The present disclosure is directed to distributing processing capabilities throughout different nodes in a wireless mesh network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless mesh network because they help minimize the need to forward communications to other nodes in the wireless mesh network such that an evaluation can be performed. Apparatus and methods consistent with the present disclosure may distribute ratings or verdicts associated with previous requests to access data to different nodes in a wireless mesh network without generating additional wireless communications through the wireless mesh network. Apparatus and methods consistent with the present disclosure distribute content ratings to different nodes in a wireless network such that different wireless nodes may block redundant requests to undesired content without increasing messaging traffic.

A containerized cross-domain solution (CDS) is disclosed herein. In some examples, a first network interface container can be executed on a server to run a first network interface application to receive a data packet that includes data generated by a first process executing at a first security domain. A filter container can be executed on the server to run a data filter to evaluate a data content of the data to determine whether the data content violates a set of data rules. A second network interface container can be executed on the server to run a second network interface application. The data packet can be provided to the second network interface application in response to determining that the data content does not violates the set of data rules. The second network interface application can provide the data packet to a second security domain for a second process executing therein.

In order to enable dynamic scaling of network services at the edge, novel systems and methods are provided to enable addition of add new nodes or removal of existing nodes while retaining the affinity of the flows through the stateful services. The methods provide a cluster of network nodes that can be dynamically resized to handle and process network traffic that utilizes stateful network services. The existing traffic flows through the edge continue to function during and after the changes to membership of the cluster. All nodes in the cluster operate in active-active mode, i.e., they are receiving and processing traffic flows, thereby maximizing the utilization of the available processing power.

Techniques for providing a securing platform for service provider network environments are disclosed. In some embodiments, a system/process/computer program product for providing a securing platform for service provider network environments includes communicating with an orchestrator and/or another network element on a service provider network to identify a subscriber with a new IP flow using a security platform; associating the subscriber with the new IP flow at the security platform; and determining a security policy to apply at the security platform to the new IP flow based on the subscriber.

A device may receive an input associated with deploying a virtual firewall on a computing device. The device may determine a first set of characteristics associated with the virtual firewall and a second set of characteristics associated with a hypervisor associated with the computing device. The device may automatically tune the virtual firewall based on the first set of characteristics and the second set of characteristics. The device may deploy the virtual firewall after tuning the virtual firewall.

A method for detecting fraudulent transactions entering a payment environment, the method comprising: receiving packets of a transaction from a network; reconstructing and framing the packets into respective transaction messages; decoding each transaction message into its respective fields; correlating the respective transaction messages into an end-to-end model of the transaction; applying one or more predefined rules to the respective fields to determine whether the transaction is fraudulent; when the transaction is determined to be fraudulent, determining one or more specified fields of the respective fields to use to selectively block, deny, or rate limit the transaction; selecting a corresponding predefined rule from a server rule base; storing the predefined rule in a transaction firewall rule base; and, applying the predefined rule to the transaction to selectively block, deny, or rate limit the transaction based on content of the one or more specified fields in the transaction.

Techniques for distributed traffic steering and enforcement for security solutions are disclosed. In some embodiments, a system, process, and/or computer program product for distributed traffic steering and enforcement for security solutions includes encapsulating an original traffic header for a monitored flow from/to a host or a container; rerouting the flow from the host or the container to a security platform of a security service; performing security analysis at the security platform using the original traffic header; and rerouting the flow back to the host or the container for routing to an original destination based on the original traffic header.

A firewall host uses a shared memory to pass arguments to, and receive results from, a remote procedure executing on a locally coupled network processing unit that offloads processing for the firewall.

A method of authenticating a user includes: logging into a first system that includes a token-based authentication system (TBAS); creating, at the TBAS, a cookie based on a token from the TBAS; requesting access, by the user, to a second system that includes at least one windows-hosted web application (WHWA); and decoding and validating the token, thereby granting the user access to the second system based only on the user logging into the first system.

A cyber safety system that provides a real-time and independent cyber-attack monitoring and automatic cyber-attack response. The cyber safety system comprises a cyber monitoring logic to generate a cyber attack signal in response to a cyber attack event. The cyber safety system further comprises an automatic segmentation controller to generate a plurality of segmentation voltage signals or a plurality of segmentation messages in response to the cyber attack signal. The cyber safety system further comprises a plurality of firewalls configured to invoke firewall rulesets depending upon an input voltage signal level of the plurality of segmentation voltage signals or the plurality of segmentation messages to segment a site network in a plurality of site network segments and to control one or more physical devices as response to the cyber attack event.