Endpoints in a network execute a sensor module that intercepts commands. The sensor module compares a source of commands to a sanctioned list of applications received from a management server. If the source does not match a sanctioned application the command is ignored and a simulated acknowledgment is sent or, deception data is returned instead. In some embodiments, certain data is protected such that commands will be ignored or modified to refer to deception data where the source is not a sanctioned application. The source may be verified to be a sanctioned application by evaluating a certificate, hash, or path of the source. Responses from an active directory server may be intercepted and modified to reference a decoy server when not addressed to a sanctioned application. Requests to view network resources may be responded to with references to a decoy server.

Endpoints in a network execute a sensor module that intercepts commands. The sensor module compares a source of commands to a sanctioned list of applications received from a management server. If the source does not match a sanctioned application the command is ignored and a simulated acknowledgment is sent or, deception data is returned instead. In some embodiments, certain data is protected such that commands will be ignored or modified to refer to deception data where the source is not a sanctioned application. The source may be verified to be a sanctioned application by evaluating a certificate, hash, or path of the source. Responses from an active directory server may be intercepted and modified to reference a decoy server when not addressed to a sanctioned application. Requests to view network resources may be responded to with references to a decoy server.

A system for managing network connected devices, comprising at least one hardware processor adapted to produce a plurality of unique device descriptors, each describing one of a plurality of network connected devices, by: for each of a plurality of device descriptors, each having a plurality of supported actions, and one or more domain device identifiers, each identifier associating the device descriptor with one of a plurality of management domains: for each of the plurality of management domains not associated with the device descriptor: instructing execution on a network connected device described by the device descriptor a domain identification query according to the descriptor's plurality of supported actions, to determine a new domain device identifier; identifying in the plurality of device descriptors a second device descriptor having a domain device identifier equal to the new domain device identifier; and merging the device descriptor with the second device descriptor.

In one particular example, a data communications system addresses changes in server load and/or connection latency in connection with data communication services provided through DNS master and slave servers. The system provides dynamic information routing, via a set of DNS master servers being in a multi-master configuration and including a first master DNS server and a second master DNS server, and consistency of DNS records is established between the master servers. Subsequently, the first DNS master server enters into an isolation mode in which updates are not communicated via the network. A set of isolation rules, which indicate how DNS records are to be updated in a communications network, are accessed and used in response to the network connections becoming reliable and the first master server updates the DNS records according to the rules, thereby establishing consistency between the first and the second DNS master servers.

In one particular example, a data communications system addresses changes in server load and/or connection latency in connection with data communication services provided through DNS master and slave servers. The system provides dynamic information routing, via a set of DNS master servers being in a multi-master configuration and including a first master DNS server and a second master DNS server, and consistency of DNS records is established between the master servers. Subsequently, the first DNS master server enters into an isolation mode in which updates are not communicated via the network. A set of isolation rules, which indicate how DNS records are to be updated in a communications network, are accessed and used in response to the network connections becoming reliable and the first master server updates the DNS records according to the rules, thereby establishing consistency between the first and the second DNS master servers.

Systems and methods for cloud federated token just in time authorization are disclosed. A method may include: (1) receiving, by a cloud authentication services computer program, authenticating information for a user from an active directory federation service computer program; (2) querying, by the cloud authentication services computer program, a plurality of backend services to validate the authenticating information; (3) communicating, by the cloud authentication services computer program, validation to the active directory federation service computer program, wherein the active directory federation service computer program is configured to generate a security token comprising one or more assertion, wherein the assertion comprises a limit on a session with the user at a cloud platform, and wherein the cloud platform is configured to receive the security token and a trusted federated endpoint executed by the cloud platform is configured to enforce the limit on the session.

Systems and methods for cloud federated token just in time authorization are disclosed. A method may include: (1) receiving, by a cloud authentication services computer program, authenticating information for a user from an active directory federation service computer program; (2) querying, by the cloud authentication services computer program, a plurality of backend services to validate the authenticating information; (3) communicating, by the cloud authentication services computer program, validation to the active directory federation service computer program, wherein the active directory federation service computer program is configured to generate a security token comprising one or more assertion, wherein the assertion comprises a limit on a session with the user at a cloud platform, and wherein the cloud platform is configured to receive the security token and a trusted federated endpoint executed by the cloud platform is configured to enforce the limit on the session.

The Internet can be configured to provide communications to a large number of Internet-of-Things (IoT) devices. Devices can be designed to address the need for network layers, from central servers, through gateways, down to edge devices, to grow unhindered, to discover and make accessible connected resources, and to support the ability to hide and compartmentalize connected resources. Network protocols can be part of the fabric supporting human accessible services that operate regardless of location, time, or space. Innovations can include service delivery and associated infrastructure, such as hardware and software. Services may be provided in accordance with specified Quality of Service (QoS) terms. The use of IoT devices and networks can be included in a heterogeneous network of connectivity including wired and wireless technologies.

The Internet can be configured to provide communications to a large number of Internet-of-Things (IoT) devices. Devices can be designed to address the need for network layers, from central servers, through gateways, down to edge devices, to grow unhindered, to discover and make accessible connected resources, and to support the ability to hide and compartmentalize connected resources. Network protocols can be part of the fabric supporting human accessible services that operate regardless of location, time, or space. Innovations can include service delivery and associated infrastructure, such as hardware and software. Services may be provided in accordance with specified Quality of Service (QoS) terms. The use of IoT devices and networks can be included in a heterogeneous network of connectivity including wired and wireless technologies.

A computer-implemented method is provided for mapping IP addresses and domain names to organizations. The method includes receiving, by a mapping system from an data provider, a dataset related to a plurality of users of the data provider. The dataset includes (a) an IP address for a user device of each user of the plurality of users, and (b) a domain name for a user account of each user of the plurality of users; enriching, by an analytics engine of the mapping system, the received dataset with enrichment data from an enrichment source; receiving, by the analytics engine from a storage medium, historical data relevant to the enriched dataset; and mapping, by the analytics engine, (i) the IP address and/or (ii) the domain name of each user of a portion of the plurality of users to an organization based on the enriched dataset and the historical data.