A method for performing security functions in a computer system hosting a network-facing server application includes receiving, by a service request processor, a service request to an application adapted to process the service request; responsive to the service request being a first request for the application to communicate over a network, processing the service request with a first process isolated in memory from the application; responsive to the service request being a second request for the application to access a physical storage device, processing the service request with a second process isolated in memory from the application; and responsive to a determination that the processed service request will not adversely affect the application, providing the processed service request to the application.

The present application discloses a method, system, and computer system for detecting malicious files. The method includes receiving a sample that comprises a .NET file, obtaining imported API function names based at least in part on a .NET header of the .NET file, determining a hash of a list of unmanaged imported API function names, and determining whether the sample is malware based at least in part on the hash of the list of unmanaged imported API function names.

A method for a computer or microchip with one or more inner hardware-based access barriers or firewalls that establish one or more private units disconnected from a public unit or units having connection to the public Internet and one or more of the private units have a connection to one or more non-Internet-connected private networks for private network control of the configuration of the computer or microchip using active hardware configuration, including field programmable gate arrays (FPGA). The hardware-based access barriers include a single out-only bus and/or another in-only bus with a single on/off switch.

An apparatus of a communication network system, which routes data packets and stores trusted routes between different communication network systems in a database, detects (S12) that a data packet requires a route with a specific level of trust, determines (S13), from the trusted routes stored in the database, a specific trusted route towards a destination as indicated in the data packet, and sets (S15) the data packet on the specific trusted route towards the destination.

A method and an apparatus for repercussion-free capture of data from at least one device is provided, which is arranged in a first network having a high security requirement, in a second network having a low security requirement, containing a requesting unit, which is arranged within the first network and is designed to request data from the at least one device in accordance with a request profile, a monitoring unit, which is arranged within the first network and is designed to monitor data that have been sent by the at least one device in response to the request and to transmit said data to an evaluation unit, an evaluation unit, which is arranged in the second network and is designed to compare the monitored data with the data expected on the basis of the request profile, and an alarm unit.

The disclosure herein describes automatically managing a role of a node device in a mesh network. Based on connecting the node device to a target device via a network connection, status data of the target device is obtained. If the status data indicates the target device is a mesh node device, the node device activates a virtualized mesh node operating system. If the status data indicates the target device is a device that is separate from the mesh network, the node device activates a virtualized egress node operating system. The node device updates the mesh network configuration based on which virtualized operating system was activated and then shares the updated mesh network configuration to the other node devices of the mesh network, whereby the mesh network is configured to route network traffic data between the node device and the target device based on the updated mesh network configuration.

The present embodiments relate to providing near real-time communications from a public network to a private network. A first computing device in a public network can obtain data packets to be provided to the private network from an application executing on the first computing device. A trust module executed by the first computing device can authenticate the user, application, and the data packets to be provided to the private network and add metadata relating to the sending user, recipient user, etc. The data packets can be forwarded to the private network via a cross-domain system (CDS). The metadata and the digital signature on the data packets can be verified by a trust module executing on a second computing device in the private network. The second computing device can receive the data packets and store the data packets for subsequent actions to be performed in the private network.

In one embodiment, a supervisory device for a network of a power substation identifies a plurality of nodes in the network of the power substation. The supervisory device associates each of the nodes with one or more security certificates. A particular security certificate authenticates a particular node to the supervisory device and authorizes the particular node to communicate in the network of the power substation. The supervisory device determines a security perimeter for the nodes in the network. The supervisory device schedules communications among the nodes using the one or more security certificates and based on the determined security perimeter.

The technology includes a method performed by a security system of a 5G network to protect against a cyberattack. The system can instantiate a function to monitor and control incoming network traffic at a perimeter of the 5G network in accordance with a security model that is based on a vulnerability parameter, a risk parameter, and a threat parameter. The system can process the incoming network traffic with the security model to output a vulnerability-risk-threat (VRT) score that characterizes the incoming network traffic in relation to the vulnerability parameter, the risk parameter, and the threat parameter, and causes one or more actions based on the VRT score to mitigate the cyberattack. The action(s) can include blocking the incoming network traffic at the perimeter of the 5G network.

Edge clusters execute in a plurality of regional clouds of a cloud computing platforms, which may include cloud POPs. Edge clusters may be programmed to control access to applications executing in the cloud computing platform. Edge clusters and an intelligent routing module route traffic to applications executing in the cloud computing platform. Cost and latency may be managed by the intelligent routing module by routing requests over the Internet or a cloud backbone network and using or bypassing cloud POPs. The placement of edge clusters may be selected according to measured or estimated latency. Latency may be estimated using speed test servers and the locations of speed test servers may be verified.