A parser model may be used with software-defined applications or controllers. A network topology may be detected and based on the change in the network topology, a network device may filter certain network data traffic for processing by a software-defined network controller.

A flexible security system has been created that allows for fluid security operations that adapt to the dynamic nature of user behavior while also allowing the security related operations themselves to be dynamic. This flexible system includes ongoing collection and/or updating of multi-perspective “security contexts” per actor and facilitating consumption of these multi-perspective security contexts for security related operations on the users. These security related operations can include policy-based security enforcement and inspection. A security platform component or security entity uses a multi-perspective security context for a user or actor. Aggregating and maintaining behavioral information into a data structure for an actor over time from different sources allows a security platform component or entity to have historical context for an actor from one or more security perspectives. Descriptors that form a security context can originate from various sources having visibility of user behavior and/or user attributes.

Simplified and/or user friendly interfaces can be employed to facilitate administration of a routing platform that couples devices of a local area network (LAN) to an external communication network (e.g., the Internet). In one aspect, the routing platform comprises a firewall that can be employed to perform access control and/or an Internet of Things (IoT) hub that can be employed to control operations of IoT devices of the LAN, for example, based on domain information, user-defined tags and peer-defined criteria to make correlations that are leveraged to implement access control policies. A search and command interface is employable to issue textual (e.g., natural language) commands to configure access control policies, tags for devices and/or websites, and/or search for data.

The technology disclosed herein enables micro-segmentation of virtual computing elements. In a particular embodiment, a method provides identifying one or more multi-tier applications comprising a plurality of virtual machines. Each application tier of the one or more multi-tier applications comprises at least one of the plurality of virtual machines. The method further provides maintaining information about the one or more multi-tier applications. The information at least indicates a security group for each virtual machine of the plurality of virtual machines. Additionally, the method provides identifying communication traffic flows between virtual machines of the plurality of virtual machines and identifying one or more removable traffic flows of the communication traffic flows based, at least in part, on the information. The method then provides blocking the one or more removable traffic flows.

Systems, software, and methods for managing networks of connected electronic devices are described. In one example, network management policy and network management applications are transferred automatically upon detection and identification of a new device, protocol or application on the network. In another example, information related to at least one aspect of the network is obtained by an NMAS, and at least one applicable management policy is identified by the NMAS; and the identified policy is used to manage at least one aspect of the network's operation.

An illicit signal is detected on an in-vehicle communication network of an autonomous vehicle. A severity level corresponding to the illicit signal is identified, among multiple severity levels, based on one or more characteristics associated with the illicit signal. The severity level is indicative of a level of adverse impact on safety related to an autonomous vehicle environment. The adverse impact is to be caused by the autonomous vehicle when the autonomous vehicle is compromised by the illicit signal. A security operation is selected from multiple security operations based on the identified severity level. The security operation is performed to mitigate the adverse impact on safety related to the autonomous vehicle environment.

Example implementations relate to the processing of refresh token requests at an API gateway. The API gateway determines a first time associated with receipt of the refresh token request and a second time associated with the generation of a current access token. The current access token and a refresh token in the refresh token request are provided by the API gateway to the client device for accessing a backend service. The API gateway determines whether a difference between the first time and the second time is within a pre-defined threshold duration. When the difference between the first time and the second time is within the pre-defined threshold, the API gateway denies the refresh token request for generating the new access token and transmits the current access token back to the client device.

A method for securing cloud applications is described. The method may include establishing a connection between a cloud application isolation portal, a cloud access security broker, and a cloud application based on an indication of the cloud application and a set of credentials associated with an end user of the cloud application, and managing, via the cloud application isolation portal and the cloud access security broker, a session between the cloud application and a computing device associated with the end user based on the connection between the cloud application isolation portal with the cloud access security broker and the cloud application.

A packet-filtering device may receive packet-filtering rules configured to cause the packet-filtering device to identify packets corresponding to network-threat indicators. The packet-filtering device may receive packets and, for each packet, may determine that the packet corresponds to criteria specified by a packet-filtering rule. The criteria may correspond to one or more of the network-threat indicators. The packet-filtering device may apply an operator specified by the packet-filtering rule. The operator may be configured to cause the packet-filtering device to either prevent the packet from continuing toward its destination or allow the packet to continue toward its destination. The packet-filtering device may generate a log entry comprising information from the packet-filtering rule that identifies the one or more network-threat indicators and indicating whether the packet-filtering device prevented the packet from continuing toward its destination or allowed the packet to continue toward its destination.

A surgical instrument connectable to a surgical energy module that is configured to provide a first drive signal at a first frequency range for driving a first energy modality and a second drive signal at a second frequency range for driving a second energy modality is provided. The surgical instrument can comprise a surgical instrument component configured to receive power from a direct current (DC) power source, an end effector, and a circuit. The circuit can be configured to convert the first electrical signal to a DC voltage, apply the DC voltage to the surgical instrument component, and deliver the second energy modality to the end effector according to the second drive signal. Alternatively, the circuit can be disposed within a cable assembly configured to connect the surgical instrument to the surgical energy module.