Described embodiments provide systems and methods for rewriting an URL in a message transmitted via a clientless SSL VPN session. An intermediary device may identify, in a HTTP response transmitted via the session, an absolute URL that includes a hostname of the server. The device may determine that the absolute URL includes an intranet domain name. The device may generate, responsive to the determination, a URL segment by combining a unique string corresponding to the hostname of the server, with a hostname of the device. The device may rewrite, responsive to the determination, the absolute URL by replacing the server hostname in the absolute URL with the generated URL segment. A DNS server for the client may be configured with a DNS entry comprising a wildcard combined with the device hostname, to cause the DNS server to resolve the rewritten absolute URL to an IP address of the device.

An information leakage detection method and a device using the same are disclosed. The method includes the following steps. Network connection data of an electronic device is obtained. Log data related to a (domain name system) DNS is extracted from the network connection data. A DNS request in the log data is analyzed to obtain multiple character distribution feature values according to an analysis result. The character distribution feature values reflect a character distribution status of a domain name in the DNS request under different classification rules. A machine learning model determines whether the DNS request is a malicious DNS request according to the character distribution feature values, and the malicious DNS request is used to carry leaked data to a remote host.

Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity's data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.

In one embodiment, a service computes a plurality of features of a subdomain for which a Domain Name System (DNS) query was issued. The service aggregates the plurality of computed features into a feature vector. The service uses the feature vector as input to a machine learning classifier, to determine whether the subdomain is a DNS tunneling domain name. The service provides an indication that the subdomain is a DNS tunneling domain name, when the machine learning classifier determines that the subdomain is a DNS tunneling domain name.

A system for authentication having an authentication protocol to communicate with the hardware device, the authentication protocol having an encryption function having a hardware key and a software key, a private and a public key pair, the key pair generated from the hardware key and the software key, used to encrypt the communication between the server and the client, an identity authentication service to assign a user of the hardware device to an identity string, and creates a unique user email address based on the identity string and an authentic email server domain, and a target service having a user identity data and comparing the user identity data to the email string, and if the user identity data and the email string match, then the target service accepts the unique user email address to send a service event communication to the hardware device.

Systems, methods and devices are provided for registering DNS hostnames of Internet host devices for very large domain zones (VLZ) stored on a DNS server on a network, including setting a pseudo-zone as the VLZ, intercepting DNS updates to the pseudo-zone, mapping the entries in the pseudo-zone into a hierarchy of real parent zones and sub-zones using a mapping formula, and translating DNS updates to the pseudo-zone from an original fully qualified domain name (FQDN) into a at least one new FQDNs and adding the at least one new FQDNs to an authoritative DNS Server.

The present disclosure relates to determining the shareability of values of node profiles. Record objects and electronic activities of a system of record corresponding to a data source provider may be accessed. Each record object may correspond to a record object type and have one or more object field-value pairs. Node profiles may be maintained. Values of fields corresponding to a predetermined type of field including fewer than a predetermined threshold number of data source providers may be identified. A restriction tag used to restrict populating other node profiles may be generated. Provision of the value with a second data source provider may be restricted.

The disclosure relates to a 5G or 6G communication system for supporting a higher data transmission rate. Disclosed is a method for binding or unbinding a functional alias with at least one mission critical services (MCX) group in an MCX network, including creating or updating, by an MCX server, an association of a functional alias with the at least one MCX group when the SIP message request is received to create binding of the functional alias with at least one MCX group, or disassociating by the MCX server an association of the functional alias with the at least one MCX group when the SIP message request is received to remove the binding of the functional alias with the at least one MCX group, and sending, by the MCX server, an SIP message response to MCX client device confirming whether the creation or removal of binding of the functional alias with the at least one MCX group is successful or unsuccessful.

Systems and methods are described for communications between computing devices via a stateless high-volume network address translation (“NAT”) service. The stateless high-volume NAT service manages high volumes of connections between networks by encoding at least part of the information needed to manage a connection in an encoded IPv6 address, which is then used by a NAT device or application as its sending address when relaying data from a source to a destination. The encoded IPv6 address may contain information such as the IPv4 address of the source, the IPv4 address of the destination, the protocol used to communicate, the source and destination ports, and the like. When the destination sends a response to the encoded IPv6 address, the NAT device decodes the IPv6 address to obtain the encoded information, and then uses that information to deliver the response to the source.

A tenant management system includes an application management portion and a tenant management portion. The application management portion terminates a request from a user at a tenant specific application that is an application prepared for a tenant in a solution that is built on a public cloud. The tenant management portion manages a subdomain as identification information of the tenant. Upon receiving, from the user, a query including FQDN of a server name of the tenant, the tenant management portion calls the tenant specific application for the tenant that is identified by the subdomain in the FQDN.