Systems and methods include providing functionality for the user device while operating in background on the user device including providing secure connectivity with a cloud-based system over a network; continuously collecting packets intercepted by the enterprise application over a time interval, wherein the collected packets are collected over the time interval; and responsive to an issue with functionality of the enterprise application, transmitting the collected packets to a back end server for troubleshooting of the issue. The time interval is a set amount of time, and each collected packet is deleted at the expiration of the time interval.

Automatic preparation of data related to session initiation protocol (SIP) based traffic flows in a lawful interception (LI) scenario is disclosed. The dataset that is obtained may, e.g., be used for machine learning-based (ML) and artificial intelligence (AI) tools that can identify lawfully intercepted SIP-based traffic cases. Such preparation of data reduces the 5 risk of misunderstandings between a communications service provider (CSP) and a law enforcement agency (LEA), which reduces the time dedicated by both parties in understanding the correctness of LI data provided by the CSP to the LEA.

A system, method, and apparatus for providing secure communications to one or more users through an unclassified network. The system may include a network access management device may have a plurality of internal data network communications interfaces configured to communicate with at least one classified computing device using a National Security Agency (NSA) Commercial Solution for Classified (CSfC) comprised solution and an external data network communications interface configured to communicate with an unclassified network. A network access management device may use an inner NSA CSfC approved tunneling technology, an outer NSA CSfC approved tunneling technology, and a processor configured to perform processing and routing protocols associated with interconnecting the internal data network communications interface and the external data network communications interface.

A computer method and system for mitigating Domain Name System (DNS) misuse using a probabilistic data structure, such as a cuckoo filter. Intercepted is network traffic flowing from one or more external hosts to a computer network, the intercepted network traffic including a DNS request that requests a Resource Record name in a DNS zone file. A determination is made as to whether the DNS request is requesting resolution at a protected DNS Name Server. A hash value is calculated for the requested Resource Record name if it is determined the DNS request is requesting resolution at the protected DNS Name Server. A determination is then made as to whether the calculated hash value for the requested Resource Record name is present in the probabilistic data structure. The DNS request is forwarded to the protected server if the requested Resource Record name is determined present in the probabilistic data structure.

Methods for obtain identifiers, such as International Mobile Subscriber Identities (IMSIs) and International Mobile Station Equipment Identities (IMEIs), of mobile communication terminals, and associate these identifiers with other items of identifying information provided by users of the terminals. A local interrogation device may be installed that imitates a legitimate base station belonging to a cellular network, at a control checkpoint. Local interrogation devices are connected to a global interrogation device in a hierarchical network, whereby the local interrogation devices are assigned a priority that is higher than that of the global interrogation device. The global interrogation device provides cellular coverage to a larger area that contains the control checkpoints, while the local interrogation devices provide more localized cellular coverage to the control checkpoints.

A surveillance system connectable to a network, comprising a communication module and a management module; said system being configured to, during an initialization phase: a. intercept a first message being sent to a first device; b. intercept a second message said second message being a response from the first device to the first message; c. calculate a time interval between the interception of the first message and the second message; d. repeat the steps a. to c. to determine further time intervals; e. determine a distribution of said time intervals; f. store the distribution and during a surveillance phase, intercept a third message said message being sent to the first device; intercept a fourth message said fourth message being a response to the third message; calculate a new time interval between the interception of the third and fourth messages; and verify that the new time interval is within the distribution.

The technology disclosed relates to a method, system, and non-transitory computer-readable media that detects malicious communication between a command and control (C2) cloud resource on a cloud application and malware on an infected host, using a network security system. The network security system reroutes the cloud traffic to the network security system. The incoming requests of the cloud traffic are directed to a cloud application in the plurality of cloud applications, and wherein the cloud application has a plurality of resources. The network security system analyzes the incoming requests, determines that the incoming requests are targeted at one or more malicious resources in the plurality of resources. Also, the network security system prevents transmission of the incoming requests to the malicious resources, by making the malicious resources unavailable for receiving future incoming requests, while keeping other resources in the plurality of resources available for receiving the future incoming requests.

Systems and methods for enabling a blockchain-based secure, anonymizing message bus are disclosed. An example method includes sharing public keys associated with messaging participants for communicating information using a message-bus smart contract implemented on a blockchain network. The method also includes a first participant sending a message via a smart contract call against an instance of the message-bus smart contract, and a second participant determining and receiving the message using the blockchain network.

A variety of techniques for concealing the content of a communication between a client device, such as a cell phone or laptop, and a network or cloud of media nodes are disclosed. Among the techniques are routing data packets in the communication to different gateway nodes in the cloud, sending the packets over different physical media, such as an Ethernet cable or WiFi channel, and disguising the packets by giving them different source addressees. Also disclosed are a technique for muting certain participants in a conference call and a highly secure method of storing data files.

An apparatus comprises at least one processing device comprising a processor coupled to a memory. The processing device is configured to identify artifacts in a plurality of messages of an account of a user, and to replace the identified artifacts in the messages with respective modified artifacts while also maintaining in access-controlled storage at least information related to the identified artifacts. The processing device receives from a requestor a request for a given one of the identified artifacts that has been replaced with a corresponding modified artifact, determines a profile of the requestor based at least in part on the request, makes a security determination based at least in part on the determined profile, and takes at least one automated action based at least in part on the security determination.