Abstract: A network device includes one or more ports, and action-select circuitry. The ports are to exchange packets over a network. The action-select circuitry is to determine, for a given packet, a first search key based on a first header field of the given packet, and a second search key based on a second header field of the given packet, to compare the first search key to a first group of compare values, to output a multi-element vector responsively to a match between the first search key and a first compare value, to generate a composite search key by concatenating the second search key and the multi-element vector, to compare the composite search key to a second group of compare values, and, responsively to a match between the composite search key and a second compare value, to output an action indicator for applying to the given packet.

Abstract: Disclosed are systems, apparatuses, methods, and computer-readable media for providing security postures for a service provided by a heterogenous system. A method for verifying trust by a service node includes receiving a request for a security information of the service node from a client device, wherein the request includes information identifying a service to receive from the service node, identifying a related node to communicate with the service node based on the service, after identifying the related node, requesting a security information of the related node, generating a composite security information from the security information of the service node and the security information of the related node, and sending the composite security information to the client device. The composite security information provides security claims for a service implemented by a heterogenous devices that have different trusted execution environments.

Abstract: A network device may be configured to receive a file stream associated with an file. The network device may be configured to identify, based on receiving the file stream, an initial portion of the file. The network device may be configured to process the initial portion of the file to determine one or more features of the file. The network device may be configured to generate, based on the one or more features of the file, a determination as to whether the file is malicious. The network device may be configured to block or allow, based on the determination, the file stream.

Abstract: A computer-implemented method includes translating into a routing configuration, tenant-specific preferences for primary and secondary datacenter locations. A service mesh is set up for communication between services within and across the primary and secondary datacenter locations. Service persistencies with endpoints in datacenter locations are used to configure replication agents between the service persistencies. Using service endpoints, configuring Virtual Services that implement the service mesh. An Ingress Gateway is configured to route end user requests into the service mesh to a first service instance in the tenant-selected primary datacenter. According to the tenant-specific preferences, data replication is configured to copy data to redundant storage. Using endpoints of persistent storage replication agents for each service persistence in the tenant-selected primary datacenter, configuring persistent storage replication agents for each service persistence in the tenant-selected primary datacenter.

Abstract: Systems, methods, and related technologies for parsing network traffic are described. Network traffic transmitted by a set of devices communicatively coupled to a network is obtained. The network traffic is parsed to determine a set of field values from the network traffic based on the set of protocol fields. The set of field values are transmitted to the set of processing engines.

Abstract: One aspect of the present disclosure provides a computer-implemented method of automatically securing a computer system or network against a suspect binary file (SBF) by, in response to detection of the SBF, initiating an automatic defence strategy. The automatic defence strategy includes a first action known to mitigate a known threat posed by a known malicious binary file (KMBF); and a further action predicted to mitigate a predicted threat posed by a discrepant function present in the SBF but not the KMBF. Further aspects of the present disclosure relate to corresponding data processing systems, computer programs, computer-readable data carriers and data carrier signals.

Abstract: A system and method for performing authorization based active inspection of network paths for a resource, deployed in a cloud computing environment, includes receiving at least one network path to access the resource, wherein the resource is a cloud object deployed in the cloud computing environment, and potentially accessible from a network which is external to the cloud computing environment; and actively inspecting the at least one network path to determine if the resource is accessible through the at least one network path from a network external to the cloud computing environment and requires access authorization.

Abstract: Similar geographically proximate infrastructures are identified from a received compromised Internet protocol (IP) address of a compromised infrastructure. The geographic location of the compromised infrastructure is determined from the compromised IP address. The geographic locations of other infrastructures are determined from their respective exposed IP addresses. Geographically proximate infrastructures are identified from among the other infrastructures, with the geographically proximate infrastructures having geographic locations that are within a predetermined distance of the geographic location of the compromised infrastructure. Similar geographically proximate infrastructures are identified from among the geographically proximate infrastructures, with the similar geographically proximate infrastructures having a same industrial purpose as the compromised infrastructure.

Abstract: A network appliance is configured to provide inline traffic inspection for all flow through the device, to selectively intercept based on traffic content or policy, and to modify intercepted traffic content, all without connection termination and re-origination. Content modification may involve substitution of traffic content with smaller or larger content, in which case the device provides appropriate sequence number translations for acknowledgements to the endpoints. This streaming rewrite may occur on a byte-at-a-time basis, while keeping the session alive and without a need to proxy it. The appliance enables transmitted TCP data to be modified inline and then reliably delivered without the overhead of forwarding packets through a full-blown TCP stack. Rather, the approach relies upon an initiator entity's TCP stack for congestion control, as well as the receiving entity's re-transmission behavior to determine how the device manages packets internally.

