A method, apparatus and system for malware characterization includes receiving data identifying a presence of at least one anomaly of a respective portion of a processing function captured by at least one of each of at least two different sensor payloads and one sensor payload at two different times, determining a correlation between the at least two anomalies identified by the data captured by the at least one sensor payloads, and determining a presence of malware in the processing function based on the determined correlation. The method, apparatus and system can further include predicting an occurrence of at least one anomaly in the network based on at least one of current sensor payload data or previously observed and stored sensor payload data, recommending and/or initiating a remediation action and reporting a result of the malware characterization to a user.

A communication system and a communication method for one-way transmission are provided. The communication method includes: transmitting a filtering rule to a programmable logic device by a server; receiving a signal and obtaining data from the signal by the server; packing the data to generate at least one data packet by the server; transmitting the at least one data packet to the programmable logic device by the server; and determining, according to the filtering rule, whether to output the at least one data packet by the programmable logic device.

A configuration of a cloud application exposed via a public IP address is duplicated with modifications to include a private IP address to expose the application internally. The original configuration is updated so that external network traffic sent to the application is redirected to and distributed across agents running on nodes of a cloud cluster by which web application firewalls (WAFs) are implemented. A set of agents for which the respective WAFs should inspect the redirected network traffic are selected based on cluster metrics, such as network and resource utilization metrics. The redirected network traffic targets a port allocated to the agents that is unique to the application, where ports are allocated on a per-application basis so each of the agents can support WAF protection for multiple applications. Network traffic which a WAF allows to pass is directed from the agent to the application via its private IP address.

A brownfield security gateway is configured to support a trusted execution environment (TEE) that employs cryptographic and physical security—which forms a trusted cyber physical system—to protect sensitive transmissions on route to a controllable device. The gateway may be implemented with a System on Chip (SoC) that utilizes an application layer gateway to filter content within a transmission. When the application layer gateway authorizes the transmission, the transmission is forwarded to a trusted peripheral device that is configured with communication transport protocols, and the trusted peripheral device transfers the transmission to the controllable device. The trusted peripheral device and the controllable device are physically protected by, for example, protected distribution systems. Accordingly, the trusted peripheral device functions as a gateway between the SoC and the controllable device.

A specific container is spawned by a docker module responsive to Kebernetes control instruction. Network connectivity is provided for the specific container to a data communication network through a networking bridge and a security policy is configured. After configuration, inbound or outbound data packets concerning the specific container are received and forwarded to a security policy KVM for scanning against security policies. Those that pass security scanning are forwarded to containers and external destinations.

A method and system are disclosed. The method and system include receiving, at a wrapper, a communication and a context associated with the communication from a client. The communication is for a data source. The wrapper includes a dispatcher and a service. The dispatcher receives the communication and is data agnostic. The method and system also include providing the context from the dispatcher to the service. In some embodiments, the method and system use the service to compare the context to a behavioral baseline for the client. The behavioral baseline incorporates a plurality of contexts previously received from the client.

Provided are a method and a system for transmitting multiple data, in which the method includes receiving a plurality of transmission files for transmission from a transmission device of the first network to a reception device of the second network, and temporarily storing the received files, generating flexible packets by dividing each of the plurality of transmission files by a flexible packet length determined according to size of the files, in which a transmission file in a size smaller than the flexible packet length among the plurality of transmission files is generated as one flexible packet without being divided, loading the flexible packets into a plurality of flexible frames based on a corresponding transmission file priority according to a maximum data transmission size, and transmitting the plurality of flexible frames to the second network.

Techniques for outbound/inbound lateral traffic punting based upon process risk are disclosed. In some embodiments, a system/process/computer program product for outbound/inbound lateral traffic punting based upon process risk includes receiving, at a network device on an enterprise network, process identification (ID) information from an endpoint (EP) agent executed on an EP device, in which the process ID information identifies a process that is associated with an outbound or inbound network session on the EP device on the enterprise network, and the EP agent selected the network session for punting to the network device for inspection; monitoring network communications associated with the network session at the network device to identify an application identification (APP ID) for the network session; and performing an action based on a security policy using the process ID information and the APP ID.

Technologies are disclosed for enforcing access control to resources of an indexing system using resource paths. Before performing a search for resources, access control is performed. By determining the resource paths that the user is authorized and/or unauthorized to access before performing the search, the search engine returns resources that the user is authorized to access instead of returning resources that the user may not be authorized to access. Before submitting a search query to a search engine an augmented search query is generated. The augmented search query includes one or more filter rules (which may be referred to herein as “filters”) that specify the resource paths to include or exclude from the search. The augmented search query limits the search to resources that the user is authorized to access.

Various embodiments provide systems and methods for discovering APIs for use in relation to network application security.