In some embodiments, a network regulator device protects a local network of client systems (e.g. Internet-of-things devices such as smartphones, home appliances, wearables, etc.) against computer security threats. When introduced to the local network, some embodiments of network regulator take over some network services from a router, and automatically install the network regulator as gateway to the local network. The network regulator then carries out an automatic device discovery procedure and distribute device-specific utility agents to the protected client systems. An exemplary utility agent detects when its host device has left the local network, and in response, sets up a virtual private network (VPN) tunnel with a security server to maintain protection of the respective device.

Systems and methods are described for the generation of domain names that may be associated with a particular user device and may be encrypted to obfuscate the domain names of content requested by the user device.

A method for automated web resource deployment is provided. The method comprises creating web resource publication requests, wherein each web resource publication request comprises a number of configuration changes necessary to publish a web resource, on a network, at a particular uniform resource location. A standard format, validation workflow, and an approval workflow are provided for automation of the web resource publication requests. Once validated and approved, web resource publication requests are automatically converted to API calls which are executed on backend servers to implement the configuration changes required in the environment without further human intervention.

Some embodiments provide a novel method for dynamically adjusting sampling rates of a middlebox service. In some embodiments, the method is performed by the controller. The method configures the forwarding element to collect samples from packets processed by the forwarding element at a first sampling rate. The method analyzes the samples in order to collect information regarding the packets processed by the forwarding element. Based on the analysis, the method detects a new traffic pattern in the packets processed by the forwarding element. The method then configures the forwarding element to collect samples from packets processed by the forwarding element at a second sampling rate different than the first sampling rate.

Systems and methods include receiving a copy of a template file of security rules where the template file includes a plurality of rule tags and one or more dependency tags that define relationships and dependencies between any rules associated with the plurality of rule tags; scanning the template file including, for each respective rule tag of the plurality of rule tags checking if an enabled flag is set for the respective rule tag, when the enable flag is set, looking up a respective rule in a rule database and replacing the respective rule tag with the respective rule, and when the enable flag is not set, removing the respective rule tag from the template file; and providing an output file including a plurality of rules having the relationships and dependencies, where the output file is used for security scanning.

Aspects of the disclosure relate to deploying and utilizing a dynamic data stenciling system with a smart linking engine. A computing platform may receive source data from one or more data source systems. Subsequently, the computing platform may identify a target application hosted by an enterprise application host platform as being an intended recipient of a portion of the source data. Then, the computing platform may select a dynamic data stencil from a plurality of available data stencils. Thereafter, the computing platform may overlay the portion of the source data onto the target application using the dynamic data stencil. In addition, by overlaying the portion of the source data onto the target application using the dynamic data stencil, the computing platform may cause the target application to execute one or more data processing functions using the portion of the source data received from the one or more data source systems.

This disclosure describes an integrated management method to manage a service mesh data plane over a network fabric. The method includes determining at least one service mesh data plane policy for a microservice of a service mesh. The method further includes sending, over the network fabric, the at least one service mesh data plane policy to a virtual router associated with the microservice based at least in part on connectivity information maintained by a network fabric control plane manager of a configuration manager.

A system having an off-premises proxy server residing in a cloud computing environment and backend servers residing in an enterprise computing environment are provided. Requests received by the off-premises proxy server for access to a first, non-publicly accessible backend server are routed to a tunnel server which stores the request and waits to be polled by a tunnel agent connected to the first backend server. When the tunnel server is polled, the request is forwarded through an HTTP tunnel to the tunnel agent, which forwards it to the backend server for processing. Responsive information is returned to the tunnel agent, which forwards it through the HTTP tunnel to the tunnel server and returned through the off-premises proxy server to the remote application. Requests for access to a first, publicly accessible backend server are routed by the off-premises proxy server directly to the backend server for processing and return of responsive information.

A technique is provided that enables native authentication to cloud services by employing identity management of on-premise applications from the cloud. More specifically, a Web-service interface built on an innovative orchestration of platform-independent container technology is created. An identity management application is made available inside a container and which therefore can execute in any cloud-service provider. Specifically, this application can communicate back into a business' on-premise applications, using the Representation State Transfer (REST) application programming interface architecture. The container is published to the cloud for users to download. Thus, for example, by way of this technique, a user can log onto any cloud application with using the same logon information the user uses on-premise.

Various techniques for split tunneling based on content type to exclude certain network traffic from a tunnel (e.g., VPN tunnel) are disclosed. In some embodiments, a system, process, and/or computer program product for split tunneling based on content type to exclude certain network traffic from a tunnel includes monitoring session traffic received at a data appliance; determining if the session traffic is associated with a first content type; and redirecting the session traffic if the session traffic is associated with the first content type based on a policy.