Abstract: A network apparatus maintains a database of a plurality of virtual private network (VPN) protocols and respective VPN providers. A VPN protocol detection process is performed for determining a VPN protocol used by a computing device based on analyzing network traffic data and the database. In response to detecting the VPN protocol detection process failing or detecting a need to identify a respective VPN provider, an endpoint detection process for determining the VPN usage of the computing device is performed. In response to detecting the endpoint detection process failing or detecting a need to identify VPN usage time information, a traffic pattern search process for determining the VPN usage of the computing device is performed. Further action is taken to protect the computing device in response to detecting the VPN usage on the basis of the VPN protocol detection process, the endpoint detection process, and/or the traffic pattern search process.

Abstract: Technologies are provided for detection and mitigation of high-risk online activity. The detection and mitigation can be implemented in real-time. In some embodiments, a computing system can determine that a risk assessment for an online activity is unavailable from an in-memory storage. The computing system can obtain the risk assessment for the online activity from a second computing system configured to apply a prediction model to data defining the online activity. The risk assessment can comprise a risk score and a risk category. The computing system can update the in-memory storage to incorporate the data and the risk assessment, and can determine that the risk assessment is indicative of the online activity being high-risk activity. The computing system can then cause denial of access to a computing platform to a user device associated with the online activity.

Abstract: There is provided a method of automatically managing access to authorized service computing environments, comprising: monitoring data sources generated by user identities of the target computing environment accessing service computing environments, analyzing the data sources to identify communication between user identities of the target computing environment and the service computing environments, according to the analyzing, mapping connections between the user identities of the target computing environment and the service computing environment, including connections between first user identities that are authorized to access authorized service computing environments, second user identities that are non-authorized to access the authorized service computing environments, and third user identities that are non-authorized to access non-authorized service computing environments, and automatically blocking access of the second user identities to the authorized service computing environments that they are non-auth

Abstract: A computer performs dynamic address isolation. The computer comprises an application associated with an application address, a network interface coupled to receive incoming data packets from and transmit outgoing data packets to an external network, a network address translation engine configured to translate between the application address and a public address, and a driver for automatically forwarding the outgoing data packets to the network address translation engine to translate the application address to the public address, and for automatically forwarding the incoming data packets to the network address translation engine to translate the public address to the application address. The computer may communicate with a firewall configured to handle both network-level security and application-level security.

Abstract: A plurality of security rule processing nodes is configured for network traffic of a set of sources and destinations. Respective subsets of configuration information of the sources and destinations, including security rules, are transmitted to the nodes. Respective addresses of at least a subset of the nodes are transmitted to a packet processing intermediary. The intermediary requests evaluation of applicable security rules with respect to packet flows by selected nodes prior to initiating routing actions for packets of the flows.

Abstract: A method implemented by a cloud-based system includes steps of, responsive to connecting to a user device with a user associated with a first tenant of a plurality of tenants, obtaining security policies for the user that are configured for the tenant, wherein the security policies for the user are the same regardless of connection type, location of the user, and device type and operating system of the user device; stream scanning traffic between the user device and the Internet based on the security policies, wherein the security policies are for firewall and intrusion prevention functions; and one of allowing and blocking the traffic based on the stream scanning.

Abstract: A method comprises collecting message-oriented-middleware system parameters from a plurality of message-oriented-middleware clusters, analyzing the parameters using one or more machine learning algorithms, and predicting, based at least in part on the analyzing, at least one anomaly in a message-oriented-middleware cluster of the plurality of message-oriented-middleware clusters. In the method, message metadata is collected from the message-oriented-middleware cluster, and at least part of the message metadata is transmitted to one or more remaining ones of the plurality of message-oriented-middleware clusters. At least the part of the message metadata corresponds to messaging operations to be transferred from the message-oriented-middleware cluster to the one or more remaining ones of the plurality of message-oriented-middleware clusters.

Abstract: The invention relates to the field of wireless mesh communication networks and in particular to methods, networks and nodes (101) for use in such a wireless mesh network (100) for establishing routes in the wireless mesh network (100) by pro-actively regularly sending many-to-one route requests at randomized intervals by wireless network nodes (101) that can operate as a proxy nodes for a mobile wireless device (104) communicating using a first wireless communication protocol and further nodes (102, 103) in the wireless mesh network (100) communicating using a second wireless communication protocol.

