Policy enforcement previously available for web proxy access methods is extended and applied to layer 3 packets flowing through VPN channels. With these extensions, a common security policy is possible that is enforceable between VPN proxied access and VPN tunneled access. Equivalent security policy to tunnel based VPN access without comprising the inherent performance, scalability and application compatibility advantages tunnel based VPNs have over their proxy based VPN counterparts.

A device may receive client cipher information, associated with initiating a secure session, identifying at least one key exchange cipher supported by a client device associated with the secure session. The device may determine, based on the client cipher information, that a Diffie-Hellman key exchange is to be used to establish the secure session. The device may determine whether a server device, associated with the secure session, supports use of the Diffie-Hellman key exchange. The device may manage establishment of the secure session using a first decryption technique based on determining that the server device does not support the use of the Diffie-Hellman key exchange, or manage establishment of the secure session using a second decryption technique based on determining that the server device supports the use of the Diffie-Hellman key exchange or being unable to determine whether the server device supports the use of the Diffie-Hellman key exchange.

In one embodiment, a device in a network observes traffic between a client and a server for an encrypted session. The device makes a determination that a server certificate should be obtained from the server. The device, based on the determination, sends a handshake probe to the server. The device extracts server certificate information from a handshake response from the server that the server sent in response to the handshake probe. The device uses the extracted server certificate information to analyze the traffic between the client and the server.

A method for characterizing network traffic is provided. The method includes maintaining a database identifying a plurality of digital certificates and a number of Internet Protocol addresses associated with each of the plurality of digital certificates, capturing network traffic over a network connection at a network connected device, analyzing the network traffic by determining the digital certificates associated with Internet Protocol addresses associated with the network traffic and a number of Internet Protocol addresses associated with each of the digital certificates and updating the database, and characterizing at least one of the Internet Protocol addresses associated with one of the digital certificates based on the number of Internet Protocol addresses associated with the one of the digital certificates.

A non-transitory computer readable medium comprising instructions stored thereon, the instructions effective to cause at least one processor to: establish trustworthiness of an application installed on a endpoint, the established trustworthiness is sufficient for an enterprise security infrastructure to treat the application installed on the endpoint and the endpoint as a trusted application and a trusted endpoint; negotiate with the trusted endpoint to determine a traffic inspection method for traffic flows originating at the trusted application that is destined for a service, the traffic inspection method is determined based on at least the trusted application, and the service; and instruct the trusted application of the determined traffic inspection method.

A method for storing session state data of a session between a system having a plurality of nodes and a client device includes delivering a service to the client device during a session identified or otherwise specified by a session identifier. The service is delivered by a first of the plurality of nodes in the system. During the session, at least a second node in the system is selected on which session state data associated with the session is to be saved. The second node is selected based on the session identifier such that another node in the system is able to locate the session state data when stored on the second node from the session identifier without contacting a centralized mechanism that specifies where session state data is stored. The session state data is saved to the second node that is selected.

One example method of operation may include transmitting a data stream from a first device to a second device via one or more channels, determining the data stream experienced a potential network communication error, and retransmitting at least a portion of the data stream over a mirrored channel transmission comprising at least two streams which both retransmit in parallel at least a same portion of the retransmitted portion of the data stream.

Systems and methods are described for increasing web browser security on a user device managed by a device management system. In an example, the user device can use an unmanaged web browser to access secure enterprise content using a browser extension provided by the enterprise. When a user attempts to access secure content from an unmanaged browser, the device management system can communicate with the extension and a management application on the user device to authenticate the user and verify that the user device complies with certain policies. In one example, the device management system can include an extension recommendation engine that analyzes user browsing data and recommends browser extensions for the user. Based on policies, the device management system can recommend the extension to the user or force installation of the extension on the user device.

The present disclosure is related to devices, systems, and methods for TLS server certificate replacement using a notification mechanism. An example method can include establishing a first secure TLS connection between a client and a server verified by a first TLS certificate, creating a subscription for the client to receive a notification associated with a TLS certificate change, loading a second certificate to replace the first certificate, providing a notification to the client, wherein the notification includes the second certificate and a web token scoped to the client, and establishing a second secure TLS connection verified by the second TLS certificate responsive to the client verifying the web token.

Disclosed is a computer-implemented method for establishing a secure connection between two electronic computing devices which are located in a network environment, the two electronic computing devices being a first computing device offering the connection and a second computing device designated to accept the connection, the method comprising executing, by at least one processor of at least one computer, a connection-establishing application for exchanging an information packet between the first computing device and the second computing device comprising a secret usable for establishing the connection, and evaluating a response from the second computing device for establishing the secure connection.