Disclosed is an effective domain name defense solution in which a domain name string may be provided to or obtained by a computer embodying a visual domain analyzer. The domain name string may be rendered or otherwise converted to an image. An optical character recognition function may be applied to the image to read out a text string which can then be compared with a protected domain name to determine whether the text string generated by the optical character recognition function from the image converted from the domain name string is similar to or matches the protected domain name. This visual domain analysis can be dynamically applied in an online process or proactively applied in an offline process to hundreds of millions of domain names.

The disclosure herein describes managing multiple clusters within a container environment using a control cluster. The control cluster includes a single deployment model that manages deployment of cluster components to a plurality of clusters at the cluster level. Changes or updates made to one cluster are automatically propagated to other clusters in the same environment, reducing system update time across clusters. The control cluster aggregates and/or stores monitoring data for the plurality of clusters creating a centralized data store for metrics data, log data and other systems data. The monitoring data and/or alerts are displayed on a unified dashboard via a user interface. The unified dashboard creates a single representation of clusters and monitor data in a single location providing system health data and unified alerts notifying a user as to issues detected across multiple clusters.

A method of automatically creating trust communities in a fleet of devices. The method includes finding candidate devices in a fleet of devices via one or more candidate discovery techniques and generating device-related data based on the candidate devices that are found, analyzing the device-related data via an analytics engine and creating one or more fleet orchestrator device lists based on the analysis of the device-related data, and automatically creating one or more new trust communities or suggesting joining one or more previously existing trust communities based at least on the one or more fleet orchestrator device lists for the candidate devices, wherein the one or more new trust communities or previously existing trust communities include at least a sub-set of the devices in the fleet, and wherein at least one of the managed devices in the sub-set of devices is configured as a root device to publish files via a file sharing function.

Disclosed herein are systems and methods for multi-level classification of data traffic flows based on information in a first packet for a data traffic flow. In exemplary embodiments of the present disclosure, a key can be generated from intercepted DNS data to track data traffic flows by application names and destination IP addresses. Based on these keys, patterns can be discerned to infer data traffic information based on only the information in a first packet, such as destination IP address. The determined patterns can be used to predict classifications of future traffic flows with similar key information. In this way, data traffic flows can be classified and steered in a network based on limited information available in a first packet.

Method for resolving name identifiers. Existing naming identifier resolution solutions give priority to one aspect, performance of a service or protection of privacy, over the other without it being possible to deviate therefrom. This lack of flexibility is detrimental to the user's quality of experience. This also impacts resource management for various communication equipment involved in the resolution of naming identifiers. The proposed solution makes it possible to give priority to performance or respecting privacy on a case-by-case basis. On the basis of an authorization to share a location of the equipment, the resolver gives priority to transmitting either a network address of a server associated with the naming identifier to be resolved requiring location information of the equipment, giving priority to performance, or a network address of a server associated with the naming identifier to be resolved not requiring location information of the equipment, giving priority to respecting privacy.

Method for resolving name identifiers. Existing naming identifier resolution solutions give priority to one aspect, performance of a service or protection of privacy, over the other without it being possible to deviate therefrom. This lack of flexibility is detrimental to the user's quality of experience. This also impacts resource management for various communication equipment involved in the resolution of naming identifiers. The proposed solution makes it possible to give priority to performance or respecting privacy on a case-by-case basis. On the basis of an authorization to share a location of the equipment, the resolver gives priority to transmitting either a network address of a server associated with the naming identifier to be resolved requiring location information of the equipment, giving priority to performance, or a network address of a server associated with the naming identifier to be resolved not requiring location information of the equipment, giving priority to respecting privacy.

Method and apparatus are described for enabling the lookup of metadata on the Internet, from a centralized system. The present invention offers a Link Metadata System (“LMS”), available on the Internet, of information associated with any given, specific Internet domain and URL or URI path combination (the “link”). Software browsing user agents are configured with the ability to request information from the LMS and perform actions based on the received information which can include navigation. The invention provides for receiving a request for information at a lookup server, looking up information, using the URI, in a lookup server, and sending a response with a payload of the requested information.

Method and apparatus are described for enabling the lookup of metadata on the Internet, from a centralized system. The present invention offers a Link Metadata System (“LMS”), available on the Internet, of information associated with any given, specific Internet domain and URL or URI path combination (the “link”). Software browsing user agents are configured with the ability to request information from the LMS and perform actions based on the received information which can include navigation. The invention provides for receiving a request for information at a lookup server, looking up information, using the URI, in a lookup server, and sending a response with a payload of the requested information.

A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.