Described herein are systems, methods, and software to manage resources in a gateway shared by multiple tenants. In one example, a system may monitor usage of resources by a tenant of the gateway and compare the usage with usage limits associated with the resources. The system may further determine when the usage of a resource exceeds a usage limit associated with the resource and, when the usage of the resource exceeds the usage limit, identify an operation associated with causing the usage limit to be exceeded and blocking the operation.

In some embodiments, a network regulator device protects a local network of client systems (e.g. Internet-of-things devices such as smartphones, home appliances, wearables, etc.) against computer security threats. When introduced to the local network, some embodiments of network regulator take over some network services from a router, and automatically install the network regulator as gateway to the local network. The network regulator then carries out an automatic device discovery procedure and distribute device-specific utility agents to the protected client systems. An exemplary utility agent detects when its host device has left the local network, and in response, sets up a virtual private network (VPN) tunnel with a security server to maintain protection of the respective device.

The disclosure is directed towards systems and methods for improving security in a computer network. The system can include a planner and a plurality of controllers. The controllers can be deployed within each zone of the production network. Each controller can be configured to assume the role of an attacker or a target for malicious network traffic. Simulations of malicious behavior can be performed by the controllers within the production network, and can therefore account for the complexities of the production network, such as stateful connections through switches, routers, and other intermediary devices. In some implementations, the planner can analyze data received from the controllers to provide a holistic analysis of the overall security posture of the production network.

In one embodiment, a secure network system includes a two-way bridge connecting a protected packet data network with an external packet data network so as to allow bidirectional communication between the protected and external networks, a one-way link unidirectionally connecting the protected network to the external network and physically configured to carry signals in one direction from the protected network to the external network and to be incapable of carrying signals in the opposite direction from the external packet data network to the protected packet data network, and a security server to receive an indication of a security threat to at least one of the networks, and in response to the indication, to deactivate the two-way bridge and activate the one-way link so as to prevent the protected network from receiving packets from the external network while allowing forwarding of packets from the protected network to the external network.

An apparatus for handling an incoming communication data frame containing a plurality of bits is provided. The apparatus may include a plurality of data matchers, each data matcher configured to compare a subset of the plurality of bits of the communication data frame with a predetermined data pattern of a plurality of data patterns and to provide a data matcher output to indicate the result of the data matcher comparison, a plurality of selectors, each selector configured to compare a subset of the data matcher outputs of the plurality of data matchers with a predetermined selection pattern of a plurality of selection patterns and to provide a selector output to indicate the result of the selector comparison, and a frame filter configured to transfer the incoming frame to application logic only if the selector outputs of the plurality of selectors match a predetermined filter pattern, and to also transfer the selector outputs of the plurality of selectors to the application logic.

An automotive gateway includes one or more interfaces and one or more processors. The one or more interfaces are configured to communicate with electronic subsystems of a vehicle. The one or more processors and configured to host one or more guest applications and to control communication traffic between the one or more guest applications and the electronic subsystems of the vehicle in accordance with a security policy.

An integrated-circuit device comprises a processor, a peripheral component, a bus system, connected to the processor and to the peripheral component, and configured to carry bus transactions; and hardware filter logic. The bus system is configured to carry security-state signals for distinguishing between secure and non-secure bus transactions. The peripheral component comprises a register interface, accessible over the bus system, and comprising a hardware register and a direct-memory-access (DMA) controller for initiating bus transactions on the bus system. The peripheral component supports a secure-in-and-non-secure-out state in which the hardware filter logic is configured to prevent non-secure bus transactions from accessing the hardware register of the peripheral component, but to allow secure bus transactions to access the peripheral component. The peripheral component is configured to allow an incoming secure bus transaction to access the hardware register and to initiate a bus transaction as non-secure.

An integrated computer network security and threat prevention and detection platform includes a central processor and a display operable to aggregate and present data from a plurality of network security applications in an integrated dashboard format to a system administrator. The network security applications may be hardware, software, or hybrid applications running on local machines, local networks, remote machines, or remote networks, in communication with the central processor. In one embodiment implementation of the integrated computer network security and threat prevention and detection platform is performed on premises, in an alternative embodiment the integrated computer network security and threat prevention and detection platform is provided in an Internet or cloud-based environment, in other embodiments the computer system security platform is a hybrid configuration having both on-premises and cloud base components.

In one example, a physical storage enclosure can include a storage area to enclose a device, a locking mechanism to prevent removal of the device from the storage area, a logical configuration system coupled to the device within the storage area, wherein the logical configuration system includes instructions to identify the device within the storage area and alter instructions associated with the device within the storage area, a hardware logistic system coupled to the locking mechanism to activate and deactivate the locking mechanism, and a firewall to restrict communication between the logical configuration system and the hardware logistic system.

A method used in an on-board network system, having electronic controllers that exchange messages and a fraud-detecting electronic controller. The method includes receiving an inquiry for a vehicle status indicating whether a vehicle in which the fraud-detecting electronic controller is installed is running from an external device, transmitting the vehicle status to the external device, and determining whether a message transmitted conforms to fraud detection rules. The method also includes receiving from the external device the delivery data, including updated fraud detection rules and network type information indicating a network type that the updated fraud detection rules are to be applied The method further includes determining whether the vehicle is running, and whether the network type information indicates a drive network that is connected to an electronic controller related to travel of the vehicle. When the network type information does not indicate the drive network, updating the fraud detection rules.