage establishment of the secure session using a second decryption technique based on determining that the server device supports the use of the Diffie-Hellman key exchange or being unable to determine whether the server device supports the use of the Diffie-Hellman key exchange.

Abstract: A network device may receive network traffic for an application. The network device may identify an application layer protocol being used for the network traffic. The network device may obtain contextual information, from the network traffic, to obtain an item of contextual information, and the item of contextual information may be selected based on the application layer protocol. The network device may determine that the item of contextual information matches a stored item of contextual information. The network device may determine that a threshold has been met with regard to the stored item of contextual information. The network device may generate an application signature for the application based on the item of contextual information. The network device may send the application signature to another device to permit the other device to identify the application based on the application signature.

Abstract: A network security device performs a three-stage analysis of traffic to identify malicious clients. In one example, a device includes an attack detection module to, during a first stage, monitor network connections to a protected network device, during a second stage, to monitor a plurality of types of transactions for the plurality of network sessions when a parameter for the connections exceeds a connection threshold, and during a third stage, to monitor communications associated with network addresses from which transactions of the at least one of type of transactions originate when a parameter associated with the at least one type of transactions exceeds a transaction-type threshold. The device executes a programmed action with respect to at least one of the network addresses when the transactions of the at least one of the plurality of types of transactions originating from the at least one network address exceeds a client-transaction threshold.

Abstract: A network security device performs a three-stage analysis of traffic to identify malicious clients. In one example, a device includes an attack detection module to, during a first stage, monitor network connections to a protected network device, during a second stage, to monitor a plurality of types of transactions for the plurality of network sessions when a parameter for the connections exceeds a connection threshold, and during a third stage, to monitor communications associated with network addresses from which transactions of the at least one of type of transactions originate when a parameter associated with the at least one type of transactions exceeds a transaction-type threshold. The device executes a programmed action with respect to at least one of the network addresses when the transactions of the at least one of the plurality of types of transactions originating from the at least one network address exceeds a client-transaction threshold.