One variation of a method includes: intercepting an inbound email received from a sender at an inbound email address and addressed to a recipient within an organization; accessing a keyword list comprising a set of keywords associated with inauthentic email attempts; and, in response to identifying a first word, in a set of words contained in the inbound email, in the set of keywords, scanning the first inbound email for presence of external content linked to the first inbound email. In response to detecting a link to an external document within the first inbound email, the method further includes: accessing a whitelist comprising a set of verified email addresses associated with authentic email attempts within the organization; and, in response to the set of verified email addresses omitting the inbound email address, withholding transmission of the inbound email to the target recipient and flagging the inbound email for authentication.

Some embodiments provide a local controller on a set of host computers that reduce the volume of data that is communicated between the server set and the set of host computers. The local controller executing on a particular host computer, in some embodiments, receives a portion of the namespace including only the policies (e.g., opcode) that are relevant to API-authorization processing for the applications executing on the particular host computer provided by a local agent executing on the computer to authorize the API requests based on policies and parameters. The local controller analyzes the received policies (e.g., policy opcodes) and identifies the parameters (e.g. operands), or parameter types, needed for API-authorization processing (e.g., evaluating the policy opcode upon receiving a particular API request) by the local agent. In some embodiments, the local controller performs this analysis for each updated set of policies (e.g., policy opcodes).

An application gateway including application service programming positioned at a user premises can provide voice controlled and managed services to a user and one or more endpoint devices associated with the application gateway. The application gateway can be controlled remotely by the application service provider through a service management center and configured to execute an application service provided from the application service provider. The application gateway can execute the application service at the user premises upon voice command by a user and independent of application services executing on the application service provider's network. An application service logic manager can communicate with an application service enforcement manager to verify that the request conforms with the policy and usage rules associated with the application service in order to authorize execution of the application service on the application gateway, either directly or through endpoint devices.

Techniques for providing network slice-based security in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for network slice-based security in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a new session, wherein the service provider network includes a 5G network or a converged 5G network; extracting network slice information for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the network slice information.

A discovery computing system may receive an account identifier (ID) and a set of credentials required to access a first service account. The discovery computing system may transmit a first API query to a remote computing system. The discovery computing system may receive an organization identifier (ID) of the organization from the remote computing system. The discovery computing system may further transmit a second API query to the remote computing system. The discovery computing system may be further configured to receive information about a set of projects, in the organization, from the remote computing system. The discovery computing system may further generate a set of service accounts and further determine the set of resources, in the remote computing system, associated with each of the generated set of service accounts. The discovery computing system may further store the determined set of resources, as configuration items in a persistent storage.

Managing security access in real-time to a computer system using control lists includes detecting a security event at a computer system. The security event is analyzed including an analysis of a historical corpus having historical data of security events. An access control list is generated based on the security event. A determination is made when the security event includes abnormal behavior based on the analysis of the security event and the historical corpus. The security event is published to a monitoring system for controlling access to the computer system, in response to the security event.

Methods and systems for detecting undesirable computer files based on scanning and analysis of information contained within an associated digital certificate chain are provided. According to one embodiment, a file having associated therewith a certificate chain is received. A type and structure of the file are identified. A location of the certificate chain is determined based on the identified type and structure. A signature of the file is formed by extracting a targeted subset of information from the certificate chain. The file is evaluated by comparing the signature with a set signatures having a known desirable or undesirable status. The file is classified based on a result of the evaluating into a category of multiple categories, including one indicative of an associated file being an undesired file or a file suspected of being undesired. The file is handled in accordance with a policy associated with the category.

Systems, devices, and methods are disclosed for an agent device within a company's network firewall to initiate an HTTP connection with a cloud-based gateway and then upgrade the connection to a WebSockets protocol in order to have an interactive session. Over this interactive session, a mobile device, which connects to the cloud-based intermediary, can request data from servers inside the company's firewalls. Because the firewall is traversed using HTTP protocols (with WebSockets), it can be as safe as letting employees browse the web from inside the company's network.

Systems and methods for connecting devices via a virtual global network are disclosed. In one embodiment the network system may comprise a first device in communication with a first endpoint device and a second device in communication with a second endpoint device. The first and second devices may be connected with a communication path. The communication path may comprise one or more intermediate tunnels connecting each endpoint device to one or more intermediate access point servers and one or more control servers.

Techniques include receiving a search query from a user device, determining native applications that are installed on the user device and associated with user accounts, and identifying app state records based on the search query and the applications. Each app state record includes an application access mechanism (AAM) and application state information (ASI). The AAM references a native application and indicates operations for the application to perform. The ASI describes a state of the native application after the application has performed the operations. Identifying the app state records based on the native applications includes determining that each record includes an AAM that references one of the applications. The techniques also include selecting AAMs from the identified app state records and transmitting the AAMs to the user device. Other techniques include generating result scores for app state records identified based on the search query using the native applications.