The present invention discloses methods and systems for sending and receiving IP packets between network nodes through a tunnel. The tunnel is created according to a session. When the IP packet is a first of the IP packets in sequence of a session, establish a tunnel and send the IP packet through the tunnel of the session. When the IP packet is not the first of the IP packets in sequence of a session, sending the IP packet through the tunnel of the session.

Systems and methods for a security network integrating security system and network devices are disclosed. A system may comprise a gateway and first and second security panels, each located at a premises. The first and second security panels may be connected, via respective first and second wireless communication protocols, to respective first and second security system components. The first and second security panels may receive respective first and second security data from the respective first and second security system components. The gateway may be configured to receive, via the first and second wireless communication protocols, the respective first and second security data. The gateway may be configured to transmit at least one of the first security data and the second security data to a security server located external to the premises.

An apparatus, system, and method are directed towards enabling auditing of network vulnerabilities from multiple network vantage points virtually simultaneously. Multiple network vantage points may include, but are not limited to, remote/branch enterprise sites, devices on an enterprise perimeter, on either side of a security perimeter, and even through the security perimeter. In one embodiment, an auditor performs reflected audits thereby extending auditing of network vulnerabilities to provide a comprehensive 360 degree audit of internal, external, and remote enterprise network sites. In one embodiment, the present invention may be implemented employing a single auditing device, and one or more audit extension devices that are configured to extend the auditing device's audit reach. The auditing device and one or more audit extension devices may communicate using an encrypted network channel through a security perimeter and/or across multiple networks.

A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The client device accesses an acceleration server to receive a list of available tunnel devices. The requested content is partitioned into slices, and the client device sends a request for the slices to the available tunnel devices. The tunnel devices in turn fetch the slices from the data server, and send the slices to the client device, where the content is reconstructed from the received slices. A client device may also serve as a tunnel device, serving as an intermediate device to other client devices. Similarly, a tunnel device may also serve as a client device for fetching content from a data server. The selection of tunnel devices to be used by a client device may be in the acceleration server, in the client device, or in both. The partition into slices may be overlapping or non-overlapping, and the same slice (or the whole content) may be fetched via multiple tunnel devices.

Disclosed are hybrid authentication systems and methods that enable users to seamlessly sign-on between cloud-based services and on-premises systems. A cloud-based authentication service receives login credentials from a user and delegates authentication to an on-premises authentication service proxy. The login credentials can be passed by the cloud-based authentication service to the on-premises authentication service proxy, for instance, as an access token in an authentication header. The access token can be a JavaScript Object Notation (JSON) Web Token (JWT) token that is digitally signed using JSON Web Signature. Some embodiments utilize a tunnel connection through which the cloud-based authentication service communicates with the on-premises authentication service proxy. Some embodiments leverage an on-premises identity management system for user management and authentication. In this way, there is no need for a cloud-based system to separately maintain and manage a user identity management system and/or having to sync with an on-premises identity management system.

Methods, systems and computer products provide access to historical data over a real-time tunnel in an architecture including an operational technology (OT) network, a de-militarized zone (DMZ) and an information technology (IT) network. The OT network interleaves real-time data and historical data over a first tunnel connection, a first firewall and a second firewall in conjunction with a DMZ and an IT network by (a) performing pull replication of the historical data, (b) daisy chaining the historical data, or (c) a combination of (a) and (b).

In one embodiment, a server instructs one or more networking devices in a local area network (LAN) to form a virtual network overlay in the LAN that redirects traffic associated with a particular node in the LAN to the server. The server receives the redirected traffic associated with the particular node. The server trains a machine learning-based behavioral model for the particular node based on the redirected traffic. The server controls whether a particular redirected traffic flow associated with the node in the LAN is sent to a destination of the traffic flow using the trained behavioral model.

A gateway performs silent authentication refreshes with an identity management platform in order to extend the expiration of a cookie provided to an endpoint that accesses network applications through the gateway.

A system and methods comprise a gateway that includes a processor coupled to a security system at a premises. A touchscreen at the premises is coupled to the gateway and presents user interfaces. The user interfaces include a security interface that provides control of functions of the security system and access to data collected by the security system, and a network interface that provides access to network devices. A camera is located at the premises and coupled to the gateway via a plurality of interfaces. A security server at a remote location is coupled to the gateway. The security server comprises a client interface through which remote client devices exchange data with the gateway and the security system

The disclosure relates to a method for configuring a control device of an automation system, comprising: detecting a local access token via an interface of the control device; and modifying at least one parameter of the control device, which is designed to configure a data connection of the control device in response to the detection of the local access token.