Abstract: If a host name and a port number of an HTTP request do not correspond to those of an HTTP server, it is determined whether or not the host name indicates a local host and an address of a client that has transmitted the request is a loop-back address, and if so, processing for the HTTP request is continued.

Abstract: Systems, methods, and computer-readable media analyzing memory usage in a network node. A network assurance appliance may be configured to obtain reference concrete level rules for a node in the network, obtain implemented concrete level rules for the node from the node in the network, compare the reference concrete level rules with the implemented concrete level rules, and determining that the implemented concrete level rules are not appropriately configured based on the comparison.

Abstract: There is described a digital agent for monitoring of cybersecurity-related events in an industrial control system. The digital agent being residable in a host. The digital agent includes a module for monitoring behavioral data of the host, such as violation of security policy, system usage metric, etc. The digital agent also includes a module for recording behavior baseline of the host, such as operating system, operating system version, firewall status etc. In addition, the digital agent includes an agent state machine for monitoring the CPU load and/or memory usage of the host. Further, the digital agent includes an agent communication module for transmitting monitored data to an analysis unit external to the industrial control system.

Abstract: A packet-filtering device may receive packet-filtering rules configured to cause the packet-filtering device to identify packets corresponding to network-threat indicators. The packet-filtering device may receive packets and, for each packet, may determine that the packet corresponds to criteria specified by a packet-filtering rule. The criteria may correspond to one or more of the network-threat indicators. The packet-filtering device may apply an operator specified by the packet-filtering rule. The operator may be configured to cause the packet-filtering device to either prevent the packet from continuing toward its destination or allow the packet to continue toward its destination.

Abstract: Systems and methods for implementing content, streaming, and network security inside a chip or inside a computing device are disclosed. In exemplary embodiments, a system comprises a communication chip and a second processor. The communication chip comprises a router and security instructions. The router is configured to intercept untrusted data between a network, and a first router. The second processor is configured to receive the untrusted data from the router, process the untrusted data with the security instructions to produce trusted data, and provide the trusted data to the router.

Abstract: Systems and methods are disclosed herein for opening files via local applications. A first application on a local device receives a request to open a document specified by a user via a user interface associated with the first application, the document having a document identifier and associated with a first file stored on a server, the request comprising the document identifier and a user identifier. The first application forwards the request to open the document associated with the first file to a second application on the local device, and receives, from the second application, a list comprising one or more document processing applications that are on the local device and are capable of opening a second file that is stored on the local device and has the same document identifier as the document specified by the user, the second file being a local copy of the first file.

Abstract: The technology disclosed herein enables the enforcement of firewall policies based on high level identification strings. In a particular embodiment, a method provides receiving a first reply from a first identification system directed to a requestor system. In response to determining that the first identification system comprises an identification system trusted by the firewall, the method provides inspecting at least one packet included in the first reply to identify a first network address therein associated with a first high level identification string. The method further provides updating a data structure comprising allowed network addresses with the first network address and, after updating the data structure with the first network address, allowing at least one packet from the requestor system directed to a first destination at the first network address to traverse the firewall system based on the data structure.

Abstract: A system for managing security within an enterprise includes a computing device that receives a vulnerability, generates a user score for each user within the enterprise and generates a threat score for the vulnerability. A user device score may also be generated for each device associated with a user. Based on the user score and the threat score, a composite score is generated. After acquiring a security measure, the security measure is implemented based on the composite score and, at times, the user score.

Abstract: A system and method for providing private instances of shared resources utilizing VxLAN technology is disclosed, the system consisting of a private management local area network (MLAN), a separate virtual local area network (VLAN) to place resources that are to be shared, and private instances (replicas) of the shared resources that are located on a client's private network.

Abstract: Mechanisms for establishing persistent bi-directional communication channels with cloud computing systems are disclosed. A processor device initiates a plurality of persistent bi-directional communication channels with a corresponding plurality of cloud computing systems. Each cloud computing system comprises a plurality of computing devices used to implement on-demand computing resources on one or more of the plurality of computing devices at the request of different entities. The processor device receives real-time messages from at least some respective cloud computing systems of the plurality of cloud computing systems via the corresponding persistent bi-directional communication channel that identifies a status of at least one computing resource implemented in the respective cloud computing system.

Abstract: A system for dynamically implementing exceptions in an onboard network firewall has a client application interface receptive to a data link request from a client device. An onboard connectivity manager includes a firewall interface connected to the onboard network firewall to request the exceptions in response to a connection authorization, and a client presence manager receptive to the data link request relayed by the client application interface from the client device. A presence state for the client devices is activated and maintained following the data link request. A remote connectivity manager is connected to a remote application service and is in communication with the onboard connectivity manager. The remote connectivity manager generates a connection authorization based upon an evaluation of the presence state for the client device against the conditions set by the remote application service.

