Methods, systems and computer readable media are disclosed for providing scalable and secured connectivity per Internet Protocol Security (IPSEC) tunnel. In one embodiment a method includes spreading Encapsulating Security Payload (ESP) encryption for a same IPSEC tunnel across multiple backend application servers; and processing application flows using decrypted packets by embedding the Application Server instance-id in ESP and application packets for correlation with application packet flows.

Disclosed are various approaches for detecting user availability. A work pattern can be generated based upon user activity data taken from various sources. A work pattern can be provided to an email client or another requesting service for predicted availability of a user.

A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

A software-defined wide area network (SD-WAN) environment that leverages network virtualization management deployment is provided. Edge security services managed by the network virtualization management deployment are made available in the SD-WAN environment. Cloud gateways forward SD-WAN traffic to managed service nodes to apply security services. Network traffic is encapsulated with corresponding metadata to ensure that services can be performed according to the desired policy. Point-to-point tunnels are established between cloud gateways and the managed service nodes to transport the metadata to the managed service nodes using an overlay logical network. Virtual network identifiers (VNIs) in the metadata are used by the managed service nodes to identify tenants/policies. A managed service node receiving a packet uses provider service routers (T0-SR) and tenant service routers (T1-SRs) based on the VNI to apply the prescribed services for the tenant, and the resulting traffic is returned to the cloud gateway that originated the traffic.

Systems and techniques to upgrade network objects using security islands are described herein. Security islands of node groupings are created based on trust relationships between nodes in an edge network. An upgrade request may be received to upgrade a target edge node in the edge network. Building blocks may be identified for a package installed on the target edge node to be upgraded. A state backup may be stored for the building blocks. An upgrade command and an upgrade payload may be transmitted to the target edge node. The target edge node may be queried to obtain a status of the target edge node. An upgrade action may be determined based on the status and the upgrade action may be executed.

One or more computing devices, systems, and/or methods for managing security associated with applications are provided. In an example, a central security gateway may determine first security policy information associated with a first application. The central security gateway may establish a first encrypted connection with a first device of the first application. The central security gateway may manage, based upon the first security policy information and using the first encrypted connection, security associated with the first application. The central security gateway may determine second security policy information associated with a second application. The central security gateway may establish a second encrypted connection with a second device of the second application. The central security gateway may manage, based upon the second security policy information and using the second encrypted connection, security associated with the second application.

Methods and systems are described for a distributed auto discovery service for device enrollment. In an example, a user device enrolling in a Unified Endpoint Management (“UEM”) system can receive an email address. The enrolling user device can identify, on a local network that the enrolling user device is connected to, other user devices that are already enrolled with the UEM system. The unenrolled user device can send a discovery request to the enrolled user devices that includes the domain of the email address. One or more of the enrolled user devices can respond with a tenant identifier associated with the domain and a Uniform Resource Locator for a server that the unenrolled user device can contact to complete enrollment. The unenrolled user device can contact the server and complete enrollment using the email address and tenant identifier.

Disclosed is a cyber-security system that is configured to aggregate and unify data from multiple components and platforms on a network. The system allows security administrators can to design and implement a workflow of device-actions taken by security individuals in response to a security incident. Based on the nature of a particular threat, the cyber-security system may initiate an action plan that is tailored to the security operations center and their operating procedures to protect potentially impacted components and network resources.

Systems and methods for managing network traffic receives, at a grade of service device, network traffic information for a plurality of network traffic channels from a network device separate from the grade of service device. The network traffic information is compared to a threshold to determine a behavior value for each network traffic channel. Each network traffic channel is mapped to a grade of service according to the behavior value.

Embodiments of the present invention provide a system for facilitating a secure way to allow primary users and secondary users to perform interactions remotely via an automated machine, such as an automated teller machine (ATM). In particular, the system may assign exclusive control over an automated device to a primary user via a computing device connected to the same local network or virtual private network as the automated machine, and may allow the primary user to communicate via the automated machine with a secondary user who wishes to complete one or more resource interactions. In some embodiments, the system may invoke one or more auxiliary devices on the same network to complete the interaction.