A communication system and a communication method for reporting a compromised state in one-way transmission are provided. The communication method includes: receiving a packet by a first port; coupling an error checking circuit to the first port, wherein the error checking circuit checks a header of the packet; coupling a first unidirectional coupler to the first port and the error checking circuit, and coupling a second unidirectional coupler to the first port and the error checking circuit; in response to an error being in the header, disabling the first unidirectional coupler and the data inspection circuit and enabling the second unidirectional coupler by the error checking circuit; receiving the packet from the communication device by a receiving server; and in response to determining the received packet is incomplete by the receiving server, outputting the compromised state by the receiving server.

An apparatus comprises a processing device configured to receive, at a user interface of a trust platform configured to manage cloud assets operating in clouds of cloud service providers, a request to view security and compliance risk for a given entity running workloads utilizing the cloud assets. The processing device is also configured to obtain, utilizing application programming interfaces of the trust platform, first and second sets of security and compliance telemetry data generated by first and second pluralities of monitoring tools operating in tenant and management environments of the clouds. The processing device is further configured to generate a unified view of security and compliance for the workloads of the given entity utilizing the first and second sets of security telemetry data, and to provide the unified view of security and compliance for the workloads of the given entity at the user interface of the trust platform.

A method including receiving, from a user device, a transmission packet for communication to a destination device; determining, based on an IP address of the destination device, whether the user device is permitted to transmit to the IP address; determining, based on determining that the user device is permitted to transmit to the IP address, whether the user device is permitted to transmit to a port associated with the IP address; determining, based on determining that the user device is permitted to transmit to the port, whether the user device is permitted to utilize a protocol utilized by the user device to transmit the transmission packet; and determining, based on determining that the user device is permitted to utilize the protocol, whether the user device is permitted to utilize a web application utilized by the user device to transmit the transmission packet is disclosed. Various other aspects are contemplated.

In one embodiment, a malware analysis method includes receiving a file on a virtual machine (VM). The VM includes, a web debugging proxy, a system resource monitor, and a file analysis tool. The method also includes performing, with the file analysis tool, a static analysis on the file. The static analysis includes determining a set of file properties of the file, and storing the determined file properties in a repository. The method further includes performing, with the web debugging proxy and the system resource monitor, a dynamic analysis on the file, the dynamic analysis. The dynamic analysis includes running the file on the VM, determining, with the web debugging proxy, web traffic of the virtual machine, determining, with the system resource monitor, executed commands and modifications to system resources of the VM originating from the file, and storing the determined traffic and executed commands in the repository.

Briefly, embodiments, such as methods and/or systems for managing and/or monitoring secure network connections between endpoints without intervening between the endpoints, for example, are described.

An access control device provides a secure access control mechanism for a system being remotely accessed. An embodiment of the access control device includes a front-end firewall to provide a first network port to connect a computer to remotely access the system; a bastion host connected with the front-end firewall; and a back-end firewall, connected with the bastion host, to provide a second network port to connect the system. The back-end firewall determines remotely accessible resources in the system and determines resources remotely accessible by the computer, among the remotely accessible resources in the system, according to remote access control policies. The bastion host provides the computer with information provided by the back-end firewall about the resources remotely accessible by the computer through the first network port of the front-end firewall, to permit the resources to be remotely accessible by the computer. Advantages may include security, simplicity and plug-and-play.

Systems and methods are provided for receiving, at a network device, a first set of rules from a security controller of an enterprise network, the first set of rules being different from a second set of rules provided to a firewall by the security controller, implementing, at the network device, the first set of rules received from the security controller, generating, at the network device, a first log including metadata based on the first set of rules, the first log being generated on a per flow basis, notifying, at the network device, a NetFlow of the first log including the metadata of the first set of rules, and providing, from the network device, the first log to a cloud-log store by the NetFlow of the network device, the cloud-log store receiving the first log from the network device and a second log from the firewall.

A key broker monitors network traffic metadata and determines which decryption keys are required at one or more packet brokers in order to decrypt relevant traffic required by various network monitoring devices. The key broker retrieves the required keys from a secure keystore distributes them, as needed, to the network packet brokers, and dynamically updates the decryption keys stored in the network packet brokers in response to changes in network traffic.

A method comprises detecting a removable media device being coupled to an external device port of a digital device having an operating system and a file system, authenticating a password to access the removable media device, causing redirection code to be temporarily generated on the digital device, intercepting with the redirection code a data request, determining to allow the data request based on a security policy, allowing the operating system or file system to provide the data based on the determination, detecting the removable media device being removed from the digital device; and terminating the at least a portion of the redirection code.

The portable peripheral (1001) of communication with a data storage peripheral and a data network utilizing the internet protocol, comprises: a connector to mechanically connect and establish a removable wired connection between the peripheral and a portable terminal, a first means of wired bidirectional communication with the portable terminal, a second means of bidirectional communication with a data storage peripheral or a data network and a security unit protecting the communication between the portable terminal and the data storage peripheral or the data network, this communication being established between the first and the second means of communication.