Abstract: Techniques for providing multi-modal multi-party calling include receiving a join request at a multiway server (MWS) from a first client, the join request identifying a second client; sending a call invitation to the second client from the MWS; receiving a connection from the second client to the MWS; receiving a first media status from one of the first client or the second client while the first client and the second client are in a peer-to-peer mode; and forwarding the first media status to the other of the first client or the second client. Other embodiments are described and claimed.

Abstract: A request to access a network resource is received from a client device. The request includes a purported hostname of the network resource. A Domain Name System (DNS) lookup of the purported hostname is performed. A result of the lookup is used in making a determination that the request received from the client device is invalid. In response to the determination being made that the request received from the client device is invalid, an action to take with respect to the client device is determined.

Abstract: Systems and methods for implementing content, streaming, and network security inside a chip or inside a computing device are disclosed. In exemplary embodiments, a system comprises a communication chip and a second processor. The communication chip comprises a router and security instructions. The router is configured to intercept untrusted data between a network, and a first router. The second processor is configured to receive the untrusted data from the router, process the untrusted data with the security instructions to produce trusted data, and provide the trusted data to the router.

Abstract: A method may include monitoring communications from a first user device coupled to a network and determining, based on the communications, whether the first user device is operating in accordance with a profile associated with the first user device. The method may also include transmitting a message to a network device in response to determining that the first user device is not operating in accordance with the profile. The method may further include blocking at least some communications from being transmitted to or received by the first user device, in response to determining that the first user device is not operating in accordance with the profile.

Abstract: A machine learning-based system and method for identifying digital threats that includes implementing a machine learning-based digital threat mitigation service over a distributed network of computers; constructing, by the machine learning-based digital threat mitigation service, a subscriber-specific machine learning ensemble that includes a plurality of distinct machine learning models, wherein each of the plurality of distinct machine learning models is configured to perform a distinct machine learning task for identifying a digital threat or digital fraud; constructing a corpus of subscriber-specific digital activity data for training the plurality of distinct machine learning models of the subscriber-specific ensemble; training the subscriber-specific ensemble using at least the corpus of subscriber-specific digital activity data; and deploying the subscriber-specific ensemble.

Abstract: A messaging queue system includes computing devices that each host an application, a messaging queue service device that is coupled to the computing devices and that hosts a messaging queue service for each of the applications, and a messaging queue topology configuration service device that is coupled to the messaging queue service device. The messaging queue topology configuration service device receives a selection of application use criteria. The messaging queue topology configuration service device then determines a recommended messaging queue topology solution based on the selection of application use criteria. The messaging queue topology configuration service device may then receive messaging queue object details for each messaging queue object that will make up the messaging queue topology.

Abstract: A user of a client device that is protected by a firewall may navigate to a website using a particular browser process (e.g., a window/tab of a browser) of the client device, sending a content request toward a web content server in the process. The firewall may intercept the content request, and may also receive information from the client device identifying which browser process initiated the content request. Before passing the content request to the appropriate web content server, the firewall may request and download a security policy from a security policy server. The security policy may notify the firewall which hosts are authorized/unauthorized for use with a particular domain, and which file types from each of these hosts are authorized/unauthorized for use with the particular domain. The firewall may then filter content related to the identified browser process based on the security policy.

Abstract: Systems and methods for implementing access control by systems-on-chip (SoCs). An example SoC may comprise: an access control unit comprising a secure memory for storing access control data, the access control unit to: receive a message comprising an access control data item; store the access control data item in the secure memory; perform at least one of: authenticating the message using a message digest function, or validating contents of the secure memory by comparing a stored reference value with a calculated value of a message digest function of the contents of the secure memory; and control, in view of the access control data item, access by an initiator device to a target device.

Abstract: According to one example embodiment, a modem or other network device include an energy module configured to enter a low-power, low-bandwidth state when not in active use by a user. The low-power state may be maintained under certain conditions where network activity is not present, and or when only non-bandwidth-critical traffic is present. The network device may include a user interface for configuring firewall rules, and the user may be able to concurrently designate particular types of traffic as important or unimportant. The energy module may also be integrated with a firewall, and power saving rules may be inferred from firewall rules.

Abstract: A method is provided to control the flow of packets within a system that includes one or more computer networks comprising: policy rules are provided that set forth attribute dependent conditions for communications among machines on the one or more networks; machine attributes and corresponding machine identifiers are obtained for respective machines on the networks; and policy rules are transformed to firewall rules that include machine identifiers of machines having attributes from among the obtained machine attributes that satisfy the attribute dependent policy rules.

