Embodiments of the present disclosure relate to a method, apparatus, and computer readable medium for providing a security service for a data center. According to the method, a packet terminating at or originating from the data center is received. At least one label is determined for the packet, each label indicating a security requirement for the packet. Based on the at least one label, a security service chain is selected for the packet, the security service chain including an ordered set of security functions deployed in the data center and to be applied to the packet. The packet is transmitted to the selected security service chain in association with the at least one label, the packet being processed by the ordered set of security functions in the security service chain.

In general, this disclosure describes a multi-zone secure AI exchange. The multi-zone secure AI exchange may be implemented in a multi-cloud, multi-data center environment, where each zone may be in a different cloud or data center. The multi-zone secure AI exchange may include a data repository, a data exchange, and shared services. The data repository may be configured to store algorithms and datasets, each having a respective owning user. The data exchange may receive datasets and algorithms from the data repository, and may perform the algorithms to produce output data. Each of the data repository, data exchange, and shared services may have a different level of security. The data repository may implement the highest level of security, allowing the owner user, and only the owning user, to control how their data and algorithms move in and out of the data repository, or are changed while in the data repository.

The subject matter described herein provides technical solutions for technical problems facing computing network security. Technical solutions described herein include adaptive sniffing of networking traffic, such as using a brokered network traffic sniffing framework. A brokered sniffing framework may be used to provide dynamic adjustment of network access points and network traffic sampling queries, such as by providing dynamic adjustment in response to changes to the network topology or network traffic. The brokered sniffing framework may provide improved statistical sampling of network traffic using improved network traffic telemetry, such as by modifying a statistical profile of network traffic contents that are collected. The network traffic telemetry may be used to identify various changes in network traffic, such as by identifying statistically significant changes in latencies, bandwidths, or other data center performance metrics.

An Information Handling System (IHS) includes multiple hardware devices, and a baseboard Management Controller (BMC) in communication with the plurality of hardware devices. The BMC includes executable instructions for monitoring the operating characteristics a hardware device that is operating in a fixed pass-through configuration with a workspace in which the workspace has been instantiated by a workspace orchestration service executed on the IHS. The executable instructions may determine that the operating characteristics are indicative of a security breach of the fixed pass-through configuration, and as such, may perform an operation to quarantine the one hardware device when the fixed pass-through configuration is determined to possess the security breach.

Methods, systems and computer products provide access to historical data over a real-time tunnel in an architecture including an operational technology (OT) network, a de-militarized zone (DMZ) and an information technology (IT) network. The OT network interleaves real-time data and historical data over a first tunnel connection, a first firewall and a second firewall in conjunction with a DMZ and an IT network by (a) performing pull replication of the historical data, (b) daisy chaining the historical data, or (c) a combination of (a) and (b).

Systems and methods for improving the catch rate of attacks/malware by a cooperating group of network security devices are provided. According to one embodiment, a security management device configured in a protected network, maintains multiple dynamic IP address lists including an NGFW deep detection list, a DDoS deep detection list, a NGFW block list and a DDoS block list. The security management device, continuously updates the lists based on updates provided by a cooperating group of network security devices based on network traffic observed by the network security devices. In response to receipt of a request from a NGFW device or a DDoS mitigation device associated with the protected network, the security management device provides the requestor with the requested dynamic IP address lists for use in connection with processing network traffic by the requestor.

Systems and techniques are described for monitoring network communications using a distributed firewall. One of the techniques includes receiving, at a driver executing in a guest operating system of a virtual machine, a request to open a network connection from a process associated with a user, wherein the driver performs operations comprising: obtaining identity information for the user; providing the identity information and data identifying the network connection to an identity module external to the driver; and receiving, by a distributed firewall, data associating the identity information with the data identifying the network connection from the identity module, wherein the distributed firewall performs operations comprising: receiving an outgoing packet from the virtual machine; determining that the identity information corresponds to the outgoing packet; and evaluating one or more routing rules based at least in part on the identity information.

The Distributed Software Defined Network (dSDN) disclosed herein is an end-to-end architecture that enables secure and flexible programmability across a network with full lifecycle management of services and infrastructure applications (fxDeviceApp). The dSDN also harmonizes application deployment across the network independent of the hardware vendor. As a result, the dSDN simplifies the network deployment lifecycle from concept to design to implementation to decommissioning.

Systems and methods for managing communication of a plurality of devices in a computer network having a plurality of access points, including identifying, by a second access point of the computer network, a communication request from at least one device of the plurality of devices; sending, by a first access point of the computer network, at least one communication rule to the second access point, the at least one communication rule including conditions for communication corresponding to the identified communication request; and blocking, by the second access point, communication to the second access point when the received communication request is inadmissible according to the at least one communication rule.

A system and method that uses midservers located between the business enterprise computer infrastructure and the cloud-based infrastructure to collect, aggregate, analyze, transform, and securely transmit data from a multitude of computing devices and peripherals at an external network to a cloud-based service.