Abstract: In one embodiment, a method includes detecting, at a virtual authenticator in an endpoint device, a linkup event, transmitting, to a supplicant in the endpoint device, a request for an identity associated with the endpoint device, receiving, at the virtual authenticator, a response from the supplicant, wherein the response comprises the identity, receiving, from an authentication server, an authorization result, wherein the authorization result is based on authenticating the endpoint device using the received identity, and enforcing, by the virtual authenticator, the authorization result at the endpoint device.

Abstract: A server may receive, from a virtual private network (VPN) client of a client device, a message which indicates a request for a policy rule for communications with a network-based application (e.g. provided via a data center or cloud computing services). The server may obtain source attributes of the client device and a user thereof based on source identifiers, and destination attributes of the application based on a destination identifier, and select a policy rule associated with the attributes (e.g. indicative of security, risk, cost, load, and/or business function). The server may send a message which indicates a response and includes the policy rule for application at the VPN client. The policy rule may indicate a policy action for selecting a path, of a plurality of paths, identified by a path identifier, and specify conditions such as a location and/or a date, day, and/or time of the client device.

Abstract: A server may receive, from a virtual private network (VPN) client of a client device, a message which indicates a request for a policy rule for communications with a network-based application (e.g. provided via a data center or cloud computing services). The server may obtain source attributes of the client device and a user thereof based on source identifiers, and destination attributes of the application based on a destination identifier, and select a policy rule associated with the attributes (e.g. indicative of security, risk, cost, load, and/or business function). The server may send a message which indicates a response and includes the policy rule for application at the VPN client. The policy rule may indicate a policy action for selecting a path, of a plurality of paths, identified by a path identifier, and specify conditions such as a location and/or a date, day, and/or time of the client device.

Abstract: Techniques for connecting known entities to a protected network are described. A user device with a certified application installed is authenticated with an identification repository. The authentication is accomplished using credentials associated with the certified application. The user device is also enrolled with an authentication server and the authenticated user device is connected to the protected network.

Abstract: A method for selecting either a first malware analysis system or a second malware analysis system to analyze a file is disclosed. The method includes obtaining, at a network security element, a file sent between a first device and a second device, the file having one or more associated attributes; analyzing, at the network security element, the one or more attributes of the file; selecting, based on the analyzing, either the first malware analysis system or the second malware analysis system as a selected malware analysis system for malware analysis of the file; and providing the file to the selected malware analysis system.

Abstract: Techniques for connecting known entities to a protected network are described. A user device with a certified application installed is authenticated with an identification repository. The authentication is accomplished using credentials associated with the certified application. The user device is also enrolled with an authentication server and the authenticated user device is connected to the protected network.

Abstract: A method for selecting either a first malware analysis system or a second malware analysis system to analyze a file is disclosed. The method includes obtaining, at a network security element, a file sent between a first device and a second device, the file having one or more associated attributes; analyzing, at the network security element, the one or more attributes of the file; selecting, based on the analyzing, either the first malware analysis system or the second malware analysis system as a selected malware analysis system for malware analysis of the file; and providing the file to the selected malware analysis system.

Abstract: A management server communicates with an authentication server that authenticates endpoints, which are configured to connect wirelessly with access points (APs) controlled by respective ones of a plurality of controllers. Weights for the APs and the controllers are stored. Event logs detailing requests for authentication of the endpoints are received. For each request, roaming conditions for the endpoint that triggered the request are determined. Also, a respective weight of one or more of the AP connected with the endpoint and of the controller that controls the AP is increased by a respective amount depending on whether the roaming conditions are caused by the AP and the controller being improperly configured or properly configured. Identities of ones of the APs and the controllers having weights that exceed one or more weight thresholds each indicative of an improperly configured AP or controller are stored.

Abstract: In one embodiment, a method includes receiving at a policy server, a request to trace a session at the policy server, tracing the session at the policy server, wherein tracing comprises running the session and identifying access results from the trace, and transmitting the access results from the policy server to a network device requesting the trace. An apparatus and logic are also disclosed herein.

Abstract: In one embodiment, a method includes receiving data for a customer, the data associated with a customer network, calculating at a network device, a sentiment for the customer based on the data, and modifying network management services for the customer based on the sentiment. An apparatus for sentiment based dynamic network management services is also disclosed.

Abstract: In one embodiment, a method includes receiving data for a customer, the data associated with a customer network, calculating at a network device, a sentiment for the customer based on the data, and modifying network management services for the customer based on the sentiment. An apparatus for sentiment based dynamic network management services is also disclosed.