A method at a network element for monitoring user plane traffic for a user equipment, the method including configuring a set of characteristics and a range of values for each of the set of characteristics for user plane traffic between the user equipment and the network element; monitoring user plane traffic for the user equipment at the network element, the monitoring determining whether at least one characteristic of the user plane traffic falls outside of the configured range of a values, resulting in a characteristic violation; and if the at least one characteristic of the user plane traffic falls outside the configured range of a values, performing an action resulting from the characteristic violation.

Described herein are systems and methods for predicting a metric value for an entity associated with a query node in a graph that represents a network. In embodiments, using a user's profile as the query node, a metric about that user may be estimated based, at least in part, as a function of how well connected the query node is to a whitelist of “good” users/nodes in the network, a blacklist of “bad” users/nodes in the network, or both. In embodiments, one or more nodes or edges may be weighted when determining a final score for the query node. In embodiments, the final score regarding the metric may be used to take one or more actions relative to the query node, including accepting it into a network, allowing or rejecting a transaction, assigning a classification to the node, using the final score to compute another estimate for a node, etc.

Described herein are systems and methods for predicting a metric value for an entity associated with a query node in a graph that represents a network. In embodiments, using a user's profile as the query node, a metric about that user may be estimated based, at least in part, as a function of how well connected the query node is to a whitelist of “good” users/nodes in the network, a blacklist of “bad” users/nodes in the network, or both. In embodiments, one or more nodes or edges may be weighted when determining a final score for the query node. In embodiments, the final score regarding the metric may be used to take one or more actions relative to the query node, including accepting it into a network, allowing or rejecting a transaction, assigning a classification to the node, using the final score to compute another estimate for a node, etc.

A network controller can register WAN edge routers and WAN optimizers distributed across a WAN. The controller can receive a request to establish a WAN optimized connection between first and second hosts. The controller can identify a first WAN optimizer to perform first services (e.g., de-duplication, compression, application acceleration, caching, etc.) for first traffic from the first host to the second host and first complementary services for second traffic from the second host to the first host, and a second WAN optimizer for the second traffic and second complementary services for the first traffic. The controller can establish the optimized connection comprising a first path including the first host, WAN optimizer, and router; a second path including the first router and a second router, and a third path including the second router, WAN optimizer, and host. The controller can route the first and second traffic through the optimized connection.

A method of separating identity IPs for identification of applications from the locator IPs for identifying the route is provided. A virtual service layer (VSL) protocol stack uses the IP addresses assigned by network administrators to the application endpoints to support the TCP/IP stack as the identity IP addresses that are not published to the underlay network for routing. On the other hand, the VSL stack uses the IP addresses assigned by the underlay network to the VSL enabled endpoints and VSL enabled routers as the locator IP addresses for routing packets. The VSL stack formats application flow packets with identity headers as identity packet and encapsulates identity packet with the locator header to route the packet. The separation of the identity and locator identifications are used to eliminate the network middleboxes and provide firewall, load balancing, connectivity, SD-WAN, and WAN-optimization, as a part of the communication protocol.

Disclosed herein are system, method, and computer program product embodiments for deploying and configuring telecommunication middleware using a no-code integration and automation platform that implements middleware patterns as a set of event-driven Functions-as-a-Service. The platform offers low-latency, high-performance middleware capabilities co-located with applications, provides for a consistent developer experience, facilitates interoperability across nodes, and enables centralized and automated lifecycle management. Additional technical benefits over legacy systems in this resource-efficient, edge-optimized, green-tech platform include: improved performance, composable building blocks, reduced costs, cloud-native deployment, cloud network functions virtualization, rationalized tooling, and unified management. The breadth, depth, and inherent complexity of various use cases showcases the richness of the disclosed abstraction and automation.

Systems and methods of monitoring and detecting suspicious activity in a virtual environment are provided. In one exemplary embodiment, a method performed by a first network node of monitoring and detecting suspicious activity in a virtual environment comprises sending, to a second network node that operates a virtual environment, an indication that user activity performed in the virtual environment that is associated with a certain user profile of a plurality of user profiles of the virtual environment is suspicious activity. Further, the user activity performed in the virtual environment that is associated with the certain user profile is enabled by a third network node. In addition, the suspicious activity is determined based on a relationship between the user activity performed in the virtual environment that is associated with the certain user profile and other user profiles, or an attribute of the certain user profile or the third network node.

Described embodiments provide systems and methods for generating firewall configuration profiles for firewalls. An intermediary device may modify a request from a client to access the server to include a payload provided by the device. The payload may include an action type selected from a plurality of action types used to probe the server for a corresponding security vulnerability of a plurality of security vulnerabilities. The device may transmit, to the server, the request including the payload to cause the server to provide a response to the device. The device may determine that the server is susceptible to a security vulnerability of the plurality of security vulnerabilities corresponding to the action type based at least on the response. The device may generate a configuration profile for the firewall to restrict requests of the action type to access the server from clients.

Techniques for associating manufacturer usage description (MUD) security profiles for Internet-of-Things (IoT) device(s) with secure access service edge (SASE) solutions, providing for automated and scalable integration of IoT devices with SASE frameworks. A MUD controller may utilize a MUD uniform resource identifier (URI) emitted by an IoT device to fetch an associated MUD file from a MUD file server associated with a manufacturer of the IoT device. The MUD controller may determine that a security recommendation included in the MUD file is to be implemented by a cloud-based security service provided by the SASE service and cause the IoT device to establish a connection with a secure internet gateway associated with the cloud-based security service. Additionally, or alternatively, the MUD file may include SASE extensions indicating manufacturer recommended cloud-based security services. Further, cloud-based security services may be implemented if local services are unavailable.

A method for automatically managing a platform firewall using a network function (NF) repository function (NRF) or service communications proxy (SCP) includes receiving message relating to registering, updating or deregistering an NF profile in an NF profiles database separate from a platform firewall. The method further includes determining that the registering, updating, or deregistering of the NF profile requires a change to a firewall rules configuration of the platform firewall. The method further includes, in response to determining that the registering, updating, or deregistering of the NF profile requires a change to the firewall rules configuration of the platform firewall, automatically updating, by the NRF or SCP, the firewall rules configuration of the platform firewall.