Systems and methods directed to an application gateway for security and privacy that supports security and compliance monitoring between production environments and virtual private clouds are described. In examples, the application gateway for security and privacy supports security and compliance logging making such information available to administrators and auditors; accordingly, the administrators and auditors can determine how the application gateway for security and privacy is behaving in a very detailed way. For example, by providing access to security and compliance logs, administrators and auditors can verify that the application gateway is not behaving in a malicious manner, such as but not limited communicating with an unauthorized host. In addition to including a user-friendly management interface that allows a user access to modify existing configurations in real-time, the application gateway for security and privacy may scale in a secure manner to support increasing and decreasing traffic demands.

The present application describes systems and methods for populating a DNS cache of a recursive DNS server using information gathered by a threat intelligence system. The threat intelligence system may collect some or all DNS responses from one or more recursive DNS servers as the one or more DNS servers process various received requests. Since the threat intelligence engine has access to this DNS data, the DNS data may be used to seed a DNS cache of a recursive DNS server.

A technique involves modular storage of network service plan components and provisioning of same. A subset of the capabilities of a service design system can be granted to a sandbox system to enable customization of service plan offerings or other controls.

Secure device data records (DDRs) are provided. In some embodiments, a system for secure DDRs includes a processor of a wireless communication device for wireless communication with a wireless network, in which the processor is configured with a secure execution environment, and in which the secure execution environment is configured to: monitor service usage of the wireless communication device with the wireless network; and generate a plurality of device data records of the monitored service usage of the wireless communication device with the wireless network, in which each device data record is associated with a unique sequence order identifier; and a memory coupled to the processor and configured to provide the processor with instructions. In some embodiments, the secure execution environment is located in an application processor, in a modem processor, and/or in a subscriber identity module (SIM).

A method includes capturing first data associated with a first packet flow originating from a first host using a first capture agent deployed at the first host to yield first flow data, capturing second data associated with a second packet flow originating from the first host from a second capture agent deployed outside of the first host to yield second flow data and comparing the first flow data and the second flow data to yield a difference. When the difference is above a threshold value, the method includes determining that a hidden process exists and corrective action can be taken.

A system and methods comprise a touchscreen at a premises. The touchscreen includes a processor running gateways and coupled to a security system at the premises. User interfaces are presented via the touchscreen. The user interfaces include a security interface that provides control of functions of the security system and access to data collected by the security system, and a network interface that provides access to network devices. A network device at the premises is coupled to the touchscreen via a Wi-Fi channel. A security server at a remote location is coupled to the touchscreen. The security server comprises a client interface through which remote client devices exchange data with the touchscreen and the security system.

Technologies for managing network traffic through heterogeneous fog network segments of a fog network include a fog node deployed in a fog network segment. The fog node is configured to receive a fog frame that includes control instructions. The fog node is further configured to perform a route selection action to identify a preferred target fog node based on the control instructions, perform action(s) based on the control instructions and network characteristic(s) of the fog network segment relative to corresponding network characteristic(s) of the different fog network segment, and generate updated control instructions based on at least one network characteristic of the different fog network segment. Additionally, the fog node is configured to replace the original control instructions of the received fog frame with the updated control instructions and transmit the received fog frame with the updated control instructions to the preferred target fog node. Other embodiments are described and claimed.

Provided are methods and systems for cluster-based mitigation of a network attack. A method for cluster-based mitigation of a network attack may commence with detecting an unusual pattern in network data traffic associated with data sources. The method may further include extracting signature parameters associated with the network data traffic. The signature parameters may be indicative of the network attack. The method may continue with assigning importance weights to the signature parameters based on historical signature data to generate weighted signature parameters. The method may further include building a decision tree for the data sources based on the weighted signature parameters. The method may continue with creating an optimal number of clusters for the data sources based on an analysis of the decision tree. The method may further include selectively taking at least one mitigating action with regard to the data sources within the clusters.

A method, performed by an observer node, of securing a network, includes: receiving a signal over the network; determining, based on a frequency characteristic of the received signal, which is determined according to a physical characteristic of a node, which transmits the received signal, a node, which has transmitted the received signal among a plurality of nodes included in the network; comparing a pre-learned signal pattern of the determined transmission node with a pattern of the received signal to determine whether the determined transmission node is a malicious node; and blocking the signal transmitted from the malicious node by determining that the transmission node is a malicious node.

A computer-implemented method, computer program product and computing system for: obtaining system-defined consolidated platform information for a computing platform from an independent information source; obtaining client-defined consolidated platform information for the computing platform from a client information source; and comparing the system-defined consolidated platform information to the client-defined consolidated platform information to define differential consolidated platform information for the computing platform.