A server, in communication with a plurality of microservices in a microservices mesh environment, obtains data about inbound communications to a first microservice and outbound communications from the first microservice of the plurality of microservices. The server analyzes the data to learn an operational behavior of the first microservice and determine a firewall rule set to be applied associated with the first microservice based on the operational behavior learned for the first microservice. The server causes a micro-firewall to be instantiated for the first microservice. The micro-firewall is configured to apply the firewall rule set to inbound communications to the first microservice and outbound communications from the first microservice.

Methods and systems are presented for detecting and automatically blocking malicious traffic directed at a service provider. An IP address associated with a domain of the service provider is dissociated from the domain. Requests addressed to the IP address after it has been dissociated are identified as malicious and logged. IP addresses from which the malicious requests originated are blocked, and the log of malicious requests is used to train a model for determining pattern-based rules. Rules for managing traffic are determined based on the patterns and pushed to nodes of a proxy service, and the nodes may block or otherwise limit requests based on the rules.

Systems and methods for managing a global virtual network connection between an endpoint device and an access point server are disclosed. In one embodiment the network system may include an endpoint device, an access point server, and a control server. The endpoint device and the access point server may be connected with a first tunnel. The access point server and the control server may be connected with a second tunnel.

Embodiments include a network interface device including a first communication component operative to connect to a data transfer network and a second communication component operative to connect to a peripheral device. In some embodiments the network interface device includes a network controller operatively coupled to the first and second communication components, where the network controller is configured to receive data from the data transfer network and transmit data to the peripheral device. The network interface device can also include a monitoring component communicably coupled with the first and second communication components. The monitoring component can be configured to track a parameter associated with the received and transmitted data, determine a security threat associated with the data at least partially based on comparing the tracked parameter to a defined state, and, in response to determining the security threat, cause the network controller to restrict the data transmitted to the peripheral device.

A method for decreasing the risk of unauthorized access to an embedded node in a secure subsystem of a process control system includes receiving a message comprising a message header and a message payload, and determining that the message is an unlock message configured to access one or more protected functions of the embedded node, at least by analyzing a bit sequence of one or more bits in the message header. The method also includes determining whether a manual control mechanism has been placed in a particular state by a human operator, and, based upon those determinations, either causing or not causing the embedded node to enter an unlocked state in which one or more of the protected functions are accessible.

Simulating user interactions during dynamic analysis of a sample is disclosed. A sample is received for analysis. Prior to execution of the sample, a baseline screenshot of a desktop is generated by accessing frame buffer data stored on a graphics card. The sample is caused to execute, at least in part using one or more hypervisor instructions to move a pointing device to an icon associated with the sample. A current screenshot of the desktop is generated by accessing current frame buffer data stored on the graphics card.

A method includes monitoring web traffic until a threshold of network traffic is collected. The method further includes determining a number of location characteristics corresponding to the network traffic. The method further includes monitoring traffic information corresponding to the number of location characteristics until a threshold of traffic information is collected. The method further includes determining a number of location content flags corresponding to the traffic information. The method further includes generating, by a processing device, a location profile based on the number of location characteristics and the number of content flags. The method further includes blocking impermissible web traffic from reaching a client device based on the location profile.

A disclosed method may include (1) determining that a packet traversing a network device has been selected for conditional tracing by (A) comparing a characteristic of the packet against a firewall rule that calls for all packets exhibiting the characteristic to be conditionally debugged while traversing the network device and (B) determining, based at least in part on the comparison, that the firewall rule applies to the packet due at least in part to the packet exhibiting the characteristic, (2) tracing a journey of the packet within the network device in response to the determination by collecting information about the packet's journey through a network stack of the network device, and then (3) performing at least one action on the network device based at least in part on the information collected about the packet's journey through the network stack. Various other systems, methods, and computer-readable media are also disclosed.

Data collection system for effectively processing big data is provided. The data collection system includes multiple risk filtering modules up to third order or higher and a specific data extractor, wherein the multiple risk filtering modules and the specific data extractor are connected in series. The data collection system is capable of filtering received raw data through the multiple risk filtering modules so as to remove data with cyber security risks or system security issues, and keeping required data by the specific data extractor. In addition, the system can assist the user automatically to carefully select raw data through a combination of means of data classification, data normalization, and data clustering analysis. Thereby the system effectively enhances usability and security of data collection.

Systems and methods for providing multi-perimeter firewalls via a virtual global network are disclosed. In one embodiment the network system may comprise an egress ingress point in communication with a first access point server, a second access point server in communication with the first access point server, an endpoint device in communication with the second access point server, a first firewall in communication with the first access point server, and a second firewall in communication with the second access point server. The first and second firewalls may prevent traffic from passing through their respective access point servers. The first and second may be in communication with each other and exchange threat information.