This application discloses a service flow control method and apparatus, to resolve an existing problem of relatively low security. The method includes: generating, by a terminal device, a service flow policy; and sending, by the terminal device, the service flow policy to a routing device, where the service flow policy is used to instruct the routing device to perform data packet filtering on a downlink data packet according to the service flow policy.

A storage unit (12) stores a hash table that corresponds to a predetermined field of a packet and has a set of a hash value from a value in the corresponding field and a pointer registered, and an ANY point table that corresponds to the predetermined field and has a pointer registered. A search unit (132) refers to a hash value calculated from a value in a field of a packet to be searched and to a pointer registered in the hash table and the ANY point table, to perform hash search for a rule corresponding to the packet to be searched.

A method for visualizing network flows of a network is provided. The method monitors network flows between a group of machines in a network. The method associates identifiers with the monitored network flows. The method aggregates the monitored network flows into a set of groups based on the associated identifiers. The method displays a set of flow records for the each group of the set of groups.

The technology described herein visibly depicts hidden message traits to help users determine whether an email is genuine or deceptive. The hidden message traits are revealed by identifying and changing attributes that keep the hidden traits from being displayed in a rendered message. Spam messages, phishing messages, and messages that include or link to malicious programs (e.g., malware, ransomware) are examples of unwanted messages that can harm a recipient. These messages often rely on deception to get past email filtering systems and to trick a user into acting on content in a message. The deception often involves including hidden traits in a message that fool an automated filtering system. The technology described herein shows the visible traits to a user by including them in the rendered version of the message.

An information processing device includes a memory and a controller. The memory stores, in an associated manner, information on a connection source and a time when denial of a connection request from the connection source is to be lifted. The controller, upon receiving a connection request from the connection source, denies the connection request based on the information stored in the memory. The controller removes the information on the connection source from the memory when the time has passed.

A firewall uses information about an application that originates a network request to determine whether and how to forward the request over a network. The firewall may more generally rely on the identity of the originating application, the security state of the originating application, the security state of the endpoint, and any other information that might provide an indication of malicious activity, to make routing and forwarding decisions for endpoint-originated network traffic.

A data filter and a method of creating a network data pathway via a network filter is disclosed the method comprising a i. selection phase and ii. operation phase. The selection phase comprises transferring over a network at least one enquiry data packet between a first network user and at least one other network participant via the filter and receiving at least one enquiry data packet response from the at least one network participant via the filter. A network participant is selected so as to switch from the selection phase to the operation phase. The operation phase comprises creating a network data pathway between the first network user and the selected network participant and prohibiting further creation of a further network data pathway between the network user and any unselected network participant.

Techniques for Diameter security with next generation firewall are disclosed. In some embodiments, a system/process/computer program product for Diameter security with next generation firewall includes monitoring Diameter protocol traffic on a service provider network at a security platform; and filtering the Diameter protocol traffic at the security platform based on a security policy.

Techniques are disclosed for creating service rules based on user information retrieved from an application server. One apparatus in a network that supports said techniques includes a memory storing instructions executable by a processor to cause the apparatus to receive, from a PCF, a request to provide service rules for a user and to identify one or more service contexts associated with the user, each service context holding information for accessing user information in an external application server. The instructions further cause the apparatus to retrieve user information from the external application server using each of the identified one or more service contexts, and to create one or more service rules by using the retrieved user information, where the network applies the one or more service rules to configure the data connection requested by the user.

Techniques for detecting malicious activity on an endpoint based on real-time system events are disclosed. In some embodiments, a system/process/computer program product for detecting malicious activity on an endpoint based on real-time system events includes monitoring an endpoint for malicious activity using an endpoint agent, in which the endpoint comprises a local device; detecting malicious activity associated with an application on the endpoint based on real-time system events using the endpoint agent based on a set of rules; and in response to detecting malicious activity on the endpoint based on real-time system events using the endpoint agent, performing a security response based on a security policy.