To prevent un-authorized accesses to data and resources available in workloads on an organization's or enterprise's computer network, various improvements to automated computer network security processes to enable them to enforce network security policies using native network security mechanisms to control communications to and/or from workload units of applications running on different nodes within hybrid computer network infrastructures having both traditional hardware resources and virtual resources provided by private and public cloud infrastructure services.

A system manages usage of a network-enabled user device. A policy storage is separately located relative to the user device and stores usage policy sets. Each policy set comprises policies defining usage permissions/restrictions applicable to the user device. The system associates a first user with a first time period and a second user with a second time period, each time period exclusive of other time periods. The first user selects/modifies a first policy set for applying during the first time period, and the second user selects/modifies a second policy set for applying during the second time period. The first user cannot select/modify any policy set applicable during the second time period, and the second user cannot select/modify any policy set applicable during the first time period. A usage request from the user device is allowed/denied based on the policy set to be applied when the usage request is made.

A packet processing method and apparatus, and a related device, the method including generating, by a first device, a flow filtering rule, where the flow filtering rule includes a match item and an action item, and where the match item comprises an Internet Protocol (IP) address and an autonomous domain identifier, and sending, by the first device, the flow filtering rule to a second device, where the action item is used to instruct the second device to process, based on a packet processing mode indicated by the action item, a packet matching the match item.

Systems and methods for recording information at a granular level; checking and verifying that data is used and processed is consistent with an entity’s internal policies and/or external regulations; and producing reports to authorized users (e.g., individuals and organizations) with information are provided. The system and methods capture required data in an immutable fashion so that users outside of an entity (e.g., public, third parties) can check and audit that internal policies and other regulatory policies and frameworks are followed.

A communication system and a communication method for one-way transmission are provided. The communication method includes: transmitting a filtering rule to a programmable logic device by a server; receiving a signal and obtaining data from the signal by the server; packing the data to generate at least one data packet by the server; transmitting the at least one data packet to the programmable logic device by the server; and determining, according to the filtering rule, whether to output the at least one data packet by the programmable logic device.

A system and method for firewall policy control in a system comprising endpoints, including functionality for isolating network elements on endpoints under management. An endpoint management agent cooperates with a remote management service to carry out policy management and synchronization, implement isolation mode when required, and perform related supporting tasks.

An air-gap device for isolating mobility systems when a vehicle is in motion may include a housing. The housing may include various input ports and various output ports. The various input ports may include connections to a secure gateway. The various output ports may include connections to one or more mobility Electronic Control Units (ECUs). The air-gap device may include at least one pair of terminal contacts. The at least one pair of terminal contacts may include a first terminal contact and a second terminal contact. The air-gap device may include an air gap embedded in the housing. The air gap may be open when the first terminal is not in contact with the second terminal contact. The air-gap device may be instructed to open the air gap when the vehicle is determined to be in motion or about to be in motion.

Secure communication between users and resources of an electrical infrastructure and associated systems and methods. A representative secure distributed energy resource (DER) communication system provides for the creation of trust rules that govern the permitted communications between users and resources of an electrical infrastructure system, and the enforcement of the trust rules.

A specific container is spawned by a docker module responsive to Kebernetes control instruction. Network connectivity is provided for the specific container to a data communication network through a networking bridge and a security policy is configured. After configuration, inbound or outbound data packets concerning the specific container are received and forwarded to a security policy KVM for scanning against security policies. Those that pass security scanning are forwarded to containers and external destinations.

A low number of available IP addresses is detected in an IP pool that available for lease from the DHCP server. A neighbor table from a gateway device behind a firewall that blocks ICMP echo requests from the DHCP server. The gateway device is triggered to broadcast an ARP request to network devices of the neighbor table behind the firewall to determine whether a specific IP address is in use. Responsive to an ARP response not being received, the control module releasing a lease for the specific IP thereby returning to the IP pool available for lease in the DHCP server.