A method, a system, and a non-transitory computer readable medium are disclosed for a voice based application blocker. The method includes receiving, on a gateway, a text message from a mobile device; tokenizing, on a processor of the gateway, the text message into at least a user and a purpose, the purpose being denying or granting access of the user to one or more applications from the gateway; and creating, on a firewall of the gateway, blocking rules for the user to the one or more applications from the gateway.

In one aspect, a method for defining a group-based policy for access to computing resources by an application/container or a group of application/container, includes the step of with a credential server: specifying a computing resource; specifying a group name and a strong cryptographic identity associated with the group name. The method includes the step of specifying a policy for an application/container belonging to a specific group to access the set of resources belonging to another group. The method includes the step of with a handler process: reading a list of subnets for which authentication is to be enforced. The method includes the step of processing an initiate authentication request with an initiator of a new network connection or initiating a new authentication request with the initiator of the network connection. Upon successful authentication, extracting the group identity of the remote application, checking the group security policy for permitting access, and based on the rule permitting or denying access.

Methods and systems are presented for detecting and dynamically rate limiting unauthorized attempts to obtain user account information from an online service provider. An online system is configured with a request rate limit and a list of user identifiers associated with accounts at risk of being compromised. The system receives requests, each associated with a user identifier, from one or more devices. The system determines what amount of user identifiers associated with the requests match user identifiers on the list over a period of time. If the amount meets or exceeds a threshold, the system reduces the request rate limit for devices that made a request associated with user identifiers matching those on the list.

Methods, systems, and computer-readable media for customized domain name resolution for virtual private clouds are disclosed. A domain name system (DNS) resolution service receives a DNS request from a computing resource associated with a virtual private cloud (VPC) in a cloud provider network. The service determines that the VPC is associated with one or more firewall rules. Responsive to determining that the VPC is associated with the firewall rule(s), the service determines whether the DNS request is allowed or blocked according to the one or more firewall rules. If the DNS request is allowed, the service resolves the DNS request using a DNS server and returns a response to the computing resource. If the DNS request is blocked, the service does not resolve the DNS request.

In general, embodiments described herein relate to methods and systems for automating the configuration of network devices. More specifically, embodiments of the invention relate to using configuration commands that specify protocol-specified relationships in order to generate granular (or specific) filtering rules (also referred to as rules). The rules are subsequently programmed into the network device.

A network security system provides portals which enable automatic creation of a dynamic one-time port forwarding rule for an authorized user's current IP address following two factor authentication of the authorized user. Such a dynamic one-time port forwarding rule is utilized to set up a connection, at which point the dynamic one-time port forwarding rule is removed, preventing any attacker from subsequently taking advantage of it. Such a methodology is advantageous as compared to conventional port forwarding in that it is much more secure. Such a methodology is advantageous as compared to traditional port forwarding with access control both in that a user does not always have to utilize the same device with a static IP address, and in that the port forwarding rule representing or exposing a potential vulnerability is deleted after a connection is established.

Techniques for providing more efficient onboarding traffic protocols in a standalone non-public network architecture are provided. A network entity includes processing circuitry and at least one memory including computer program code. The at least one memory and the computer program code configured to, with the processing circuitry, cause the network entity at least to generate one or more traffic filter rules for a traffic filter set. The one or more traffic filter rules or traffic detection rules are generated based at least in part on domain name service query response information related to one or more user device originated domain name service queries. The network entity may further be configured to cause a user plane function to be provided with the one or more traffic filter rules.

A method performed by a server node for handling access control of a request to access information from a first user is provided. Based on a group identity, the server node establishes that a first UE uses a DA that is shared. The server node decides whether the first user of the first UE is enforced to access control to get access to the requested information, based on the type of information requested, the voice profile identity and that the DA for providing the voice message is shared.

System and method of detecting malicious interactions in a computer network, the method including generating, by a processor, at least one decoy segment, broadcasting, by the processor, the generated at least one decoy segment in a public database, monitoring, by the processor, communication within the computer network to identify interactions associated with the generated at least one decoy segment, determining, by the processor, at least one indicator of compromise (IOC) for the identified interactions, and blocking communication between the computer network and any computer associated with the determined at least one IOC.

A computer-implemented method, computer program product and computing system for: obtaining consolidated platform information for a computing platform to identify one or more deployed security-relevant subsystems; processing the consolidated platform information to identify one or more non-deployed security-relevant subsystems; generating a list of ranked & recommended security-relevant subsystems that ranks the one or more non-deployed security-relevant subsystems; and providing the list of ranked & recommended security-relevant subsystems to a third-party.