Systems, methods, and computer-readable media are provided for generating a unique ID for a sensor in a network. Once the sensor is installed on a component of the network, the sensor can send attributes of the sensor to a control server of the network. The attributes of the sensor can include at least one unique identifier of the sensor or the host component of the sensor. The control server can determine a hash value using a one-way hash function and a secret key, send the hash value to the sensor, and designate the hash value as a sensor ID of the sensor. In response to receiving the sensor ID, the sensor can incorporate the sensor ID in subsequent communication messages. Other components of the network can verify the validity of the sensor using a hash of the at least one unique identifier of the sensor and the secret key.

A system and a method of obtaining a location of a document on a computer network based on a document property. The method may include: receiving at least one basic marker and an encoding function associated with the document property; generating a search term according to the encoding function, based on the at least one basic marker; providing the search term to at least one search engine and obtaining therefrom one or more search results corresponding, where each search result may include one or more references to locations of documents on the computer network; discovering at least one document having the document property from the one or more search results and obtaining a discovered location of the document on the computer network; and performing at least one rule-based action, according to at least one document property of the discovered document.

Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance and providing visual representations of the data to a user. Some embodiments provide a visual representation of the collected data that allows a user to select a set of machines and flows and initiate recommendation generation based on the selected machines and flows. The recommendation generation, in some embodiments, includes identifying flows for which rules have not been defined and filtering the identified rules to remove flows for which rules should not be defined. Some embodiments use the identified rues to identify services and groups associated with the rules and generate recommendations for rules, groups and services based on the identified flows, groups and services. The recommendations, in some embodiments, are implemented as a single PATCH API.

Systems, methods, and related technologies for classification are described. Network traffic from a network may be accessed and an entity may be selected. One or more values associated with one or more properties associated with the entity may be determined. The one or more values may be accessed from the network traffic. A first model associated with a first level of granularity is accessed. A first classification result of the entity based on the first model is determined by a processing device. A second model associated with a second level of granularity is accessed. The second level of granularity is higher than the first level of granularity and the second model is accessed based on the first classification result. A second classification result of the entity based on the second model is determined. At least one of the first classification result or the second classification result is stored.

The embodiments herein describe a firewall for a media production system to provide flexible security between an on-premises production environment and remote media production applications and devices (e.g., cloud-based virtual production environments). As new media devices and applications (referred to generally as media nodes) are added at remote locations, the firewall is updated to permit the media nodes to communicate with the on-premises production environment. The embodiments herein described an automatic (e.g., software driven) process where a network orchestrator can detect a change in the media nodes and update the rule set in the firewall accordingly.

Methods, systems, and computer storage media for providing a local protocol server associated with a secure networking engine that provides client-side forwarding in a secure networking system. The local protocol server (e.g., local TCP/UDP server)—on a client device—operates based on client-side forwarding operations that include: IP assignment, operating system (OS) routing, destination network address translation, and original destination retrieval to support accessing a network resource (e.g., socket connection) on the client device and support communications between client applications on the client device and the local protocol server on the same client device. In this way, the local protocol server supports communications of a diverse set of data traffic or network traffic (e.g., different types of cross-platform communications), where the diverse set of network traffic is initially communicated from a client application and processed for network security operations at the local protocol sever of within the same client device.

Specific connection request is refused responsive to a match on the MAC ban list. If not on the MAC ban list, and a station has MAC randomization enabled, the specific connection requests is also checked against the hostname ban list, wherein the specific connection request is refused responsive to a match on the hostname ban list. The specific new connection request is allowed to proceed responsive to not matching the MAC ban list and not matching the hostname ban list.

Described herein are systems, methods, and software to enhance firewall implementation for virtual machines. In one implementation, a method of managing firewall rules for a virtual machine includes identifying, in the virtual machine, an attach process for one or more applications to the virtual machine. The method further includes, identifying one or more firewall rules that correspond to the one or more applications and providing the one or more firewall rules to networking manager for the virtual machine.

A firewall service for a cloud computing environment is described that uses an application identifier-based ruleset to process data packets. An application identifier-based rule may provide an action to be taken on a received packet based on the source application identifier, the destination application identifier, and/or an identification token associated with the source application. A firewall controller may verify applications of the computing environment, provide unique application identifiers, and manage the application identifier rules for one or more firewalls of the computing environments.

In accordance with an embodiment, described herein is a system and method for autonomous firewall rule management, for use with cloud computing environments or other types of network environments. A firewall rule management automation framework provides rule management for firewalls deployed across availability domains. The system is adapted to automatically determine firewalls that can receive network traffic from a given source subnet or destination subnet; configure the firewalls with required firewall rules; monitor the firewall rules through collection of metrics snapshots and rule hit counts; and purge underused or potentially obsolete firewall rules, for example those having zero hits over a particular period of time or number of snapshots. The system provide generic support for different types of firewall devices, and autonomous management of firewall rules within large heterogeneous computer networks that may include several types of firewalls.