A system for preventing attacks on at least one computer via its USB port, the system comprising at least one processor configured to monitor at least one aspect of a connection between a peripheral and a computer's USB port, to identify aspects which match pre-configured criteria and responsively, to take action.

A system for preventing attacks on at least one computer via its USB port, the system comprising at least one processor configured to monitor at least one aspect of a connection between a peripheral and a computer's USB port, to identify aspects which match pre-configured criteria and responsively, to take action.

Systems and methods are provided that may be implemented to use compute capabilities of a network interface controller (NIC) to broker a secure connection across a network between a target information handling system (e.g., such as a server) and one or more other entities (e.g., such as other information handling systems implementing a cloud service or private network, and/or that are providing other remote service/s across the network). This secure connection may be brokered by the NIC at a hardware level in a manner that is separate from a host programmable integrated circuit of the same target information handling system, and in a way that is agnostic and independent of any host operating system or other logic that is executing on the host programmable integrated circuit of the target information handling system.

A message-level policy implemented with for a message routing system may be used to mediate between a variety of message sources and message targets that receive and use messages. The message-level policy may allow fine grained message-by-message policy assessment that a message routing system policy may be able to provide. The message-level policy may furthermore interact with the message routing system policy to provide mechanisms to avoid accidental leakage of protected messages or spill-over to protected regions.

Techniques are provided for actively controlling a communications bus to mitigate threats, including cyber-attacks. A methodology implementing the techniques according to an embodiment includes detecting a threat in a message that is being transmitted between nodes on the communications bus. The message comprises one or more message frames and the threat detection is based on analysis of an initial portion of the message frame. The method further includes actively controlling the bus, based on the threat detection, to prevent the remaining portion of the message frame from delivering the threat to one or more of the nodes on the bus. Actively controlling the bus includes isolating nodes from the bus and/or overwriting data in the remaining portion of the message frame to invalidate the message frame or to remove the threat from the message frame.

Techniques are provided for actively controlling a communications bus to mitigate threats, including cyber-attacks. A methodology implementing the techniques according to an embodiment includes detecting a threat in a message that is being transmitted between nodes on the communications bus. The message comprises one or more message frames and the threat detection is based on analysis of an initial portion of the message frame. The method further includes actively controlling the bus, based on the threat detection, to prevent the remaining portion of the message frame from delivering the threat to one or more of the nodes on the bus. Actively controlling the bus includes isolating nodes from the bus and/or overwriting data in the remaining portion of the message frame to invalidate the message frame or to remove the threat from the message frame.

An integrated-circuit device comprises a bus system connected to a processor, a plurality of peripherals, each connected to the bus system, hardware filter logic; and a peripheral interconnect system, separate from the bus system and connected to the peripherals. For each peripheral, the hardware filter logic stores a respective value determining whether the peripheral is in a secure state. The peripheral interconnect system provides a set of one or more channels for signalling events between peripherals. At least one channel is a secure channel or is configurable to be a secure channel. The peripheral interconnect system is configured to allow an event signal from a peripheral in the secure state to be sent over a secure channel and to prevent an event signal from a peripheral that is not in the secure state from being sent over the secure channel.

An integrated-circuit device comprises a bus system connected to a processor, a plurality of peripherals, each connected to the bus system, hardware filter logic; and a peripheral interconnect system, separate from the bus system and connected to the peripherals. For each peripheral, the hardware filter logic stores a respective value determining whether the peripheral is in a secure state. The peripheral interconnect system provides a set of one or more channels for signalling events between peripherals. At least one channel is a secure channel or is configurable to be a secure channel. The peripheral interconnect system is configured to allow an event signal from a peripheral in the secure state to be sent over a secure channel and to prevent an event signal from a peripheral that is not in the secure state from being sent over the secure channel.

Systems and methods for an interface device that is configured to locally generated encrypted data and also receive encrypted data from a host computer, locally decrypt the data, and present the decrypted data independently from the host computer.

In order to enable dynamic scaling of network services at the edge, novel systems and methods are provided to enable addition of add new nodes or removal of existing nodes while retaining the affinity of the flows through the stateful services. The methods provide a cluster of network nodes that can be dynamically resized to handle and process network traffic that utilizes stateful network services. The existing traffic flows through the edge continue to function during and after the changes to membership of the cluster. All nodes in the cluster operate in active-active mode, i.e., they are receiving and processing traffic flows, thereby maximizing the utilization of the available processing power.