A method for providing call intelligence to a signaling firewall in a communications network includes collecting, by a network security service component, call session data from incoming and outgoing calls involving a mobile device and providing, by the network security service component, the call session data to a signaling firewall via an application programming interface (API). The method further includes receiving, by the signaling firewall, an update location request message associated with the mobile device, extracting signaling message information that includes current location data and timestamp data from the received update location request message, and utilizing the current location data and the timestamp data to identify a correlated portion of the call session data. The method further includes providing the signaling message information and the correlated portion of the call session data to a security analytics engine platform for a location validation assessment and allowing or rejecting, by the signaling firewall, the update location request message based on location validation assessment data received from the security analytics engine platform.

Examples described herein relate to techniques for authenticating a client device by obtaining device-type information during an initial phase of authentication process. According to some examples, identifying a client device intending to connect to a network and sending an identity-request thereto. Receiving an identity-response from the client device along with device-type information. Identifying a device category from a set of device categories corresponding to identified device-type information. Selecting a device policy applicable to the identified device-type information. Authenticating the client device to enable access to the network and applying the selected device policy to the client device.

Examples described herein relate to techniques for authenticating a client device by obtaining device-type information during an initial phase of authentication process. According to some examples, identifying a client device intending to connect to a network and sending an identity-request thereto. Receiving an identity-response from the client device along with device-type information. Identifying a device category from a set of device categories corresponding to identified device-type information. Selecting a device policy applicable to the identified device-type information. Authenticating the client device to enable access to the network and applying the selected device policy to the client device.

A flexible security system has been created that allows for fluid security operations that adapt to the dynamic nature of user behavior while also allowing the security related operations themselves to be dynamic. This flexible system includes ongoing collection and/or updating of multi-perspective “security contexts” per actor and facilitating consumption of these multi-perspective security contexts for security related operations on the users. These security related operations can include policy-based security enforcement and inspection. A security platform component or security entity uses a multi-perspective security context for a user or actor. Aggregating and maintaining behavioral information into a data structure for an actor over time from different sources allows a security platform component or entity to have historical context for an actor from one or more security perspectives. Descriptors that form a security context can originate from various sources having visibility of user behavior and/or user attributes.

Embodiments are directed to host discovery for firewall coordination. An embodiment of a storage medium includes instructions for discovering a network topology for a network branch, the network branch including multiple access points including a first access point, the first access point having an interface to a network, the discovery of the network topology including identifying any access point that is linked to the first access point directly or via one or more intermediary access points; discovering one or more host devices that are connected by wireless or wired connections to one or more access points in the network branch; and generating a firewall coordination plan for the network branch based on the discovered network topology and the discovered one or more hosts, the firewall coordination plan including applying a firewall process for an access point to which a first host device is attached and bypassing one or more other firewall processes.

Embodiments are directed to host discovery for firewall coordination. An embodiment of a storage medium includes instructions for discovering a network topology for a network branch, the network branch including multiple access points including a first access point, the first access point having an interface to a network, the discovery of the network topology including identifying any access point that is linked to the first access point directly or via one or more intermediary access points; discovering one or more host devices that are connected by wireless or wired connections to one or more access points in the network branch; and generating a firewall coordination plan for the network branch based on the discovered network topology and the discovered one or more hosts, the firewall coordination plan including applying a firewall process for an access point to which a first host device is attached and bypassing one or more other firewall processes.

Network traffic is received from an unrecognized guest device on a computer network. A user profile server is queried to determine a user identifier that is associated with the device identifier of the unrecognized guest device. A login database is queried to find an unexpired login record of an authorized guest device associated with the user identifier. The unexpired login record grants the authorized guest device access to the network service with a service entitlement for an allowed access duration, and a stored device identifier in the unexpired login record of the authorized guest device is different from the device identifier of the unrecognized guest device. The service entitlement of the network service specified in the unexpired login record is shared between the authorized guest device and the unrecognized guest device for a remaining portion of the allowed access duration of the unexpired login record of the authorized guest device.

Network traffic is received from an unrecognized guest device on a computer network. A user profile server is queried to determine a user identifier that is associated with the device identifier of the unrecognized guest device. A login database is queried to find an unexpired login record of an authorized guest device associated with the user identifier. The unexpired login record grants the authorized guest device access to the network service with a service entitlement for an allowed access duration, and a stored device identifier in the unexpired login record of the authorized guest device is different from the device identifier of the unrecognized guest device. The service entitlement of the network service specified in the unexpired login record is shared between the authorized guest device and the unrecognized guest device for a remaining portion of the allowed access duration of the unexpired login record of the authorized guest device.

In some embodiments, a network regulator device protects a local network of client systems (e.g. Internet-of-things devices such as smartphones, home appliances, wearables, etc.) against computer security threats. When introduced to the local network, some embodiments of network regulator take over some network services from a router, and automatically install the network regulator as gateway to the local network. The network regulator then carries out an automatic device discovery procedure and distribute device-specific utility agents to the protected client systems. An exemplary utility agent detects when its host device has left the local network, and in response, sets up a virtual private network (VPN) tunnel with a security server to maintain protection of the respective device.

In some embodiments, a network regulator device protects a local network of client systems (e.g. Internet-of-things devices such as smartphones, home appliances, wearables, etc.) against computer security threats. When introduced to the local network, some embodiments of network regulator take over some network services from a router, and automatically install the network regulator as gateway to the local network. The network regulator then carries out an automatic device discovery procedure and distribute device-specific utility agents to the protected client systems. An exemplary utility agent detects when its host device has left the local network, and in response, sets up a virtual private network (VPN) tunnel with a security server to maintain protection of the respective device.