In one embodiment, a method includes generating, by a pod deployment tool, a security context profile, associating, by the pod deployment tool, the security context profile with a deployment rule, and associating, by the pod deployment tool, a vulnerability level with the deployment rule. The method also includes identifying, by the pod deployment tool, pod policies associated with a pod located within a cluster of a network and analyzing, by the pod deployment tool, conditions of the deployment rule using the pod policies. The conditions may be associated with the security context profile and the vulnerability level. The method further includes determining, by the pod deployment tool, whether to allow deployment of the pod within the network in response to analyzing the conditions of the deployment rule.

A packet processing method includes receiving, by a forwarding plane device, a first packet transmitted by a user, where an identity of the user is comprised in the first packet, and a forwarding table is comprised in the forwarding plane device, determining, by the forwarding plane device, an identity of a service according to a corresponding relationship between the identity of the user and the identity of the service as well as the identity of the user in the first packet, generating, by the forwarding plane device, a second packet by encapsulating the first packet with the identity of the service, and transmitting the second packet to a network device to enable the network device to manage the service according to the identity of the service in the second packet.

Systems and methods for providing capture, archival, and analysis of data sent by mobile devices over a carrier network, with the systems and methods not requiring the installation of any additional software on the mobile devices, the systems and methods also providing for alerts to be generated based on the content of the data.

A method used in an on-board network system, having electronic controllers that exchange messages and a fraud-detecting electronic controller. The method includes receiving an inquiry for a vehicle status indicating whether a vehicle in which the fraud-detecting electronic controller is installed is running from an external device, transmitting the vehicle status to the external device, and determining whether a message transmitted conforms to fraud detection rules. The method also includes receiving from the external device the delivery data, including updated fraud detection rules and network type information indicating a network type that the updated fraud detection rules are to be applied The method further includes determining whether the vehicle is running, and whether the network type information indicates a drive network that is connected to an electronic controller related to travel of the vehicle. When the network type information does not indicate the drive network, updating the fraud detection rules.

Some embodiments provide a method for detecting a threat to a datacenter. The method receives a set of connections between a set of DCNs in the datacenter over a particular time period. The set of DCNs includes at least a first DCN at which a first anomalous event was detected. The method analyzes a set of detected anomalous events to identify additional anomalous events detected at other DCNs in the set of DCNs during the particular time period. Based on the first anomalous event and identified additional anomalous events, the method determines whether the anomalous events indicate a threat to the datacenter.

Embodiments of the present invention provide a packet processing method, a forwarding plane device and a network device, the method includes: receiving, by a forwarding plane device, a first packet transmitted by a user, where an identity of the user is comprised in the first packet, and a forwarding table is comprised in the forwarding plane device; determining, by the forwarding plane device, an identity of a service according to a corresponding relationship between the identity of the user and the identity of the service as well as the identity of the user in the first packet; generating, by the forwarding plane device, a second packet by encapsulating the first packet with the identity of the service; and transmitting the second packet to a network device, to enable the network device to manage the service according to the identity of the service in the second packet.

Management of IoT devices through a private cloud. An IoT device is coupled to a gateway. A request from the IoT device to connect to a private cloud, wherein the private cloud is used to manage IoT devices, is received at a private cloud control center agent. An identification of the IoT device is determined. The IoT device is onboarded, using the identification, for management through the private cloud. A device profile of the IoT device is generated. The flow of data to and from the IoT device is regulated through application of IoT rules according to the device profile of the IoT device.

Some embodiments of the invention provide a novel method for performing firewall operations on a computer. The method of some embodiments instantiates first and second firewall processes on the computer. These two processes are two separate processes, which in some embodiments have separate memory allocations in the memory system of the computer. The method uses the first firewall process to examine a data message to determine whether an encryption based firewall policy (e.g., a TLS-based firewall policy) has to be enforced on the data message. Based on a determination that the encryption-based firewall policy has to be enforced on the data message, the method provides metadata, which is produced by the first firewall process in its examination of the data message, to the second firewall process. The second firewall process then uses the provided metadata to perform an encryption-based firewall operation based on the encryption-based firewall policy. In some embodiments, the data message is encrypted, the first firewall process cannot decrypt the data message, and the second firewall process performs a decryption operation (e.g., a TLS-based decryption operation) to decrypt the data message.

A method by a service worker firewall middleware component is disclosed. The method includes causing a service worker firewall associated with a web site to be installed on a web browser, obtaining one or more rules in response to receiving a request from the service worker firewall for rules to be applied by the service worker firewall, sending a response to the service worker firewall, wherein the response includes the one or more rules, a digital signature for the one or more rules, and an indication of when the digital signature expires, wherein the digital signature is generated using a private key associated with the website, and receiving a rules violation report from the service worker firewall, wherein the rules violation report was generated as a result of the service worker firewall applying the one or more rules to cross-origin requests.

In general, embodiments described herein relate to methods and systems for automating the configuration of network devices. More specifically, embodiments of the invention relate to using configuration commands that specify protocol-specified relationships in order to generate granular (or specific) filtering rules (also referred to as rules). The rules are subsequently programmed into the network device.