Systems and methods for recording information at a granular level; checking and verifying that data is used and processed is consistent with an entity's internal policies and/or external regulations; and producing reports to authorized users (e.g., individuals and organizations) with information are provided. The system and methods capture required data in an immutable fashion so that users outside of an entity (e.g., public, third parties) can check and audit that internal policies and other regulatory policies and frameworks are followed.

The disclosure relates generally to methods, systems, and apparatuses for managing network connections. An example method includes receiving one or more messages from a plurality of computing devices connected through a network, the one or more messages indicating actual connections among the plurality of computing devices. The example method further includes comparing, by one or more processors, the actual connections to a list of expected connections indicated by a connections master file that comprises connection information for the plurality of computing devices. The method further includes, responsive to detecting one or more differences between the list of expected connections and the actual connections, providing a notification indicating the one or more differences to a log file or a notification area of a user interface.

Techniques for mobile user identity and/or SIM-based IoT identity and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for mobile user identity and/or SIM-based IOT identity and application identity based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a subscriber identity for a new session; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the subscriber identity and the application identifier.

Techniques for selectively remediating vulnerabilities for assets of a computing system is disclosed. The vulnerability management system identifies “active” vulnerabilities associated with “active” computing assets that have been determined to be currently running, or to have been recently run, on the system using system call data. By limiting remediation to vulnerabilities associated with software packages of active computing assets, remediation/mediation efforts can be focused on vulnerabilities that may be currently exploited for the system. The list of active vulnerabilities identified for a system may be updated in real time based on continued monitoring of runtime operations of the system. Additional context metadata may be associated with the active vulnerabilities to allow for further prioritization of vulnerability management activities. Vulnerability management actions for particular active vulnerability may include updating a software package, adjusting a set of firewall rules, communicating with a client computing device, and displaying vulnerability information in a GUI.

A cyber safety system that provides a real-time and independent cyber-attack monitoring and automatic cyber-attack response. The cyber safety system comprises a cyber monitoring logic to generate a cyber attack signal in response to a cyber attack event. The cyber safety system further comprises an automatic segmentation controller to generate a plurality of segmentation voltage signals or a plurality of segmentation messages in response to the cyber attack signal. The cyber safety system further comprises a plurality of firewalls configured to invoke firewall rulesets depending upon an input voltage signal level of the plurality of segmentation voltage signals or the plurality of segmentation messages to segment a site network in a plurality of site network segments and to control one or more physical devices as response to the cyber attack event.

A device may receive an input associated with deploying a virtual firewall on a computing device. The device may determine a first set of characteristics associated with the virtual firewall and a second set of characteristics associated with a hypervisor associated with the computing device. The device may automatically tune the virtual firewall based on the first set of characteristics and the second set of characteristics. The device may deploy the virtual firewall after tuning the virtual firewall.

Detection of squatting domains is disclosed. A set of new fully qualified domain names (FQDNs) is received. The set of new FQDNs is analyzed to detect domain squatting by identifying a subset of the new FQDNs as candidate squatting domains. The candidate squatting domains are distributed to a security device/service.

A system and method of securing a computing device with a remote computer security service includes: identifying a computing device that is subscribed to a remote computer security service, wherein the computing device comprises an anti-authentication application instance provided by the remote computer security service based on the subscription; identifying an occurrence of an anti-authentication action involving the computing device based on anti-authentication policy set to a subscriber anti-authentication account with the remote computer security service for the computing device; responsively to the anti-authentication action, automatically performing by the remote security service or the anti-authentication application instance one or more anti-authentication protective services by protectively altering the computing device based on the anti-authentication policy, wherein the computing device is altered to a protected state from a normal state based on the performance of the one or more anti-authentication protective services.

A computer-implemented method, computer program product and computing system for: obtaining hardware performance information concerning hardware deployed within a computing platform; obtaining platform performance information concerning the operation of the computing platform; obtaining application performance information concerning one or more applications deployed within the computing platform; and generating a holistic platform report concerning the computing platform based, at least in part, upon the hardware performance information, the platform performance information and the application performance information.

Described embodiments provide systems and methods for selecting one or more firewall rules to apply to a server based at least on identifying a service of the server. A device intermediary to a plurality of clients and a serve may identify a pattern of a firewall to apply to a response from the server to a request from a client of the plurality of clients. The pattern may be to identify a service configured on the server. The device may determine that the response from the server matches the pattern. The device may identify, responsive to the response matching the pattern, that the service is configured on the server. The device may select, based at least on the service, one or more rules for the firewall to apply to responses from the server.