A system for managing network connected devices, comprising at least one hardware processor adapted to produce a plurality of unique device descriptors, each describing one of a plurality of network connected devices, by: for each of a plurality of device descriptors, each having a plurality of supported actions, and one or more domain device identifiers, each identifier associating the device descriptor with one of a plurality of management domains: for each of the plurality of management domains not associated with the device descriptor: instructing execution on a network connected device described by the device descriptor a domain identification query according to the descriptor's plurality of supported actions, to determine a new domain device identifier; identifying in the plurality of device descriptors a second device descriptor having a domain device identifier equal to the new domain device identifier; and merging the device descriptor with the second device descriptor.

A transmission management system includes a destination name data managing unit which manages a plurality of destination name data items which indicate a plurality of names of a destination in communications between transmission terminals, a destination name data reading unit which reads a destination name data item from the plurality of destination name data items managed by the destination name data managing unit, and a destination name data transmitting unit which transmits the destination name data item read by the destination name data reading unit to a transmission terminal capable of communicating with the destination.

A computer-implemented method is provided for mapping IP addresses and domain names to organizations. The method includes receiving, by a mapping system from an data provider, a dataset related to a plurality of users of the data provider. The dataset includes (a) an IP address for a user device of each user of the plurality of users, and (b) a domain name for a user account of each user of the plurality of users; enriching, by an analytics engine of the mapping system, the received dataset with enrichment data from an enrichment source; receiving, by the analytics engine from a storage medium, historical data relevant to the enriched dataset; and mapping, by the analytics engine, (i) the IP address and/or (ii) the domain name of each user of a portion of the plurality of users to an organization based on the enriched dataset and the historical data.

Endpoints in a network execute a sensor module that intercepts commands. The sensor module compares a source of commands to a sanctioned list of applications received from a management server. If the source does not match a sanctioned application and the command is a write or delete command, the command is ignored and a simulated acknowledgment is sent. If the command is a read command, deception data is returned instead. In some embodiments, certain data is protected such that commands will be ignored or modified to refer to deception data where the source is not a sanctioned application. The source may be verified to be a sanctioned application by evaluating a certificate, hash, or path of the source. Responses from an active directory server may be intercepted and modified to reference a decoy server when not addressed to a sanctioned application. Requests to view network resources may be responded to with references to a decoy server.

Endpoints in a network execute a sensor module that intercepts commands. The sensor module compares a source of commands to a sanctioned list of applications received from a management server. If the source does not match a sanctioned application and the command is a write or delete command, the command is ignored and a simulated acknowledgment is sent. If the command is a read command, deception data is returned instead. In some embodiments, certain data is protected such that commands will be ignored or modified to refer to deception data where the source is not a sanctioned application. The source may be verified to be a sanctioned application by evaluating a certificate, hash, or path of the source. Responses from an active directory server may be intercepted and modified to reference a decoy server when not addressed to a sanctioned application. Requests to view network resources may be responded to with references to a decoy server.

In some particular embodiments, DNS servers are operated to maintain consistency of DNS records between the multiple master servers in response to certain types of communication situations. Each master DNS server monitors network connectivity by periodically testing or checking network connections of the master server (e.g., to another server). In one such exemplary context and particular embodiment, a first DNS master server operates by maintaining consistency of DNS records with at least one other DNS server. In this manner DNS records are updated using communications over a network and between the servers. Network isolation is detected and, after other related steps, restoration of connections to the at least one second DNS server is detected, and then queued DNS update requests are sent to the second DNS server. This approach is used to establish consistency of the DNS records between the DNS servers.

A method for operating a constrained device within a network is disclosed. The constrained device is configured with a plurality of data objects and a mapping between at least one of the data objects and a multicast address. The method includes detecting that the constrained device should send a notification 104 and determining a topic to which the notification relates. The method further includes, if the topic corresponds to a data object, retrieving the data object to which the topic corresponds, retrieving a mapped multicast address corresponding to the data object, and posting the notification to the retrieved multicast address.

A system and method is provided for a predictive connectivity layer. In the disclosed embodiments, resources, such as bandwidth, processing, and memory, at a network node are dynamically allocated based on one or more predicted user behaviors. A predicted user behavior may be determined based on one or more previous actions of a user or a group of users at the network node. For example, if a user accesses the network node to download a particular web site at the same time every morning, the predictive technique may determine that the user will attempt to download the same web site the next morning, and therefore cache a copy of the web site before the user's next attempt to access the network through the network node, Similarly, the network node may predict an amount of bandwidth or other resources to allocate based on previous behavior of one or more users.

A service enables a command that refers to a file system object using a hierarchical namespace identifier to be executed against the file system object in a flat namespace. The service selectively distributes the command to one of a plurality of name resolution nodes based on a directory name included in the hierarchical namespace identifier. The identified node resolves the directory name to a flat namespace identifier that is used to execute the command against the flat namespace. After communicating with at least one storage node to resolve a directory name, each name resolution node stores a mapping of the directory name to the corresponding flat namespace identifier in a cache, so that subsequent resolutions of that directory name may be performed more efficiently. Cache entries may be invalidated when an operation occurs that impacts the relevant mapping and/or based on system considerations such as cache expiry.

A method for analyzing vulnerabilities may include: an analysis target URL receiving step of receiving a plurality of analysis target uniform resource locator (URL) addresses extracted from the analysis target server; an identification key setting step of setting respective identification keys corresponding to the plurality of analysis target URL addresses; a vulnerability analyzing step of performing a simulated attack so as to access the external server by the analysis target server by inserting an analysis hypertext transfer protocol (HTTP) request sentence including a URL address of an external server and the identification key into the analysis target URL address; an access record checking step of requesting an access record of the analysis target server to the external server; and a vulnerability extracting step of extracting a vulnerability of the analysis target server by using the identification key included in the access record.