Mobile device security, device management, and policy enforcement are described in a cloud-based system where the “cloud” is used to pervasively enforce security and policy and perform device management regardless of device type, platform, location, etc. A method includes receiving one or more mobile profiles for one or more mobile devices each associated with a user from an enterprise; responsive to enrollment of a mobile device of the one or more mobile devices, communicating to the mobile device; determining an associated mobile profile of the one or more mobile profiles for the mobile device; and configuring the mobile device based on the associated mobile profile.

A method for processing requests sent by a user terminal, carried out by an interface device allowing the user terminal to access a communication network. The method includes: when a received request is detected as intended for being transmitted to a server not authorized by the interface device, receiving a second request intended for being sent to a resolution server associated with the interface device among resolution servers associated with the interface device, and transmitting, to the resolution server associated with the interface device, the second request received or a third request generated by the interface device from the second request received.

A system for firewall data log processing, comprising a firewall logging system operating on a first processor and configured to cause the first processor to receive firewall log data and to process the firewall log data on a periodic basis to reduce the size of the firewall log data and a firewall reporting system operating on a second processor and configured to process the reduced size firewall log data to generate a report on a user interface that includes one or more analytics from the reduced size firewall data.

The present disclosure relates to traffic monitoring through one or more access control servers configured for (i) routing server resource request messages to resource server(s), (ii) extracting information identifying a target server resource from data packets corresponding to one or more received server resource request messages, and (iii) selectively transmitting the received server resource request message to a resource server. The security server(s) is configured to receive a server resource request message data extracted from a server resource request message and initiate a first security response, wherein the initiated first security response is dependent on analysis of the server resource request message data. Responsive to identifying an indicator of compromise or that an originating terminal corresponding to the server resource request is identified within a blacklist, the first security response comprises non-transmission of at least one server resource request message by the access control server to a resource server.

A distributed network security service is disclosed. The disclosed platform comprises an external service that facilitates security operations for a private network. Data from nodes of the private network is received and analyzed by the service. An output is automatically generated by the service in response to a detected security event in the analyzed data that facilitates remediating the security event at least at one or more of the nodes of the private network, wherein a latency exists between the security event occurring on the private network and being remediated during which time an entity responsible for the security event has access to the private network before being blocked.

In one embodiment, a device inserts a watcher module between a first module and a second module in a low-code workflow. The device intercepts, via the watcher module, output data being passed by the first module to the second module. The device determines whether the output data represents a policy violation. The device blocks, via the watcher module, the output data from being input to the second module, when the output data represents a policy violation.

This invention is directed to a communication processing apparatus that secures a safe connection from a non-IP-connection device to an IP-connection cloud (server). This communication processing apparatus includes a first connection unit that connects devices, a second connection unit that connects to servers, a switching unit that switches connections of the devices and the servers between the first connection unit and the second connection unit, a determiner that determines whether connection of a device to the first connection unit is permitted or unpermitted, and a connection controller that controls the switching unit in accordance with a determination result from the determiner.

A computer-implemented method includes receiving a request for one of a network session and a virtual network function, wherein the request includes a single packet authorization request. The method further includes classifying the single packet authorization request at a first service classifier. The method further includes routing the request, via a service function forwarder, to a single packet authorization service function for validation. The method further includes instantiating a security virtual function in response to the request, wherein instantiating the security virtual function occurs after validation of the single packet authorization request. The method further includes configuring the security virtual function to apply at least one connection policy to allow or deny traffic in a data session. The method further includes, in response to allowing the data session, terminating the security virtual function after the data session has concluded.

A method can include receiving network packets including forwarding plane packets; evaluating header information of the network packets to map network packets to any of a plurality of destinations on the module, each destination corresponding to any of a plurality of services executed by offload processors of the module; configuring operations of the offload processors; and in response to forwarding plane packets, executing operations on the forwarding plane packets; wherein the receiving, evaluation and processing of the forwarding plane packets are performed independent of the host processor. Corresponding systems and methods are also disclosed.

The disclosure herein describes managing the migration of nodes between hosts in a distributed computing system. Container statistics data is received by a scheduler from a plurality of hosts, wherein the container statistics data includes data indicating quantities of containers on nodes of the plurality of hosts. A first host of the plurality of hosts that includes a quantity of containers on associated nodes that exceeds a container per host threshold is identified and an excess container quantity is calculated. At least one node of the first host is selected for migration. A second host is identified that has container capacity that meets or exceeds the quantity of containers on the selected at least one node. The selected at least one node is migrated to the second host, whereby the quantity of containers on nodes of the first host is reduced to less than the container per host threshold.