A system and method for performing firewall operations on an edge service gateway virtual machine that monitors traffic for a network. The method includes detecting, from a directory service executing on a computing device, a login event on the computing device, obtaining, from the detected login event, login event information comprising an identifier that identifies a user associated with the login event, storing the login event information as one or more context attributes in an attribute table, and applying a firewall rule to a data message that corresponds to the one or more context attributes.

A system includes a plurality of secure gateways that each use a plurality of datasets to determine how to process messages between devices on a network and websites on the internet. A version control server in the system automatically sends a dataset to each secure gateway in the plurality of secure gateways.

Methods, systems, and apparatus for detecting and mitigating anomalous network traffic. With at least one processor in a network, information regarding network traffic flows is obtained and a classification model is generated based on the obtained information, the classification model comprising one or more classification rules for classifying network traffic as normal or anomalous. With the at least one processor in the network, the network traffic is classified as anomalous or normal based on the generated classification model and at least one mitigation action is initiated based on the network traffic being classified as anomalous.

Systems and methods for operating autonomous vehicle devices in a network according to a network configuration are discussed. The network can include a plurality of pods configured to run on the one or more host computing devices. The network can include one or more containers encapsulated by each of the plurality of pods. The network can include one or more communication links configured to provide communications among the plurality of network devices. For instance, the one or more communication links can include one or more intranetwork links configured to provide communication between the plurality of pods. The network can include a firewall comprising one or more firewall rules. The one or more firewall rules can be configured to allow communications along the one or more communication links and block communications along some or all connections other than the one or more communication links.

A device may receive an input associated with deploying a virtual firewall on a computing device. The device may determine a first set of characteristics associated with the virtual firewall and a second set of characteristics associated with a hypervisor associated with the computing device. The device may automatically tune the virtual firewall based on the first set of characteristics and the second set of characteristics. The device may deploy the virtual firewall after tuning the virtual firewall.

A computer-implemented method for processing data associated with a first network element. The method includes: ascertaining a subset of a data traffic associated with the network element, and evaluating the subset.

A cross-domain guard is disclosed that includes a field programmable gate array (FPGA). The FPGA includes a rule database containing one or more rules, a memory interconnect configured to send control data or rule processing data, media access control logic, and a plurality of filter engines configured to receive an incoming message and generate a processed message. Each of the plurality of filter engines may contain a message processing allocation element configured to receive and distribute the incoming message, and a plurality of rule processor kernels. Each of the plurality of rule processor kernels includes a rule processor kernel control element, a plurality of data operator kernels configured to perform a data comparison operation, a ternary lookup table processor configured to perform a logic operation based upon a result of the data comparison operation, and a processed message arbiter. A method for filtering incoming messages is also disclosed.

A system generates vector representations of entries of traffic logs generated by a firewall. A first model learns contexts of values recorded in the logs during training, and the system extracts vector representations of the values from the trained model. For each log entry, vectors created for the corresponding values are combined to create a vector representing the entry. Cluster analysis of the vector representations can be performed to determine clusters of similar traffic and outliers indicative of potentially anomalous traffic. The system also generates a formal model representing firewall behavior which comprises formulas generated from the firewall rules. Proposed traffic scenarios not recorded in the logs can be evaluated based on the formulas to determine actions which the firewall would take in the scenarios. The combination of models which implement machine learning and formal techniques facilitates evaluation of both observed and hypothetical network traffic based on the firewall rules.

A method for detecting fraudulent transactions entering a payment environment, the method comprising: receiving packets of a transaction from a network; reconstructing and framing the packets into respective transaction messages; decoding each transaction message into its respective fields; correlating the respective transaction messages into an end-to-end model of the transaction; applying one or more predefined rules to the respective fields to determine whether the transaction is fraudulent; when the transaction is determined to be fraudulent, determining one or more specified fields of the respective fields to use to selectively block, deny, or rate limit the transaction; selecting a corresponding predefined rule from a server rule base; storing the predefined rule in a transaction firewall rule base; and, applying the predefined rule to the transaction to selectively block, deny, or rate limit the transaction based on content of the one or more specified fields in the transaction.

Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity's data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.