According to some embodiments of the disclosure, a method includes receiving an electronic communication directed to a data resource, determining, by a machine learning (ML) web application firewall (WAF), an attack probability of the electronic communication based on a plurality of features, wherein subsets of the plurality of features are arranged in a plurality of feature groups, adjusting the attack probability based on respective feature weights of the plurality of feature groups.

A method and edge device for controlling data exchange of an industrial edge device with an industrial automation arrangement and a data cloud, wherein the edge device includes a first communication connection to the industrial automation arrangement and a second communication connection to a network of the data cloud, where the edge device includes applications exchanging data, and where the edge device includes a control device to control the data to be exchanged, wherein whether data exchange of an application is controlled via the first communication connection and the data exchange is implemented directly via the second communication connection or vice versa is defined for each application, where a data flow control device ensures simultaneous direct data exchange by an application via both communication connections does not occur, such that rigorous checking of applications or containers within the applications with respect to data security is not required.

Techniques for transport layer signaling security with next generation firewall are disclosed. In some embodiments, a system/process/computer program product for transport layer signaling with next generation firewall includes monitoring transport layer signaling traffic on a service provider network at a security platform; and filtering the transport layer signaling traffic at the security platform based on a security policy.

A distributed security system can include instances of a compute engine that can execute either locally in security agents on client devices or as cloud instances in a security network. Event data can be processed by elements of the distributed security system according to centrally-defined ontological definitions and/or configurations. Bounding managers of local security agents can control how much event data is sent to the security network. A storage engine in the security network can store event data received from client devices, can route event data to other elements of the security network, including cloud instances of the compute engine. An experimentation engine of the security network can also at least temporarily adjust other elements of the distributed security system during experiments or tests.

Aspects of the disclosure relate to providing commercial and/or spam messaging detection and enforcement. A computing platform may receive a plurality of text messages from a sender. It may then tokenize the plurality of text messages to yield a plurality of tokens. The computing platform may then match one or more tokens of the plurality of tokens in the plurality of text messages to one or more bulk string tokens. Next, it may detect one or more homoglyphs in the plurality of text messages, and then detect one or more URLs in the plurality of text messages. The computing platform may flag the sender based at least on the one or more matching tokens, the one or more detected homoglyphs, and the one or more detected URLs. Based on flagging the sender, the computing platform may block one or more messages from the sender.

This disclosure describes methods to distribute intrusion detection in a network across multiple devices in the network, such as across routing/switching or other infrastructure devices. For example, as a packet is routed through a network infrastructure, an overlay mechanism may be utilized to indicate which of a total set of intrusion detection rules have been applied to the packet. Each infrastructure device may evaluate which rules have already been applied to the packet, using a result of the evaluation to determine where to route the packet in the network infrastructure for application of additional intrusion detection rules. Additionally, each infrastructure device may record a result of its application of the portion of intrusion detection rules directly into the packet.

Systems and methods for allocating a per-interface access control list (ACL) counter are disclosed. An ACL is applied to a data packet received at an interface of the network element. In response to matching the highest priority ACL rule, a counter value is obtained based on a combination of a base index and an expansion index value. The base index, expansion index, and counter values are stored in their respective tables. The counter value is uniquely associated with the specific ACL rule hit and the interface used to receive the data packet. Systems and methods also allocate a next set of expansion and counter tables when their storage capacity is exceeded. When the next set of tables are allocated, the older set of tables along with their index mappings and entries are preserved.

Disclosed is an open world communication device with an aircraft avionics system including an application component. The device further includes an interfacing component with a communication module able to intercept each request sent by the application component and a clone of the avionics system able to test each request intercepted by the communication module in order to determine the status of the request between a conforming status and a non-conforming status. The communication module is able to send to the avionics system, only the requests having the conforming status.

Methods, computer-readable media, software, and apparatuses may assist a consumer m unsubscribing from unwanted mailing list traffic and email based relationships. A consumer’s discovered accounts and subscriptions may be listed and displayed to the consumer. For each identified account or subscription, an unsubscribe and deletion action may be determined and automated for the consumer.

At least one of a measure of trust or a measure of spoofing risk associated with a sender of a message is determined. A measure of similarity between an identifier of the sender of the message and an identifier of at least one trusted contact of a recipient of the message is determined. The measure of similarity is combined with at least one of the measure of trust or the measure of spoofing risk to at least in part determine a combined measure of risk associated with the message. Based at least in part on the combined measure of risk associated with the message, a verification action is performed including by automatically providing an inquiry message that requests a response to be provided.