A key broker monitors network traffic metadata and determines which decryption keys are required at one or more packet brokers in order to decrypt relevant traffic required by various network monitoring devices. The key broker retrieves the required keys from a secure keystore distributes them, as needed, to the network packet brokers, and dynamically updates the decryption keys stored in the network packet brokers in response to changes in network traffic.

The present disclosure relates to traffic monitoring through one or more access control servers configured configured for (i) routing server resource request messages to resource server(s), (ii) extracting information identifying a target server resource from data packets corresponding to one or more received server resource request messages, and (iii) selectively transmitting the received server resource request message to a resource server. The security server(s) is configured to receive a server resource request message data extracted from a server resource request message and initiate a first security response, wherein the initiated first security response is dependent on analysis of the server resource request message data. Responsive to identifying an indicator of compromise or that an originating terminal corresponding to the server resource request is identified within a blacklist, the first security response comprises non-transmission of at least one server resource request message by the access control server to a resource server.

Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.

A system and method is disclosed for transporting application data through a communications tunnel between a host device and a guest device that each includes networked processors. The application data may be transported between the host device and the guest device through an allowed port of the host device, the communications tunnel, and a port of the guest device. Based on logon credentials, the guest device can be authenticated by a security server and a role may be determined. The role can include allowed ports and associated applications on the host that the guest is allowed to access. Remote access from the guest device to host devices or remote devices may be enabled without needing prior knowledge of their configurations. Secure access may be facilitated to remote host devices or remote devices, according to security policies that can vary on a per-session basis and takes into account various factors.

A method and a device for notification, by a notification device, of the use by at least one terminal of an uncertified domain name server. The method includes: receiving a request from the at least one terminal, the request comprising at least one parameter corresponding to a first address enabling communication with a server; searching for the first address in a list, the list comprising at least one address obtained from at least one certified domain name server; and notification, according to the search result, of the use by the at least one terminal of an uncertified domain name server.

A communication system and a communication method for one-way transmission are provided. The communication method includes: transmitting a filtering rule to a programmable logic device by a server; receiving a signal and obtaining data from the signal by the server; packing the data to generate at least one data packet by the server; transmitting the at least one data packet to the programmable logic device by the server; and determining, according to the filtering rule, whether to output the at least one data packet by the programmable logic device.

The disclosed computer-implemented method for protecting user data privacy against anti-tracking evasion techniques for web trackers may include (i) detecting hypertext markup language (HTML) associated with a website displayed in a browser application, (ii) identifying one or more elements in the HTML capable of executing web tracking code from the website, (iii) determining, based on information describing scripting programming code responsible for embedding the HTML elements in the website, a presence of a hidden web tracking script, and (iv) performing a security action that protects against a potential invasion of user data privacy by preventing the hidden web tracking script from executing the web tracking code in the browser application. Various other methods, systems, and computer-readable media are also disclosed.

Systems and methods for receiving information on network firewall policy configurations are disclosed. Based on the received firewall configuration information, a configuration of a firewall and/or subnet of network devices is automatically provisioned and/or configured to control network traffic to and from the subnet.

An event handler implements a state machine or similar construct for processing of complex event chains as incremental events are detected. This approach advantageously limits processing to monitoring for and responding to a next event in a sequence of events, and supports complex event detection in a manner that scales efficiently in time and computation.

Systems and methods are described for determination of indicators of malicious elements within messages. A report of a malicious message is received from a user of an organization, the malicious message having traversed an endpoint security system of the organization. After receiving the report of the malicious message, one or more indicators of one or more malicious elements of the malicious message are identified. Further, an identification of the endpoint security system and a dangerousness score of the malicious message are determined. The one or more indicators, the identification of the endpoint security system, and the dangerousness score are stored into a threat database that is able to be queried to generate an endpoint-specific threat data set.