Abstract: Systems, methods, and apparatus for data transmission authentication and self-destruction are disclosed. An example method comprises receiving, by a computing device associated with a first token, communications, determining, by the computing device, whether the first token is associated with a second token within the communications, wherein the second token is configured to authorize the computing device to process the communications, processing, by the computing device and in response to determining that the first token is associated with the second token, the communications, and destructing, by the computing device and in response to determining that the first token is not associated with the second token, the communications.

Abstract: A method, system, and computer-implemented method to manage blacklists used for mitigating network traffic is provided. The method includes monitoring a first blacklist and a second blacklist, wherein the first blacklist is used by a first mitigation process applied to network traffic that is performed upstream along a communication path of the network traffic relative to a second mitigation process that is performed using the second blacklist. The method further includes moving at least one entry from one of the first and second blacklists to the other of the first and second blacklist based on a result of the monitoring.

Abstract: A computing system may include a database disposed within a remote network management platform that manages a managed network, and a software application associated with the platform and configured to: obtain, from an external computing system, information about a function-application arranged to execute source code segment(s) on demand; determine that the obtained information relates to (i) a plurality of authorization-keys each respectively arranged to authorize on-demand execution of one of the source code segments, (ii) a first key-value string pair that enables establishment of connectivity to a service of the external computing system or of another computing system, and/or (iii) a second key-value string pair that enables establishment of connectivity to a data source of the external computing system or of another computing system, and responsively determine association(s) between the source code segment(s), the function-application, the service, and/or the data source; and store the association(s) in t

Abstract: The disclosure generally describes methods, software, and systems, including a method for using an object definition from which object documents are instantiated defining real-world variants of a physical object and including a meta-model identifying nodes, fields, and associations with other object definitions. The object definition includes, at instantiation of a given object document marking an existence of the physical object, an object identifier node, including an object identifier, and at least one variant type node, including a variant type identifier identifying the real-world variant of the physical object and including variant extension nodes and fields extending the object definition to a variant object definition.

Abstract: A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

Abstract: A method and a routing device (110) for managing data frames as well as a method and a further routing device (120) for managing data frames are disclosed. The routing device (110) is addressable by a virtual Media Access Control address, “virtual MAC address”, for assignment to routers. The routing device (110) sends (205) a data frame comprising a source MAC address field, which includes a unicast MAC address of the routing device (110). The routing device (110) sends (208) a message including information about the virtual MAC address. The routing device (110) is configured to send, in a periodic manner, a periodic message for conveying information about the virtual MAC address throughout the switched network (100). In another embodiment, the further routing device (120) receives (201) at least one data frame. The further routing device (120) sends (202) a request which instructs the routing device (110) to send an alert message for conveying information about the virtual MAC address.

Abstract: Systems and methods for a cyber security system with adaptive machine learning features. One embodiment is a system that includes a server configured to manage a plurality of user devices over a network, and a user device that includes an interface and a processor. The interface is configured to communicate with the server over the network, and the processor implements a machine learning function configured to monitor user interactions with the user device over time to establish a use profile, to detect anomalous use of the user device based on a variance from the use profile, to determine whether the anomalous use is representative of a security threat, and to instruct the user device to perform one or more automatic actions to respond to the security threat.

Abstract: Access to transactional multimedia content may be based on network routing. Some multimedia content may be best delivered via a private network. Other multimedia content may be best delivered via a public network. A type of the multimedia content may thus determine network routing.

Abstract: Systems and methods for implementing content, streaming, and network security inside a chip or inside a computing device are disclosed. In exemplary embodiments, a system comprises a communication chip and a second processor. The communication chip comprises a router and security instructions. The router is configured to intercept untrusted data between a network, and a first router. The second processor is configured to receive the untrusted data from the router, process the untrusted data with the security instructions to produce trusted data, and provide the trusted data to the router.

Abstract: Techniques for inspecting network traffic are disclosed. An application executing as an operating system extension that uses a virtual private network (VPN) stack of the operating system intercepts an Internet protocol (IP) packet for delivery to a remote computer system. A determination is made, by the application, that the intercepted IP packet indicates a security threat. The intercepted IP packet is prevented from being delivered to the remote computer system based on the determination.

