Techniques for auto-starting a VPN in a MAM environment are disclosed. A MAM-controlled application is launched on a computer system. Policy is queried and a determination is made as to whether to auto-start a VPN application based on the policy. Based on the policy, the VPN application is auto-started, and the VPN application initiates a VPN tunnel that is usable by at least the MAM-controlled application. Network communications transmitted to or from the MAM-controlled application then pass through the VPN tunnel.

Systems and methods for allocating a per-interface access control list (ACL) counter are disclosed. An ACL is applied to a data packet received at an interface of the network element. In response to matching the highest priority ACL rule, a counter value is obtained based on a combination of a base index and an expansion index value. The base index, expansion index, and counter values are stored in their respective tables. The counter value is uniquely associated with the specific ACL rule hit and the interface used to receive the data packet. Systems and methods also allocate a next set of expansion and counter tables when their storage capacity is exceeded. When the next set of tables are allocated, the older set of tables along with their index mappings and entries are preserved.

Methods allow a predicting and detecting potential anomalies at a service infrastructure. A strings table having entries that define character strings and corresponding anomaly probabilities is accessed. A log entry related to an event occurring in the service infrastructure is generated in a database. The log entry includes a character string designating a name of a file or an IP address and a domain name hosted by the service infrastructure. A search is made for the character string in the strings table. The domain name is marked as suspect if the character string is found in the strings table and if an anomaly probability for the character string exceeds a predetermined threshold. The anomaly probabilities may be calculated using a Bayesian filter that accounts for a number of domains hosted by the service infrastructure on which the character string has recently appeared.

Example embodiments include a controlled content repository, wherein the controlled content repository is accessible according to an access protocol, wherein the access protocol comprises at least one set of access rules, wherein the access protocol enables determining if first data associated with a first object and second data associated with a second object can be made available to a first computing device; a data structure for storing a first object and a second object; and a controlling computing device, in communication with the controlled content repository, for providing the first data associated with the first object and the second data associated with the second object to the first computing device after determining that the first data associated with the first object and the second data associated with the second object is authorized to be made available to the first computing device in accordance with the access protocol.

Provided are methods, apparatus, and system for policy based wide area network. A network of network appliances is configured with a policy configuration. Each network appliance is configured to validate each wide area network packet against the policy configuration. The validation can include verifying that the packets meet the SD-WAN network segment requirements and security rules including verifying that the source and destination address of the packet meet the firewall zone requirements. Each wide area network packet contains a policy header that is checked by the sending and receiving network appliance against the policy configuration.

Application-initiated network traffic is intercepted and analyzed by an application firewall in order to identify streams of traffic for a target application. An application signature generator preprocesses the raw data packets from the intercepted network traffic by tokenizing the data packets and then weighting each token according to its importance for application identification. The weighted features for each data packet are clustered using an unsupervised learning model, and the resulting clusters are iteratively refined and re-clustered using a proximity score between the clusters and feature vectors for key tokens for the target application. The application signature generator generates a signature for the clusters corresponding to the target application which the application firewall implements for filtering network traffic.

The disclosed computer-implemented method for deep packet inspection of vulnerable network devices may include (i) detecting at least one vulnerability associated with a network device service, (ii) identifying one or more network devices associated with the vulnerability, (iii) initiating a deep packet inspection of data traffic communicated by a target network device, (iv) determining, based on the deep packet inspection, one or more signatures associated with a potential malware attack for the target network device, and (v) performing a security action that mitigates the potential malware attack. Various other methods, systems, and computer-readable media are also disclosed.

A system includes a plurality of secure gateways that each use a plurality of datasets to determine how to process messages between devices on a network and websites on the internet. A version control server in the system automatically sends a dataset to each secure gateway in the plurality of secure gateways.

A non-transitory, processor-readable medium includes code representing instructions to cause a processor to perform a method. The method includes receiving, from a traffic filter at a boundary of a network, a network communication and determining the network communication is a first anomalous communication associated with a service that does not exist within the network, uses a non-readable character set, or includes a malicious payload. The method further includes, at least partially based on the determining, generating a first rule, at least partially based on an analysis of a subset of partial or exact fingerprints of the first anomalous communication. The first rule is communicated to the traffic filter for the traffic filter to filter, from network communications external to the network, a second anomalous communication.

A system for providing secure browsing via a transparent network proxy is disclosed. The system may receive, from a client, a request to access a resource. The request may include an identifier that may be utilized to locate the resource. Once the request is received, the system may determine if the resource is not trusted, such as if the identifier is determined to be unknown or suspicious. If the resource is determined to not be trusted by the system, the system may forward the request to a virtual machine manager that may select a browser virtual machine from a pool of browser virtual machines. After the browser virtual machine is selected, the browser virtual machine may stream a rendering of the resource to the client based on the request. The rendering of the resource may be provided in lieu of the actual resource.