Abstract: Methods, systems, and computer readable media for network security are described. In some implementations, security tasks and roles can be allocated between an endpoint device and a firewall device based on tag information sent from the endpoint, the tag information including one or more characteristics of a traffic flow, information of resource availability, and/or reputation of a process associated with a traffic flow.

Abstract: A network sanitization technology for enforcing a network edge and enforcing particular communication functions for untrusted dedicated-function devices such as internet protocol (IP) cameras. An untrusted network device is isolated from a network by a network sanitization system such that it cannot communicate with the network. Communications from the untrusted device are intercepted by the system and only allowed communications are used. Allowed communications are used to create new communications according to an allowed framework. Sanitization device may be in small two-port package with visual indicia indicating the untrusted device and the network side. The device may use and provide power over Ethernet (POE) to device. Abstract is not to be considered limiting.

Abstract: A distributed denial of service attack is detected. In response to detection of the attack, application layer properties of network traffic associated with a web application under attack are analyzed. Changes to distributions of the application layer properties are identified. A signature is generated based, at least in part, on identifying a combination of application layer properties whose distributions have changed, and which identifies traffic increased since onset of the attack. A mitigation rule is generated based, at least in part, on the signature.

Abstract: The disclosed technology is generally directed towards monitoring electronic communications to detect content in a communication that is attempting to influence the recipient user in some way. A user can specify influential intent preference data, such as which electronic communications services/applications to monitor for such influential intent content, and the types of the influential intent to monitor for, e.g., political influence types, advertisement influence types, and so on. A user also can specify remedial or other actions to take upon detection, e.g., block such content, alert on detecting such content and so on. An electronic influence manager server and/or application program can perform the monitoring and/or take the actions. Also described is reporting on the communications with influential intent, user actions with respect thereto. Reputation data can also be collected and used with respect to sources of communications with influential intent.

Abstract: Disclosed herein is a method of operation of a wireless device to provide service gap control in a wireless communication system, comprising: receiving a service gap parameter from a network entity in a mobility management sublayer non-access stratum message, the service gap parameter being indicative of a value for a service gap timer for the wireless device; and enforcing the service gap parameter at the wireless device in a non-access stratum layer. Also disclosed herein is a method of operation of a core network entity in a core network of a wireless communication system to provide service gap control, comprising: obtaining a service gap parameter for a wireless device, the service gap parameter being indicative of a value for a service gap timer for the wireless device; and sending by the core network entity the service gap parameter to the wireless device via a mobility management sublayer non-access stratum message.

Abstract: Systems and methods for providing multi-perimeter firewalls via a virtual global network are disclosed. In one embodiment the network system may comprise an egress ingress point in communication with a first access point server, a second access point server in communication with the first access point server, an endpoint device in communication with the second access point server, a first firewall in communication with the first access point server, and a second firewall in communication with the second access point server. The first and second firewalls may prevent traffic from passing through their respective access point servers. The first and second may be in communication with each other and exchange threat information.

Abstract: Example embodiments provide systems and methods for increasing the cryptographic strength of an encryption or message-authentication-code-(MAC) generation technique. According to some embodiments, a MAC may be constructed around a shared secret (such as a random initialization number), thereby increasing strength of the MAC against brute force attacks based on the size of the shared secret. The MAC may be combined with randomized data, and may also be encrypted to further bolster the strength of the code. These elements (shared secret, MAC algorithm, and encryption algorithm) may be employed in various combinations and to varying degrees, depending on the application and desired level of security. At each stage, the cryptographic construct operates on the cyptographically modified data from the previous stage. This layering of cryptographic constructs may increase the strength of the group of contrasts more efficiently than applying any one construct with a larger key size or similar increase in complexity.

Abstract: A verification method for fast source and path embedded with random authentication is provided. The method includes: generating a corresponding verification structure for an expected path according to a predetermined path strategy, embedding different m pieces of fragment information randomly selected with same possibility from the verification structure for the expected path to a header of a data packet to be transmitted in a data flow, and transmitting the data packet to be transmitted with the embedded fragment information to a next hop of routing node of the expected path, performing a verification on the received data packet by the respective intermediate routing node on the expected path, and forwarding the data packet to the next routing node when the verification passes, performing verification on the received data packet by the data flow destination, performing a parsing verification evaluation on the expected path when the verification passes.

