Systems and methods for managing a global virtual network connection between an endpoint device and an access point server are disclosed. In one embodiment the network system may include an endpoint device, an access point server, and a control server. The endpoint device and the access point server may be connected with a first tunnel. The access point server and the control server may be connected with a second tunnel.

A method for visualizing network flows of a network is provided. The method monitors network flows between a group of machines in a network. The method associates identifiers with the monitored network flows. The method aggregates the monitored network flows into a set of groups based on the associated identifiers. The method displays a set of flow records for the each group of the set of groups.

A method for managing a request to access an internet site originating from a device and transmitted through a telecommunication network. The method includes: receiving a request including a domain name, originating from the device, intended to be transmitted to a domain name resolution server; routing the request to a domain name resolution server; receiving a response including an IP address and information, called first information, linked to the IP address; transmitting or not transmitting the request over the network as a function of the first information.

A global architecture (GLP), as disclosed herein, is based on the thin server architectural pattern; it delivers all its services in the form of web services and there are no user interface components executed on the GLP. Each web service exposed by the GLP is stateless, which allows the GLP to be highly scalable. The GLP is further decomposed into components. Each component is a microservice, making the overall architecture fully decoupled. Each microservice has fail-over nodes and can scale up on demand. This means the GLP has no single point of failure, making the platform both highly scalable and available. The GLP architecture provides the capability to build and deploy a microservice instance for each course-recipient-user combination. Because each student interacts with their own microservice, this makes the GLP scale up to the limit of cloud resources available—i.e. near infinity.

Techniques for providing a smart proxy for a large scale high-interaction honeypot farm are disclosed. In some embodiments, a system/method/computer program product for providing a smart proxy for a large scale high-interaction honeypot farm includes receiving tunneled traffic at a smart proxy from a sensor for a honeypot farm that is executed in a honeypot cloud, wherein the tunneled traffic is forwarded attack traffic, and wherein the honeypot farm includes a plurality of container images of distinct types of vulnerable services; selecting a matching type of vulnerable service from the plurality of container images of distinct types of vulnerable services based on a profile of the attack traffic; and forwarding the tunneled traffic to an instance of the matching type of vulnerable service.

An endpoint in a network periodically generates a heartbeat encoding health state information and transmits this heartbeat to other network entities. Recipients of the heartbeat may use the health state information to independently make decisions about communications with the source endpoint, for example, by isolating the endpoint to prevent further communications with other devices sharing the network with the endpoint. Isolation may be coordinated by a firewall or gateway for the network, or independently by other endpoints that receive a notification of the compromised health state.

A system obtains a domain-specific language (DSL) behavior document corresponding to a network appliance and including a plurality of functions, compiles using a lexer and parser the DSL behavior document into an abstract syntax tree (AST) including a plurality of function branches, interprets using a treewalker the plurality of function branches, chains into a composite behavior model a plurality of behavior groups respectively corresponding to the plurality of function branches based on the interpreting, and stores the composite behavior model in a database associated with the network appliance.

Systems and methods include receiving one or more disaster recovery configurations; identifying activation of a disaster recovery mode; and controlling traffic flow such that the traffic is any of blocked to all destinations, allowed to all destinations, and allowed to preselected destinations based on the one or more received disaster recovery configurations.

A method including receiving, by a device from a transmitting source application, a transmission packet to be transmitted to a destination application; determining, by the device, connection information included in the transmission packet, the connection information indicating one or more parameters to be utilized by the destination application to connect with the transmitting source application; determining, by the device, a fingerprint associated with the connection information based at least in part on encrypting the one or more parameters; comparing, by the device, the determined fingerprint with a stored fingerprint stored in correlation with an identity of a trusted source application; and processing, by the device, the transmission packet based at least in part on a result of comparing the determined fingerprint with the stored fingerprint. Various other aspects are contemplated.

A plurality of security rule processing nodes is configured for network traffic of a set of sources and destinations. Respective subsets of configuration information of the sources and destinations, including security rules, are transmitted to the nodes. Respective addresses of at least a subset of the nodes are transmitted to a packet processing intermediary. The intermediary requests evaluation of applicable security rules with respect to packet flows by selected nodes prior to initiating routing actions for packets of the flows.