A computing device may include a memory and a processor configured to cooperate with the memory to establish a connection with a client device, with the client device having a first credential to connect the client device to a computing service, and the first credential being provided by a proxy. The processor may further receive a request from the client device via the connection to validate the first credential before use of the first credential by the client device, and validate the first credential with use of a second credential for the computing service obtained independent of the proxy.

A method, including identifying, in network data traffic, multiple scans, each of the scans including an access, in the traffic, of multiple ports on a given destination node by a given source node during a time period. A group of high-traffic ports are identified in the traffic that include one or more ports that receive respective volumes of the traffic that exceed a threshold, and respective signatures are generated for the identified port scans that indicate the ports other than the high-traffic ports that were accessed in each of the port scans. A respective frequency of occurrence of each of the signatures over the set of the port scans is computed, and a whitelist of the signatures for which the respective frequency of occurrence is greater than a threshold is assembled. Upon detecting a port scan for which the respective signature is not whitelisted, a preventive action is initiated.

Hosts in a cluster in a virtualized computing environment bypass a management layer when communicating with an external key management service (KMS). One of the hosts is configured with KMS configuration information (including digital certificate information) that enables the host to directly communicate with the KMS via a secure communication connection, instead of communicating with the KMS via the management layer. This KMS configuration information is replicated in a distributed manner from the host to the other hosts in the cluster, thereby enabling the other hosts in the cluster to also directly and independently communicate with the KMS to obtain encryption keys to perform cryptographic operations.

One or more computing devices, systems, and/or methods for managing security associated with applications are provided. In an example, a central security gateway may determine first security policy information associated with a first application. The central security gateway may establish a first encrypted connection with a first device of the first application. The central security gateway may manage, based upon the first security policy information and using the first encrypted connection, security associated with the first application. The central security gateway may determine second security policy information associated with a second application. The central security gateway may establish a second encrypted connection with a second device of the second application. The central security gateway may manage, based upon the second security policy information and using the second encrypted connection, security associated with the second application.

Embodiments of a device and method are disclosed. In an embodiment, a method for network device authentication involves using Remote Procedure Call (RPC) proxies of network devices of a network at a customer site, accessing identity certificates from Trusted Platform Modules (TPMs) of the network devices, and using the RPC proxies, sequentially establishing Transport Layer Security (TLS) connections between the network devices to perform mutual authentication between the network devices based on the identity certificates.

Methods and systems for scanning an endpoint terminal across an open computer network are disclosed. An exemplary method includes providing a scanner engine in a computer server in communication with an open computer network, and establishing a secure connection across the open computer network between the scanner engine and a scanner agent installed on the endpoint terminal in communication with the open computer network. Commands for collecting data regarding the endpoint terminal are sent from the scanner engine across the secure connection to the scanner agent. The scanner engine then receives the collected data from the scanner agent across the secure connection, analyzes the data to assess a current posture of the endpoint terminal, and determines any updates for the endpoint terminal from the analysis. Updates are sent across the secure connection to the scanner agent for installation on the endpoint terminal, and the secure connection may then be terminated.

A method and system for protecting against quick UDP Internet connection (QUIC) based denial-of-service (DDoS) attacks. The system comprises extracting traffic features from at least traffic directed to a protected entity, wherein the traffic features demonstrate behavior of QUIC user datagram protocol (UDP) traffic directed to the protected entity, wherein the extract traffic features include at least one rate-base feature and at least one rate-invariant feature, and wherein the at least traffic includes QUIC packets; computing at least one baseline for each of the at least one rate-base feature and the at least one rate-invariant feature; and analyzing real-time samples of traffic directed to the protected entity to detect a deviation from each of the at least one computed baseline, wherein the deviation is indicative of a detected QUIC DDoS attack; and causing execution of at least one mitigation action when an indication of the detected QUIC DDoS attack is determined.

A method includes parsing a handshake message of an encrypted data stream according to a secure encrypted transmission protocol corresponding to the encrypted data stream, to obtain a plurality of fields included in the handshake message, determining, from a plurality of rule sets and based on the plurality of fields, a rule set that matches the handshake message, and determining, based on a mapping relationship between the matched rule set and an application, an application corresponding to the encrypted data stream.

A client application establishes a connection between the client application and an origin server over one or more networks. The application generates a request to establish a secure session with the origin server over the connection. The request includes information, in a header of the request, that flags traffic sent during the secure session to a network of the one or more networks as subject to one or more optimizations performed by the network. Subsequent to establishing the secure session, the application encrypts the traffic in accordance with the secure session and sends the traffic to the origin server over the connection, subject to the one or more optimizations. The infrastructure service applies the one or more optimizations to the traffic as it passes through the edge network to the origin server.

A method, in particular a computer-implemented method, for processing data of a technical system. The method includes the following steps: ascertaining first pieces of information which are associated with a data traffic of the system, and ascertaining metadata associated with the data traffic of the system based on the first pieces of information.