Abstract: Behavioral characteristics of at least a first machine component are monitored. A model that represents machine-to-machine interactions between at least the first machine component and at least a further machine component is generated. Using the monitored behavioral characteristics and the generated model, an incongruity of a behavior of at least the first machine component and the machine-to-machine interactions is computed, where the incongruity is predicted based on determining a discordance between an expectation of the system and the behavior and the machine-to-machine interactions, and wherein the predicting is performed without using a previously built normative rule of behavior and machine-to-machine interactions.

Abstract: A method for execution by a processor of a host having an external interface for connection to at least one other network element of a packet-based data network, the host storing a routing table and implementing a container connected to a bridge, the container being addressable by an internal address on a bridge network associated with the bridge. The method includes obtaining an indication of a request for the container to join a multicast group. In response to the obtaining, a request is sent via the external interface for the host to join the multicast group. The routing table may be modified so as to make the bridge a next hop for future packets obtained from the external interface and destined for the multicast group. The routing table may also be modified so as to make the external interface a next hop for future packets that are obtained from the bridge, whose source address is the internal address of the container and that are destined for the multicast group.

Abstract: A method of Internet Protocol (IP) address control includes receiving a request from a computing device for a new IP address, the request including a Media Access Control (MAC) address of the computing device. A query can be sent to a storage resource for a whitelist of MAC numbers associated with IP addresses and an IP address not present on the whitelist can be selected for use in assigning the new IP address. A new IP/MAC pairing of the selected IP address and the MAC address of the computing device is sent to the storage resource for adding to the whitelist and optionally to a firewall for adding to a firewall whitelist. A confirmation can be sent to the computing device, providing the new IP address.

Abstract: Security policies can be dynamically updated in response to changes in endpoints associated with those policies. A user can indicate one or more regions or networks from which access is to be granted under a specific security policy. The user can subscribe to receive notifications upon a change relating to those endpoints, such as the addition or removal of one or more endpoints. When a change is detected, new policy information can be generated automatically and published for subscribed policies, which can then have the updates applied automatically or provided for manual review and application. Such a process enables access determinations to be made based upon up-to-date endpoint information.

Abstract: Apparatus, systems, and methods for the detection and remediation of malicious network traffic. Network traffic is received from a network-based device and analyzed the network traffic to identify the network-based device as an infected network-based device. In response to identifying the network-based device as an infected network-based device, a response message is sent to the infected network-based device, the response message triggering a tarpitting effect on the network-based device.

Abstract: Intraocular pressure in an eye is reduced by delivering a high resolution optical coherence tomography (OCT) beam and a high resolution laser beam through the cornea, and the anterior chamber into the irido-corneal angle along an angled beam path. The OCT beam provides OCT imaging for surgery planning and monitoring, while the laser beam is configured to modify tissue or affect ocular fluid by photo-disruptive interaction. In one implementation, a volume of ocular tissue within an outflow pathway in the irido-corneal angle is modified to create a channel opening in one or more layers of the trabecular meshwork. In another implementation, a volume of fluid in the Schlemm's canal is affected by the laser to bring about a pneumatic expansion of the canal. In either implementation, resistance to aqueous flow through the eye is reduced.

Abstract: Aspects of the disclosure relate to monitoring virtual desktops accessed by devices at remote locations using machine-learning models to mitigate potential cyber-attacks. In some embodiments, a computing platform may monitor data associated with a series of activities from a virtual desktop accessed by a remote computing device. Subsequently, the computing platform may detect new activity data on the virtual desktop accessed by the remote computing device, and evaluate the new activity data relative to the data associated with the series of activities, wherein evaluating includes applying a machine learning model to the new activity data. Based on evaluating the new activity data, the computing platform may determine if the new activity data is indicative of a potential cyber-attack. In response to determining that the new activity data is indicative of a potential cyber-attack, the computing platform may initiate one or more security response actions.

Abstract: This disclosure provides systems, methods, and apparatuses for wireless sensing. In some aspects, a first wireless communication device may receive a first wireless transmission including a transmit (TX) parameter information element (IE). The first wireless communication device may verify the integrity of the TX parameter IE using a message integrity code (MIC) in the first wireless transmission, discarding the first wireless transmission when the MIC does not verify the integrity of the TX parameter IE. The first wireless device may obtain one or more transmission parameters for one or more second wireless communication devices associated with the TX parameter IE. The first wireless communication device may receive a second wireless transmission from one of the second wireless communication devices and obtain one or more wireless sensing measurements associated with the second wireless transmission and the one or more transmission parameters.

