Examples described herein relate to a system for offloading a proxy for microservice-to-microservice communication to a network interface device. In some examples, the system includes a host interface and a network interface device circuitry comprising circuitry coupled to the host interface. In some examples, the circuitry is configured to: perform offloaded proxy operations of a service mesh interface for multiple services, wherein the circuitry is accessible via a virtual network device by a host processor-executed service of the multiple services and wherein the service mesh interface is to provide access to a service mesh to communicate with one or more services.

Upgrading packet processing rules in a network device with a replacement set of rules includes generating an edit sequence that represents edit operations to transform an already-installed old set of rules into the replacement rules. The edit sequence is used to identify a subsequence of rules that is common to both the old rules and the replacement rules. A merged list is generated by a combination of the old rules, the replacement rules, and the common subsequence of rules. The merged list is downloaded to the network device, overwriting the old rules in bottom-up fashion to allow packet processing to continue concurrently using the old rules.

Systems and methods for implementing a micro firewall in a mobile application are provided here. Firewall logic can be injected or provided to a mobile application. The firewall logic can provide one or more rules for processing network traffic from application programming interfaces (APIs) of the mobile application. The mobile application having the firewall logic can be made available for installation on a mobile device. The mobile application having the firewall logic can be provided or installed on to a mobile device. During execution of the mobile application, the firewall logic of the mobile application can hook a plurality of API calls of the mobile application relevant to network traffic. The firewall logic can apply one or more rules of the firewall logic to process network traffic corresponding to an API call of the plurality of API calls of the mobile application.

Evaluating samples is disclosed. A sample is received. A system component dependency graph is built for the sample. The system component dependency graph includes a plurality of nodes and at least one edge. A first node included in the plurality of nodes is one of: (1) a system component, (2) an indirect call component, or (3) a system event. The edge is an indirect call instruction. A verdict for the sample is determined based at least in part on the system component dependency graph.

Techniques for cellular Internet of Things (IoT) battery drain prevention in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for cellular IoT battery drain prevention in mobile networks includes monitoring network traffic on a service provider network at a security platform to identify a misbehaving application based on a security policy, wherein the service provider network includes a 4G network or a 5G network; extracting subscription identifier information for network traffic associated with the misbehaving application at the security platform; and enforcing the security policy at the security platform to rate limit paging messages sent to an endpoint device using the subscription identifier information and based on the security policy.

A global architecture (GLP), as disclosed herein, is based on the thin server architectural pattern; it delivers all its services in the form of web services and there are no user interface components executed on the GLP. Each web service exposed by the GLP is stateless, which allows the GLP to be highly scalable. The GLP is further decomposed into components. Each component is a microservice, making the overall architecture fully decoupled. Each microservice has fail-over nodes and can scale up on demand. This means the GLP has no single point of failure, making the platform both highly scalable and available. The GLP architecture provides the capability to build and deploy a microservice instance for each course-recipient-user combination. Because each student interacts with their own microservice, this makes the GLP scale up to the limit of cloud resources available—i.e. near infinity.

A method for configuring a firewall equipment in a first communication network managed by an access equipment for accessing a second communication network. Such a method implements: obtaining characteristic information of a user equipment in the first network by analyzing its active interfaces in the network; generating configuration rules for configuring the firewall equipment on the basis of the obtained features and of a predetermined configuration model; and transmitting, to the firewall equipment, an update command message to update a configuration, including the determined configuration rules.

A system and method for intercepting intra-network traffic for smart appliance behavior analysis. A network traffic hub is configured to intercept network traffic between a switch and a router. A smart appliance sends a message to the router, such as a DHCP request when the smart appliance joins the network. The router sends a response to the smart appliance. The network traffic hub intercepts and modifies the response to instruct the smart appliance to send all future intra-network traffic through the network traffic hub and the router. In some embodiments, the network traffic hub alters a network mask in the response message to instruct the smart appliance to send traffic through the network traffic hub. The network traffic hub then extracts data from the network traffic and uses that data for behavior analysis of smart appliances.

Attempts at lateral movement are detected by monitoring failed login attempts across a number of endpoints in a network. By configuring endpoints across the network to report unsuccessful login attempts and monitoring these login attempts at a central location, patterns of attempts and failures may advantageously be detected and used to identify malicious attempts at lateral movement within the network before any unauthorized lateral movement is achieved.

Systems and methods for implementing a micro firewall in a mobile application are provided here. Firewall logic can be injected or provided to a mobile application. The firewall logic can provide one or more rules for processing network traffic from application programming interfaces (APIs) of the mobile application. The mobile application having the firewall logic can be made available for installation on a mobile device. The mobile application having the firewall logic can be provided or installed on to a mobile device. During execution of the mobile application, the firewall logic of the mobile application can hook a plurality of API calls of the mobile application relevant to network traffic. The firewall logic can apply one or more rules of the firewall logic to process network traffic corresponding to an API call of the plurality of API calls of the mobile application.