Computing resource service providers may provide computing resources to customers in a multi-tenant environment. These computing resources may be behind a firewall or other security device such that certain information does not reach the computing resources provided to the customer. A logging entity may be implemented on computer server operated by the computing resource service provider. The logging entity may obtain log information from the firewall or other security device and store the log information such that it is accessible to the customer. Additionally, the log information may be provided to other services such as a metrics service or intrusion detection service.

Techniques for providing localization at scale for a cloud-based security service are disclosed. In some embodiments, a system/method/computer program product for providing localization at scale for a cloud-based security service includes receiving a connection request at a network gateway of a cloud-based security service; performing a source Network Address Translation (NAT) from a registered set of public IP addresses associated with a tenant; and providing secure access to a Software as a Service (SaaS) using the cloud-based security service.

A global profile generation unit acquires a profile including, as an entry, information on parameter values for a combination of path parts and parameter names included in a normal HTTP request to a web server. When entries, in which the path parts are different but the parameter names are the same, are present in the acquired profile, the global profile generation unit generates a global profile in which the entries of the parameter names are aggregated in the acquired profile.

A communication system for an aircraft comprises a communication interface with the outside of the aircraft and an avionics domain of which the security level is the highest of the communication system. It also comprises a communication domain to which is connected the communication interface and of which the security level is lower than the security level of the avionics domain. A barrier of a first type is arranged to filter the information coming from the communication interface so as to allow the information to pass into the communication domain only if the information corresponds to an authenticated communication. A barrier of a second type is arranged to filter information transmitted from the communication domain to the avionics domain, carrying out at least a syntactic filtering of the information.

Disclosed herein are systems and method for blocking novel attack vectors. In one aspect, a detected security incident and a consequential event are correlated such that the combination of the security incident and the consequential event are identified as an attack vector. A method may comprise generating and executing a rule that blocks the consequential event in response to detecting the security incident.

Methods and systems are described for compressing a tree structure associating network packet signatures with network packet metadata, the tree structure comprising a plurality of non-leaf nodes of single bit test nodes and a plurality of leaf nodes comprising network packet metadata, the method comprising determining whether the sub-portion of the tree structure is to be compressed. If determination is made that the sub-portion of the tree structure is to be compressed, generating a compressed node data structure, the compressed node data structure comprising a path of the sub-portion of the tree structure, the path comprising a sequence of bits formed by a concatenation of the single bits associated with each one of the consecutive non-leaf nodes of the sub-portion of the tree structure, the number of bits of the sequence being equal or greater than the compression threshold.

A security entity controls execution of commands by a target host in a computer system. The security entity terminates a secure transport channel carrying at least one stream of data from a client host, the security entity being a separate entity from the target host and the at least one stream of data including first type of data and second type of data including at least one command for the target host. An emulator of the security entity analyses the at least one stream of data to determine the at least one command for the target host and checks allowability of the at least one command for the target host. If the at least one command is determined allowable, execution of the at least one allowable command at the target host is caused by sending the at least one allowable command to the target host on an execution channel separately from the at least one stream of data.

A method including transmitting, by an infrastructure device to a user device, a determined characteristic of an authentic feature included in an authentic network communication associated with an authentic entity, with which the user device intends to communicate over a network; determining, by the user device, an observed characteristic of a current feature included in a current network communication associated with a current entity with which the user device is communicating over the network; comparing, by the user device, the observed characteristic with the determined characteristic; and determining, by the user device, that the current network communication is authentic or that the current network communication is not authentic based at least in part on a result of comparing the observed characteristic with the determined characteristic. Various other aspects are contemplated.

Various embodiments provide an approach to controlled access to online content. Such control may be based on a multitude of factors including but not limited to website content, profile for the person consuming the data. In operation, machine-learning techniques are used to classify the websites based on community and social media inputs, crowd-sourced data, as well as access rules implemented by parents or system administrators. Feedback from users/admins of the system, including the instances of allowed or denied access to websites, in conjunction with other relevant parameters, is used for iterative machine-learning techniques. Embodiments may also allow for real, or near real-time, approval or denial of access to websites by registered admins.

Provided is a method for protocol parsing for network security. The method may include receiving, by a packet capture system, a plurality of packets, parsing lower layer data from each packet, and communicating a respective payload of each respective packet to at least one first queue. A routing system may route the respective payload of each respective packet to a respective second queue of a plurality of second queues based on a respective protocol of the respective packet. A respective protocol parser node of a parsing system may parse higher layer data from the respective payload of each respective packet from each respective second queue. The packet capture system may communicate the lower layer data for each packet to a third queue, and the parsing system may communicate the higher layer data for each packet to the third queue. A system and computer program product are also disclosed.