Abstract: A computing device may receive a first packet addressed to a destination node. The device may check a packet counter to determine if the counter exceeds a threshold, the counter recording a number of packets addressed to the destination node that have been received during a first time period. The device may in response to the packet counter exceeding the threshold: send, by the computing device, a query to an intermediate node; generate, by the device, a query flag in response to sending the query. The query flag can indicate that a query has been sent to the intermediate node. A reply from the intermediate node can be received by the device. The reply can identify a set of processes that the intermediate node is configured to perform on the first packet. The set of processes can be applied by the device to the first packet.

Abstract: This disclosure describes systems, methods, and devices related to network outage management. A method may include receiving, by a cloud-based system, a first indication of a first cable system outage; instantiating, by the cloud-based system, a first computing instance associated with generating event data indicative of the first cable system outage; instantiating, by the cloud-based system, a second computing instance associated with a machine learning model; generating, by the cloud-based system, using the event data as inputs to the machine learning model, a score indicative of a probability that the first cable system outage is repairable by a technician; and refrain from sending, by the cloud-based system, based on a comparison of the score to a score threshold, the event data to a first system associated with repairing the first cable system outage.

Abstract: Systems and methods include reception of a request for access to a target domain, the request including a source Internet Protocol (IP) address, determination of whether the source IP address is one of a plurality of IP addresses indicated within stored first data, determination, if it is determined that the source IP address is one of the plurality of stored IP addresses, of whether the target domain is one of a plurality of domains indicated within stored second data, and forwarding, if it is determined that the source IP address is one of the plurality of stored IP addresses and the target domain is one of a plurality of domains indicated within stored second data, of the request to the target domain.

Abstract: Some network architectures include perimeter or edge devices which perform network address translation or otherwise modify data in a network traffic packet header, such as the source address. The modification of the source address prevents downstream devices from knowing the true or original source address from which the traffic originated. To address this issue, perimeter devices can insert the original source address in an X-Forwarded-For field of the packet header. Firewalls and related security services can be programmed to record the original source address in the XFF field in addition to the other packet information and to consider the original source address during security analysis. Using the original source address in the XFF field, services can determine additional characteristics about the traffic, such as geographic origin or associated user accounts, and use these characteristics to identify applicable rules or policies.

Abstract: Disclosed are systems and associated methods for protecting systems against software intended to damage or disable computers and computer systems, commonly called “malware” especially encrypting malware. Both agent-based and agentless implementations allow the identification of malware and the protection of local and cloud-based data by observing changes to filesystem structure and the information content of files, with no need to scan memory or interfere with the processing of individual processes. The data permeability of the protected system can be dynamically changed, allowing user-directed changes to be committed to storage and backed up, while adverse or potentially adverse changes are quarantined.

Abstract: A system and method for cybersecurity risk analysis and anomaly detection using active and passive external reconnaissance, that identifies critical network entities within a cyber-physical graph, identifies anomalous events within the network, determines the risk of identified anomalies based on the value of the entities involved, and determines an effectiveness score for the network based on the identified risks.

Abstract: A method includes creating a secured connection between a home network and a remote corporate network via a smart home gateway; detecting a plurality of devices are connected with the smart home gateway, wherein the plurality of devices are within the home network; determining that a first device of the plurality of devices is indicated as an authorized corporate device; determining that the first device has software updated to a threshold version of software; and based on the indication that the first device is an authorized corporate device or the first device has software update to the threshold version of software, automatically connecting the first device to the remote corporate network.

Abstract: The disclosure provides a method performed by a wireless device for providing capability information. The method comprises: receiving a first message from a base station, the first message comprising an indication of a capability filter; utilizing the capability filter to generate a filtered set of capabilities of the wireless device; applying a hash function to the filtered set of capabilities to generate a hash value; and transmitting a second message to the base station, the second message comprising the hash value.

Abstract: A logic circuit for managing reception of secure data packets in an industrial controller snoops data being transferred by a Media Access Controller (MAC) between a network port and a shared memory location within the industrial controller. The logic circuit is configured to perform authentication and/or decryption on the data packet as the data packet is being transferred between the port and the shared memory location. The logic circuit performs authentication as the data is being transferred and completes authentication shortly after the MAC has completed transferring the data to the shared memory. The logic circuit coordinates operation with the MAC and signals a Software Packet Processing (SPP) module when authentication is complete. The logic circuit is further configured to decrypt the data packet, if necessary, and to similarly coordinate operation with the MAC and delay signaling the SPP module that data is ready until decryption is complete.

