Systems, computer-implemented methods, and computer program products that can facilitate sensitive data policy recommendation are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise an extraction component that can employ an artificial intelligence model to extract compliance data from a data source. The computer executable components can further comprise a recommendation component that can recommend a sensitive data policy based on the compliance data. In some embodiments, the recommendation component can further identify one or more sensitive data entities of a sensitive data dataset that are affected by actionable obligation data of the data source.

A policy engine validates one or more security tokens in an authenticated request using a sequence of partial policy validations. Multiple policies may be applied to the security token using the work product generated from each failed policy. The policy that succeeds in validating the security token has a portion of its work performed through previously-failed policies that did not complete successfully. In this manner, the validation of a policy is performed faster and more efficiently since the previous processing is not repeated whenever a new policy is applied.

Simplified and/or user friendly interfaces can be employed to facilitate administration of a routing platform that couples devices of a local area network (LAN) to an external communication network (e.g., the Internet). In one aspect, the routing platform comprises a firewall that can be employed to perform access control and/or an Internet of Things (IoT) hub that can be employed to control operations of IoT devices of the LAN, for example, based on domain information, user-defined tags and peer-defined criteria to make correlations that are leveraged to implement access control policies. A search and command interface is employable to issue textual (e.g., natural language) commands to configure access control policies, tags for devices and/or websites, and/or search for data.

Techniques for security management in communication systems are provided. For example, a method comprises maintaining a list of networks that support access for a set of restricted local operator services, checking whether a set of conditions for triggering access to the set of restricted local operator services is satisfied, receiving a request for access to the set of restricted local operator services, and initiating, upon satisfaction of the set of conditions, a search of the list of networks to find a network for access to the set of restricted local operator services.

Techniques for providing dynamic resource implementation prioritization for a network are provided. In one embodiment, a method includes determining a user of a selected device and assigning a user value based on the user's identity. The method includes determining related devices on the network by evaluating user behavior information to identify devices in the network that are in communication with the selected device. The method includes calculating a composite device value based on a value of the selected device, the user value, and values of the related devices. The method includes determining a probability factor for potential security vulnerabilities affecting the selected device and calculating a risk score based on the composite device value and the probability factor. Security measures may be implemented based on a comparison of the calculated risk score for the selected device with a plurality of risk scores for other devices in the network.

A user, using a user-computing device connected to a computer network, is authenticated to access a computing resource managed by a system on the computer network. The user computing device presents a user interface to prompt the user to input a value for each of a set of user-defined credentials that the user has previously defined for a SAIF server to authenticate the user to access the computer resource, thereby forming a set of input values. Modified values, each generated from and representing a corresponding one of the input values, are transmitted and validated by comparing them with corresponding modified forms of user-defined credential values stored in a memory, thereby determining whether the user is authenticated to access the computing resource on the system.

A network device may receive, from an application on a user device, a first network packet associated with a packet flow. The network device may identify an application identifier of the first network packet, wherein the application identifier identifies the application on the user device. The network device may select, based on the application identifier, a security protocol, wherein the security protocol is associated with at least one of an authentication header (AH) or an encryption algorithm. The network device may selectively apply, to a second network packet associated with the packet flow, at least one of the AH or the encryption algorithm, associated with the security protocol, to generate a protected network packet. The network device may transmit the protected network packet.

A method for securing a serverless application including: (a) receiving a list of components which make up the serverless application and one or more intended usage flows of the serverless application; (b) creating and applying a security policy for each component of the serverless application, the security policy denying all access requests except from authorized components, wherein the authorized components are selected based on access requirements dictated by the one or more intended usage flows.

A cloud-based security solution that provides a robust and secure framework for managing and enforcing security policies related to various resources managed in the cloud is disclosed. The cloud-based security solution is implemented by a security zone policy enforcement system in a cloud service provider infrastructure. The system receives a request to perform an operation on a resource and determines a compartment associated with the resource. The system determines that the compartment is associated with a security zone and determines a set of one or more security zone policies applicable to the resource. The system then determines that the operation on the resource is permitted based on the set of one or more security zone policies and responsive to determining that the operation on the resource is permitted, allows the operation to be performed on the resource.

An electronic device is described. This electronic device may include a radio that supports multiple coexisting networks having different handshaking and a common PAN communication protocol. During operation, a single radio in the electronic device may provide different beacons for the coexisting networks. Then, the radio may receive a response associated with another electronic device, where the response may specify a first coexisting network in the coexisting networks. Next, the radio may establish a connection with the other electronic device, where establishing the connection involves performing handshaking associated with the first coexisting network. Note that the common PAN communication protocol may include: Bluetooth, BLE, Zigbee, or Z-Wave.