Abstract: A method includes detecting a peripheral device at a protected node. The method also includes determining whether the peripheral device has been checked-in for use with at least the protected node and determining whether the peripheral device or a device type has been whitelisted or blacklisted. The method further includes granting access to the peripheral device in response to (i) determining that the peripheral device has been checked-in and has not been blacklisted or (ii) determining that the peripheral device or the device type has been whitelisted, even if the peripheral device has not been checked-in. In addition, the method includes blocking access to the peripheral device in response to (i) determining that the peripheral device has not been checked-in and has not been whitelisted or (ii) determining that the peripheral device or the device type has been blacklisted, even if the peripheral device has been checked-in.

Abstract: A method, in a monitoring function, for monitoring resource usage in a communication network comprising a plurality of M2M devices is disclosed. The method comprises detecting issuance of a user instruction (120), the user instruction specifying an action to be carried out by at least one of the M2M devices, identifying M2M devices subject to the user instruction (120), calculating an impact upon the communication network of completion of the action by the identified M2M devices (140), and sending the calculated impact to a resource management function (150). Also disclosed is a method, in a resource management function, for managing resources in a communication network comprising a plurality of M2M devices. The method comprises receiving, from a monitoring function, a calculated impact upon the communication network of completion of an action by M2M devices subject to a user instruction specifying the action (260), and adjusting resource allocation within the network according to the calculated impact (270).

Abstract: A crowdsourcing log analysis system and methods for protecting computers and networks from malware attacks by analyzing data log information obtained from a plurality of client network. The client networks are associated with a set of network entities representing a plurality of business units or customers. The system may further comprise a plurality of server machines, each operable to execute a security product associated with a security product vendor and log associated information of at the network entities into at least one log file. The log files may be uploaded onto a breach detection platform for analysis based upon crowdsourcing principles and is operable to generate a risk factor attribute for at least one suspect entity.

Abstract: An exemplary computer-implemented method includes obtaining at least one teleportation invite block that records a virtual universe teleportation invite marked by at least one parameter. The teleportation invite identifies a virtual universe user as an invitee. Responsive to the parameter, assess whether the virtual universe teleportation invite is potentially malicious, and alert the invitee in case the virtual universe teleportation invite is potentially malicious.

Abstract: A technique includes determining a network interface aggregation information for a given network device. Determining the aggregation includes determining whether the network device is capable of providing first data identifying an aggregation and selectively inferring the aggregation based at least in part on other data if a determination is made that the network device is incapable of providing the first data.

Abstract: A system that includes a threat management server configured to store a device log identifying location information for endpoint devices that have passed authentication. The threat management server is configured to identify an endpoint device from the device log file and to identify a switch connected the endpoint device. The threat management server is further configured to send a location information request to the switch requesting location information for the endpoint device. The threat management server is configured to compare the received information to the information in the device log file. The threat management server is configured to block the endpoint device from accessing a communications network in response to determining the received location information does not match the information in the device log file.

Abstract: An apparatus, method, system and computer-readable medium are provided for provisioning a user equipment device (UED). The UED may be configured to receive a generic configuration and (dynamically) derive settings specific to the UED that would otherwise have been received in the configuration. The UED may execute one or more applications to derive the settings specific to the UED. A first application may enable the UED to dynamically learn a fully qualified domain name (FQDN) and IP address of a node. A second application may enable the UED to generate authentication credentials for the UED. A third application may enable the UED to determine a port or ports that arc authorized for service and a port or ports that are not authorized for service. A fourth application may enable the UED to determine a number associated with the UED.

Abstract: Example methods are provided for an entity to perform micro-segmentation in a virtualized computing environment that includes multiple hosts. The method may comprise obtaining application implementation information associated with one or more applications implemented by multiple virtualized computing instances, each of the multiple virtualized computing instances being supported by one of the multiple hosts. The method may further comprise detecting micro-segments by clustering the multiple virtualized computing instances based on the application implementation information, and determining security policies for respective detected micro-segments. Each of the detected micro-segments may include one or more of the multiple virtualized computing instances that have more similarity compared to those in a different detected micro-segment.

Abstract: A system that includes a threat management server configured to store a device log identifying location information for endpoint devices that have passed authentication. The threat management server identifies a first instance and a second instance of an endpoint device in the device log file. The threat management server identifies a first switch connected to the first instance of the endpoint device and a second switch connected to the second instance of the endpoint device. The threat management server sends location information request to the first switch and the second switch requesting location information for the first instance and the second instance of the endpoint device, respectively. The threat management server compared the received location information to the information in the device log file to identify a spoofed instance of the endpoint device and blocks the spoofed instance of the endpoint device from accessing the communications network.

