A computer system for controlling access to digital data and algorithms, including a multitude of local systems provided at a plurality of remote locations. At least a first subset of the multitude of local systems comprises at least one data acquisition device adapted to generate and provide raw digital data. At least a second subset of the multitude of local systems comprises at least one data processing unit having a memory with a memory capacity and a processor with a computing capacity to process raw digital data to generate processed digital data to be presented to one or more of a plurality of users of the system. The system also includes a filter system, wherein at least one filter is assigned at each local system, each filter having a filter setting for restricting and prohibiting data transfer between the assigned local system and other local systems.

A remote network management platform may include persistent storage containing: (i) data related to a managed network, and (ii) a persona of a user. The remote network management platform may also include a platform application associated with a web-based user interface and using a portion of the data. The remote network management platform may also include a recommendation engine with access to a set of rules or a machine learning (ML) model corresponding to the platform application. The recommendation engine may be configured to: (i) read, from the persistent storage, the portion of the data and the persona; (ii) apply, to the portion of the data and the persona, the set of rules or the ML model to generate one or more recommendations; and (iii) transmit, by way of the web-based user interface and to the user, representations of the one or more recommendations.

A network computer system provides logic to cause a client compute device to perform operations in connection with the client compute device rendering a publisher's webpage. The operations performed by the client compute device include retrieving rules from a collection of rules, each rule of the collection being associated with at least one of a plurality of third-party digital content identifiers, each third-party digital content identifier uniquely identifying a corresponding third-party digital content; detection of execution of a third-party tag on the client compute device, including identifying a digital content identifier that is utilized in execution of the third-party tag; matching the digital content identifier of the executing third-party tag to one of the retrieved rules; and implementing a security or compliance operation with respect to the third-party tag based at least in part on the matched rule.

A system and method for true peer-to-peer automatic teller machine transactions using mobile device payment systems, where a user may receive physical cash in exchange for digital currency from another user, without either one of them having to have a merchant account or a credit/debit card clearing system through a payment processor, comprising a smartphone with an associate peer-to-peer ATM application, blockchain datastore, GPS satellite, cellular tower, and smart wallet application.

A system, method, and media for providing web-based security to a workflow process is presented. Data may be processed in a web-based workflow management system. The system may detect the transfer of high-level security data through the workflow. Upon detection of the data transfers the system may request review and approval in the form of a biometric input from an approved user to allow the data to be transferred.

In one example, a method comprises receiving, by a computing device, configuration data defining: an external virtual domain for a network function, the external virtual domain connected to a public network and managed by a provider for the computing device; a virtual domain for the network function, the virtual domain separate from the external virtual domain, configured with a secure tunnel interface, connected to a customer network, and managed by a customer of the provider for the computing device; forwarding, by the external virtual domain implementing a route-based virtual private network, encrypted network traffic, received from the public network via a secure tunnel, to the secure tunnel interface configured in the virtual domain; decrypting, by the virtual domain, the encrypted network traffic to generate network traffic; and forwarding, by the virtual domain, the network traffic to the customer network.

Embodiments of the present disclosure relate to a method, apparatus, and computer readable medium for providing a security service for a data center. According to the method, a packet terminating at or originating from the data center is received. At least one label is determined for the packet, each label indicating a security requirement for the packet. Based on the at least one label, a security service chain is selected for the packet, the security service chain including an ordered set of security functions deployed in the data center and to be applied to the packet. The packet is transmitted to the selected security service chain in association with the at least one label, the packet being processed by the ordered set of security functions in the security service chain.

A computer-implemented method and device for analyzing network packet traffic flow affected by a network security device in a communication network. Received in a network monitoring device is packet traffic flow data from a network security device that filters network traffic based upon prescribed security filter settings. The network monitoring device analyzes the received packet traffic flow data by correlating the received traffic flow data with the security filter settings prescribed in the network security device. Certain statistics are identified regarding the network traffic flow affected by the security filter settings of the network security device based upon the correlating of the received traffic flow data with the security filter settings prescribed in the network security device. A report regarding the identified statistics is preferably sent to a network administrator.

A computer-implemented method of managing computer vulnerabilities is disclosed. The method comprises detecting one or more processes running on a particular computing system during a particular period of time including now; and determining a set of active vulnerabilities that are associated with the one or more processes from a plurality of vulnerabilities. The method also comprises determining, for each vulnerability of the set of active vulnerabilities, context metadata related to a process or an application associated with the vulnerability, including how often the application has been executed, for how long the process has run, or when in the particular period of time the process was, is, or will be running. The method further comprises ranking the set of active vulnerabilities based on the context metadata for each active vulnerability to obtain a ranked order; and transmitting information related to the ranking to a device.

A system and a method are for securing a protected host. A secure channel server receives a plurality of first packets transmitted over a first network, and analyzes the plurality of first packets to obtain an analysis information. The plurality of first packets include a plurality of encrypted second packets encrypted by a terminal data processing apparatus with a certificate issued by the secure channel server. The plurality of encrypted second packets relate to an application process executed by the terminal data processing apparatus and judged as a secure process. The plurality of first packets are selectively decrypted with the certificate according to the analysis information into a plurality of decrypted first packets. The secure channel server redirects, according to a selected redirection rule, the decrypted first packets or the first packets selectively via a second network to the protected host.