A message-hold decision maker system used with an electronic mail processing system that processes electronic messages for a protected computer network improves the electronic mail processing system’s performance by increasing the throughput performance of the system. The improvements are achieved by providing an electronic mail processing gateway with additional logic that makes fast and intelligent decisions on whether to hold, block, allow, or sandbox electronic messages in view of potential threats such as viruses or URL-based threats. A message hold decision maker uses current and stored information from a plurality of specialized classification engines to quickly make the decisions. In some examples, the message hold decision maker will instruct an email gateway to hold an electronic mail message while the classification engines perform further analysis.

An e-mail firewall applies policies to e-mail messages between a first site and second sites in accordance with administrator selectable policies. The firewall includes a simple mail transfer protocol relay for causing the e-mail messages to be transmitted between the first site and selected ones of the second sites. Policy managers enforce-administrator selectable policies relative to one or more of encryption and decryption, signature, source/destination, content and viruses.

A device receives a packet from a local network. The packet may be directed toward a cloud computing resource. The device determines that the packet is associated with a new packet flow. In response to determining that the packet is associated with the new packet flow, the device provides one or more packets from the new packet flow to a machine learning model for packet inspection. The device receives an output from the machine learning model and routes the new packet flow based on the output received from the machine learning model. The output indicates whether or not the new packet flow is associated with a network attack.

A device may include a first interface and a second interface. The device may also include memory containing a set of rules and representations of pre-defined violations thereof. The device may also include digital logic programmed to: (i) receive, by way of the first interface, an Ethernet frame containing Ethernet header fields and an Ethernet payload, wherein the Ethernet payload contains a payload; (ii) extract data from the Ethernet header fields, wherein the data defines a transaction that is functionally equivalent to a further transaction that is defined by the payload; (iii) apply the set of rules to the transaction, wherein doing so involves comparing fields in the data to values and concluding that the transaction does not contain any pre-defined violations; and (iv) modify the Ethernet frame to contain content based on the payload, and transmit the Ethernet frame out the second interface.

A device may obtain information regarding firewall rules. The information, for a firewall rule of the firewall rules, may include one or more match condition values and a ranking value. The firewall rule may be applicable to packets that are associated with packet information that matches the match condition values. A match condition value may be associated with a match count that identifies a quantity of times that packets match the match condition value. The ranking value may identify a quantity of times that the firewall rule has been applied to the packets. The device may obtain a new firewall rule. The device may predict a ranking value of the new firewall rule based on match condition values of the new firewall rule and/or based on analyzing the information regarding the plurality of firewall rules. The device may perform an action based on the predicted ranking value.

A network device ensures availability of content destination devices, and may receive a request to install a filter, and the request may include information identifying a set of content destination devices capable of receiving packets that match the filter, and priority values indicating priorities by which the set of content destination devices are to receive the packets. The network device may receive status indications indicating availabilities associated with the set of content destination devices, and may receive a packet destined for an endpoint device. The network device may generate a copy of the packet, and may determine that a packet feature matches the filter. The network device may select a particular content destination device, from the set of content destination devices, based on the priority values and the status indications, and may cause the copy of the packet to be forwarded to the particular content destination device.

A proxy server receives from a client network application a request for an action to be performed on an identified network resource of a domain of an origin server. The request is received at the proxy server as a result of a DNS request for the domain returning an IP address of the proxy server. The proxy server determines that the first request is indicative of being from a bot. Responsive to this determination, the proxy server transmits a block page to the client network application that includes a mechanism to allow a human user of the client network application to provide input that indicates that they are human and not a bot. If the proxy server does not receive input from the client network application through the mechanism in the block page that indicates that the first request is not from a bot, the proxy server blocks the request.

A new approach is proposed that contemplates systems and methods to provide identification and mitigation of malware attack via Web assets hosted on a Web application, site, or platform in an automated and proactive manner. From the moment the Web assets are hosted on the Web application platform and protected by a Web application security device, the hosted Web assets are constantly monitored and assessed for potential risks. Whenever there is a new instance or a modification of a Web asset, a copy of the Web asset is automatically downloaded and analyzed for potential vulnerabilities. If a suspicious indicator of malicious contents in the Web asset is detected during the analysis, a plurality of security policies are created and applied to the Web application security device to mitigate threats of the Web asset and protect users of the Web application against malware attacks via the tampered Web asset.

System and method for updating customer data that includes a plurality of electronically stored contact records that each include contact information for a respective individual contact. Filtering is applied to the customer data to identify contacts that fall within defined filtering criteria. Information about the identified contacts is provided to a decision making authority for a further layer of filtering. Customer data is updated based on feedback derived from the decision making authority.

Techniques are described herein that are capable of implementing a client-side policy on client-side logic. The client-side policy is configured to support client-side hooks by configuring a rule in the client-side policy to be applied to the client-side logic, which is configured to be executed in a browser of a client device in a network-based system. The rule indicates an administrator-defined action to be performed in response to a request to execute the client-side logic. The request to execute the client-side logic in the browser is received. The administrator-defined action is performed based at least in part on the rule in the client-side policy in response to receipt of the request.