To secure communications from a process plant across a unidirectional data diode to a remote system, a sending device at the plant end publishes data across the diode to a receiving device at the remote end. The publication of various data is respectively in accordance with context information (e.g., identification of data sources, respective expected rate of data generation/arrival, etc.) that is descriptive of data sources of the plant and that is recurrently provided by the sending device across the diode. A recurrence interval may be based on a tolerance for lost data or another characteristic of an application, service, or consumer of data at the remote system. The publishing may leverage an industrial communication protocol (e.g., HART-IP) and/or a suitable general-purpose communication protocol (e.g., JSON).

A system having an off-premises proxy server residing in a cloud computing environment and backend servers residing in an enterprise computing environment are provided. Requests received by the off-premises proxy server for access to a first, non-publicly accessible backend server are routed to a tunnel server which stores the request and waits to be polled by a tunnel agent connected to the first backend server. When the tunnel server is polled, the request is forwarded through an HTTP tunnel to the tunnel agent, which forwards it to the backend server for processing. Responsive information is returned to the tunnel agent, which forwards it through the HTTP tunnel to the tunnel server and returned through the off-premises proxy server to the remote application. Requests for access to a first, publicly accessible backend server are routed by the off-premises proxy server directly to the backend server for processing and return of responsive information.

Disclosed is a device for configuring and implementing network security for a connected network node, and for shifting the network security closer to the attack point of origin. In particular, the device may activate attack protections on different Multi-Access Edge Computing (“MEC”) devices that are physically located near or at the attack point of origin. The device may detect an attack signature based on one or more received data packets, and may provide a response with an extended header field, the attack signature, and/or other attack protection instructions. The responses may be passed to an address of a suspected attacker. MEC devices along the network path may detect and receive the responses, and implement attack protections in response. The responses may also be passed to a multicast or broadcast address that the MEC device may use to receive responses.

A device may receive a secure signal message from an IoT device provided in a first security zone, and may provide the secure signal message from the first security zone to a second security zone, via a first secure data layer. The device may generate two processed secure signal messages from the secure signal message, and may provide the two processed secure signal messages from the second security zone to a third security zone, via a second secure data layer. The device may calculate a secure analytics message, that includes a graph, based on the two processed secure signal messages, and may provide the secure analytics message from the third security zone to a fourth security zone, via a third secure data layer. The device may store the secure analytics message in a data structure associated with the fourth security zone.

The present disclosure is directed generally to systems and methods for providing load balancing as a service. A load balancer executing on a device intermediary to a server and a plurality of clients can receive a request from an agent executing on the server. The request can be to initiate establishment of a transport layer connection. The load balancer can accept the request to establish the transport layer connection with the server. The load balancer can receive a request to access the server from a client of the plurality of clients. The load balancer can forward the request to the server via the transport layer connection established between the load balancer and the server responsive to the request of the server.

The air-gapped device controller system provides a disconnected (air-gapped) remote endpoint controller that does not allow any programmatic manipulation of the remote system and works exclusively on an analog basis. To accomplish this, the system includes an apparatus that is connected to the end-user via internes or any other network and interacts with an air-gapped system (remote system) physically. It does so by translating the user's physical input to a signal on the wire and then recreating the user's physical input on the interface attached to the air-gapped system (e.g., pressing buttons, operating a touch pad or a mouse, user's video feed etc. Further, the system provides a method to allow the user to control an air gap control system without physically operating the hardware of the air gap control system. Additionally, the system may operate and control operating systems, computers, cameras, microphones, display systems, etc.

Systems, computer program products, and methods are described herein for secure file-sharing. The present invention may be configured to receive a request to store data on a network, process the request through a firewall. Processing the request includes: generating a first electronic digital certificate, storing the first electronic digital certificate on a distributed ledger, encrypting the data using the first electronic digital certificate, storing the encrypted data on at least one of the plurality of data server nodes, and recording the request on the distributed ledger. The present invention is further configured to receive and process a second request. Processing the second request includes: decrypting the data using the second electronic digital certificate, providing the decrypted data to the second requestor, and recording the second request on the distributed ledger.

Methods, systems, and computer-readable storage media for providing a software system to each customer in a set of customers, each customer being associated with a customer system in a set of customer systems, the software system including a set of views in a data science pool, each of the views in the set of views providing a data set based on production data of respective customers; for each customer system: accessing at least one data set within the customer system through a released view provided in a DMZ within the customer system and corresponding to a respective view in the set of views, and triggering training of a ML model in the DMZ to provide and results; and selectively publishing the ML model for consumption by each of the customers in the set of customers based on a set of results comprising the results from each customer system.

A system and a method are for routing data packets from or to at least one electronic control unit, referred to as outgoing packets or incoming packets respectively. The at least one electronic control unit is connected to a communications system via a first interface. The communications system is connected via a second interface to a modem suitable for transferring the outgoing packets and the incoming packets to or respectively from at least one telecommunications network through a plurality of access points. Each access point is secured or unsecured. The outgoing and incoming packets are processed according to the type of access point by which the packets are transferred to or from the at least one telecommunications network.

Methods, systems, and computer storage media for providing a local protocol server associated with a secure networking engine that provides client-side forwarding in a secure networking system. The local protocol server (e.g., local TCP/UDP server)—on a client device—operates based on client-side forwarding operations that include: IP assignment, operating system (OS) routing, destination network address translation, and original destination retrieval to support accessing a network resource (e.g., socket connection) on the client device and support communications between client applications on the client device and the local protocol server on the same client device. In this way, the local protocol server supports communications of a diverse set of data traffic or network traffic (e.g., different types of cross-platform communications), where the diverse set of network traffic is initially communicated from a client application and processed for network security operations at the local protocol sever of within the same client device.