Abstract: In one embodiment, a node in a network reports, to a supervisory service, histograms of application-specific throughput metrics measured from the network. The node receives, from the supervisory service, a merged histogram of application-specific throughput metrics. The supervisory service generated the merged histogram based on a plurality of histograms reported to the supervisory service by a plurality of nodes. The node performs, using the merged histogram, application throughput anomaly detection on traffic in the network. The node causes performance of a mitigation action in the network when an application throughput anomaly is detected. The node adjusts, based on a control command sent by the supervisory service, a histogram reporting strategy used by the node to report the histograms of application-specific throughput metrics to the supervisory service.

Abstract: A flight control system of an aircraft including a first processing unit, a second processing unit, communication means configured to establish a first two-way digital link and as second two-way digital link between the first processing unit and the second processing unit. The second link is redundant with the first link, and the first link and second link are likely to be active concomitantly. The system further includes backup communication means enabling data exchanges between the first processing unit and the second processing unit in the case of a failure in the first link and second link. The backup communication means includes an array of sensors or actuators and/or a secure onboard network for the avionics.

Abstract: Concepts and technologies disclosed herein are directed to single packet authorization (“SPA”) in a cloud computing environment. A compute node can include a virtual switch operating on at least a portion of a plurality of hardware resources of a cloud computing environment, a virtual firewall, a cloud workload executing a cloud service, and a SPA service. The virtual switch can receive a SPA request from a SPA client executing on a computing device. The virtual switch can forward the SPA request to the virtual firewall and to the SPA service. The virtual firewall can deny the SPA request in accordance with a firewall policy. The SPA service can utilize a SPA validation scheme to validate the SPA request. The virtual firewall can implement a temporary firewall policy to allow incoming packets from the SPA client and directed to the cloud service.

Abstract: An apparatus comprises a detector and a processor. The processor may be configured to perform a two-stage object detection process utilizing the detector circuit. The detector circuit may be configured to implement a simple detection stage and a complex detection stage. In the simple detection stage, the two-stage object detection process comprises applying a first detector over a predefined region of interest. In the complex detection stage, the two-stage object detection process comprises applying a second detector on a set of best candidates identified by the simple detection stage.

Abstract: A system for regulating dynamic implementation of exceptions in an onboard network firewall includes a client application interface receptive to a data link request from a client device. An onboard connectivity manager includes a firewall interface connected to the onboard network firewall to request the exceptions in response to a connection authorization, a client presence manager receptive to the data link request relayed by the client application interface from the client device, and a network load manager in communication with the firewall interface and the client presence manager. A remote connectivity manager is connected to a remote application service and is in communication with the onboard connectivity manager. The network load manager generates the connection authorization to the firewall interface in response to the connection authorization request and an evaluation of one or more access grant conditions.

Abstract: A universal link to extract and classify log data is disclosed. In various embodiments, a set of candidate data values that match a top level pattern that is common to two or more types of data value of interest is identified. The candidate data values are processed through a plurality of successive filtering stages, each stage of which includes determining which, if any, of said candidates match a more specific pattern associated more specifically with a specific data value type. Candidates, if any, which match the more specific pattern are classified as being of a corresponding specific data type and are removed from the set of candidate data values. A structured data record that associates each candidate data value determined to be of a corresponding one of said types of data value of interest with said corresponding one of said types of data value of interest is generated and stored.

Abstract: A method for processing a mobile advertisement, a proxy server, and a terminal are provided.

Abstract: A SDN controller receives a forwarding request message including a header portion of a layer-2 packet. The SDN controller determines whether a source host and a destination host of the layer-2 packet are in the same virtual network according to a virtual network table.

Abstract: The subject matter described herein includes methods, systems, and computer readable media for correlating, load balancing and filtering tapped GTP and non-GTP packets. One method for correlating, load balancing and filtering tapped GTP and non-GTP packets includes receiving GTP packets tapped from a plurality of GTP network tap points. The method further includes receiving non-GTP packets tapped from at least one non-GTP network tap point. The method further includes correlating GTP packets with non-GTP packets for a particular subscriber. The method further includes forwarding the GTP packets and non-GTP packets correlated for the particular subscriber to a network monitoring tool.

Abstract: Some embodiments of the invention provide a novel method for specifying firewall rules. In some embodiments, the method provides the ability to specify for a particular firewall rule, a set of network nodes (also called a set of enforcement points) at which the particular firewall should be enforced. To provide this ability, the method of some embodiments adds an extra tuple (referred to below as the AppliedTo tuple) to a firewall rule. This added AppliedTo tuple lists the set of enforcement points at which the firewall rule has to be applied (i.e., enforced). As the AppliedTo tuples of the firewall rules can refer to dynamically modifiable constructs, the application of the AppliedTo firewall rules (i.e., rules that are specified to include an AppliedTo tuple) can be dynamically adjusted for different locations within a network by dynamically adjusting the membership of these modifiable constructs.