System and methods of brokering trust across multiple Authentication and Authorization methods in a multi-domain, multi-operator, private and public cloud networks are identified. A Digital Trust Broker (DTB) is disclosed that brokers trust between infrastructure authentication methods that use digital certificates (PKI) and operator/enterprise Authentication/Authorization methods through interaction with multiple operator/service provider control and management platforms. The Digital Trust Broker interacts with vendor management and security platforms for associating device manufacturing, assembly, supply-chain, and logistics attributes for assuring trust of compute, network, storage and other system components that a high security enterprise or service provider acquires and installs in their networks. Additionally, methods of generating enhanced certificates for secure network slices and other Cloud and SDN hosted virtual network functions as trust assured services are also disclosed.

Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.

A variable-step authentication system and a method for operating for performing variable-step authentication for communications in a controlled environment is disclosed. The variable-step authentication system may include a communication device and a server. The variable-step method includes steps for determining an authentication process that involves a number of authentication steps. The number of authentication steps is variable and dependent on a trust level associated with each participant in the communication.

Convenient sharing of information among authorized network users may be facilitated by allowing a user to send information originating from multiple applications in aggregate form to another user, e.g., using a secure messaging service. In scenarios where data access is restricted, a server may check the recipient's access privileges prior to forwarding the information to her.

A device may receive client cipher information, associated with initiating a secure session, identifying at least one key exchange cipher supported by a client device associated with the secure session. The device may determine, based on the client cipher information, that a Diffie-Hellman key exchange is to be used to establish the secure session. The device may determine whether a server device, associated with the secure session, supports use of the Diffie-Hellman key exchange. The device may manage establishment of the secure session using a first decryption technique based on determining that the server device does not support the use of the Diffie-Hellman key exchange, or manage establishment of the secure session using a second decryption technique based on determining that the server device supports the use of the Diffie-Hellman key exchange or being unable to determine whether the server device supports the use of the Diffie-Hellman key exchange.

The present invention relates to methods and apparatus for dynamically detecting and/or mitigating threats in communications systems. Exemplary methods and apparatus of the present invention allow for a combination of automated and operator controlled responses to threats. While an operator is provided an opportunity to provide input on how to respond to a threat, after one or more threats of a given type are identified, the system will automatically take corrective action without waiting for operator input and/or in the absence of operator input following notification of a threat.

A non-transitory computer readable medium comprising instructions stored thereon, the instructions effective to cause at least one processor to: establish trustworthiness of an application installed on a endpoint, the established trustworthiness is sufficient for an enterprise security infrastructure to treat the application installed on the endpoint and the endpoint as a trusted application and a trusted endpoint; negotiate with the trusted endpoint to determine a traffic inspection method for traffic flows originating at the trusted application that is destined for a service, the traffic inspection method is determined based on at least the trusted application, and the service; and instruct the trusted application of the determined traffic inspection method.

Techniques for group-based classification and policy enforcement at a network fabric edge for traffic that is being sent to external network destinations are disclosed herein. The techniques may include receiving, at a control plane of a network and from an edge node of the network, a request to provide mapping data associated with sending a packet to a destination. Based at least in part on an address prefix value associated with the destination, the control plane may determine that the destination is located in an external network. Additionally, a group identifier that is associated with the destination may be determined. In this way, an indication of the group identifier may be sent to the edge node such that the edge node may determine, based at least in part on the group identifier, a policy decision for routing the packet to the external network.

An account protection service to prevent user login or other protected endpoint request abuse. In one embodiment, the service collects user recognition data, preferably for each login attempt (e.g. data about the connection, session, and other relevant context), and it constructs a true user profile for each such user over time, preferably using the recognition data from successful logins. The profile evolves as additional recognition data is collected from successful logins. The profile is a model of what the user “looks like” to the system. For a subsequent login attempt, the system then calculates a true user score. This score represents how well the current user recognition data matches the model represented by the true user profile. The user recognition service is used to drive policy decisions and enforcement capabilities. Preferably, user recognition works in association with bot detection in a combined solution.

Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.