Abstract: The innovation disclosed and claimed herein, in one aspect thereof, comprises systems and methods of autonomous asset configuration modeling and management. The innovation includes probing elements of a networked architecture to compile information about elements in the networked architecture. The innovation learns a configuration for the at least one element in the environment based on the probing and determines vulnerabilities in the learned configuration. The innovation develops a threat model based on the learned configuration. The innovation applies the threat model to the elements of the networked architecture and deploys a configuration that resolves the vulnerabilities based on the threat model to the elements in the networked architecture. The threat model can be developed over time using machine learning concepts and deep learning of data sources associated with the elements and vulnerabilities.

Abstract: A method of monitoring and controlling network traffic within an industrial control system including receiving one or more data packets at a smart network switching system operating software-defined networking, analyzing the one or more data packets at a protocol level within a control plane of the software-defined networking, based on the analysis, determining whether the one or more data packets are authorized data packets, and forwarding a data packet of the one or more data packets to a destination device within a data plane of the software-defined networking upon determining that the data packet is an authorized data packet. The method further includes providing information related to the analysis of the one or more data packets to an out-of-band monitoring and control system for display to a user, and receiving a response communication from the out-of-band monitoring and control system indicating whether the one or more data packets are authorized data packets.

Abstract: Disclosed in some examples are methods, systems, and machine readable mediums for secure, low end-user effort computing device configuration. In some examples the IoT device is configured via a user's computing device over a short range wireless link of a first type. This short range wireless communication may use a connection establishment that does not require end-user input. For example, the end user will not have to enter, or confirm a PIN number or other authentication information such as usernames and/or passwords. This allows configuration to involve less user input. In some examples, to prevent man-in-the-middle attacks, the power of a transmitter in the IoT device that transmits the short range wireless link is reduced during a configuration procedure so that the range of the transmissions to and from the user's computing device are reduced to a short distance.

Abstract: A packet gateway may protect TCP/IP networks by enforcing security policies on in-transit packets that are crossing network boundaries. The policies may include packet filtering rules derived from cyber threat intelligence (CTI). The rapid growth in the volume of CTI and in the size of associated CTI-derived policies, coupled with ever-increasing network link speeds and network traffic volume, may cause the costs of sufficient computational resources to be prohibitive. To efficiently process packets, a packet gateway may be provided with at least one probabilistic data structure, such as a Bloom filter, for testing packets to determine if packet data may match a packet filtering rule. Packet filtering rules may be grouped into subsets of rules, and a data structure may be provided for determining a matching subset of rules associated with a particular packet.

Abstract: Systems and methods for implementing filters within computer networks include obtaining blocklist data that includes blocklist entries for a network. Each of the blocklist entries includes one or more network traffic attributes for identifying traffic to be blocked. In response to receiving the blocklist data, a filter based on a common network traffic attribute shared between at least two of the plurality of blocklist entries is generated. The filter is then deployed to a network device within the network such that the filter may be implemented at the network device to block corresponding traffic.

Abstract: A method for automatically adjusting one or more device security settings includes receiving a plurality of information feeds received over a communications network from a plurality of information sources. The method further includes accessing a particular information feed from the plurality of information feeds and accessing a predefined trigger associated with the particular information feed. The method further includes determining, by comparing the particular information feed with the predefined trigger, whether a security event is predicted to occur. When the security event is predicted to occur, the method generates an alert for display on a user device and sends, over the communications network, one or more instructions to adjust the one or more device security settings.

Abstract: A packet-filtering system configured to filter packets in accordance with packet-filtering rules may receive data indicating network-threat indicators and may configure the packet-filtering rules to cause the packet-filtering system to identify packets comprising unencrypted data, and packets comprising encrypted data. A portion of the unencrypted data may correspond to one or more of the network-threat indicators, and the packet-filtering rules may be configured to cause the packet-filtering system to determine, based on the portion of the unencrypted data, that the packets comprising encrypted data correspond to the one or more network-threat indicators.

Abstract: A speech-processing system may provide access to one or more virtual assistants via a voice-controlled device. The system may be activated by detecting a wakeword in speech received by a microphone of the device. The system may process the speech and provide a response in the form of synthetic speech. When a speaker of the device synthetic emits the speech, the microphone may detect some or all of the speech. If the synthetic speech includes a wakeword or words or phrases similar to the wakeword, a wakeword detection component of the device may detect the wakeword and activate an assistant, resulting in a self-wake or cross-wake. Self- or cross-wake may interrupt an action or response currently in progress, which may frustrate the user and result in a poor user experience. This disclosure thus proposes systems and methods for preventing cross-wake and self-wake in a voice-controlled device.