A client node (CN) requests content from an access node (AN). Rule set ACR_CN is provided to CN and AN and ACR_AN is used by AN. A request sent by CN in violation of ACR_CN may be blocked and cause AN to block subsequent requests from CN that would be allowed per ACR_CN. A request blocked according to ACR_AN but not ACR_CN is blocked but subsequent requests may still be allowed according to ACR_CN and ACR_AN. Authenticated distribution of the ACR_CN and ACR_AN may be performed in cooperation with a controller using authenticated tokens (AT).

At least one of a measure of trust or a measure of spoofing risk associated with a sender of a message is determined. A measure of similarity between an identifier of the sender of the message and an identifier of at least one trusted contact of a recipient of the message is determined. The measure of similarity is combined with at least one of the measure of trust or the measure of spoofing risk to at least in part determine a combined measure of risk associated with the message. Based at least in part on the combined measure of risk associated with the message, a verification action is performed including by automatically providing an inquiry message that requests a response to be provided.

A cloud network is a complex environment in which hundreds and thousands of users or entities can each host, create, modify, and develop multiple virtual machines. Each virtual machine can have complex behavior unknown to the provider or maintainer of the cloud. Technologies disclosed include methods, systems, and apparatuses to monitor the complex environment to detect network anomalies using machine learning techniques. In addition, techniques to modify and adapt to user feedback are provided allowing the developed models to be tuned for specific use cases, virtual machine types, and users.

Security system for protecting a vehicle electronic system by selectively intervening in the communications path in order to prevent the arrival of malicious messages at ECUs, in particular at the safety critical ECUs. The security system includes a filter which prevents illegal messages sent by any system or device communicating over a vehicle communications bus from reaching their destination. The filter may, at its discretion according to preconfigured rules, send messages as is, block messages, change the content of the messages, request authentication or limit the rate such messages can be delivered, by buffering the messages and sending them only in preconfigured intervals.

The invention relates to a method, by a policy controller 100, for generating policy rules for data packet flows in a communications network. The policy controller 100 has access to a policy database 130 and stores a service level agreement. The service level agreement contains a plurality of different service level identifiers, each service level identifier being associated with a set of conditions that govern the policy rules to be applied to the data packet flows in the communications network. The method comprises the following steps: An authorization request is received for a data packet flow, the authorization request comprising service information for a service and a service level identifier. The policy database 130 is accessed and the set of conditions associated with the received service level identifier is determined. Further, based on the determined set of conditions, a policy rule to be applied to the data packet flow is generated. Policy controller 100 is configured to generate policy rules based on a third party or company profile, with the third party company being able to influence which policy rule should be selected by the policy controller. The authorization request may be received directly from an application function, AF 200. An input unit 230 is provided via which the third party can define and agree upon the service level agreement with an operator of the communications network. A policy control enforcing function PCEF 51 can interact with the PCRF 100 in order to enforce the policy rules.

Management of IoT devices through a private cloud. An IoT device is coupled to a gateway. A request from the IoT device to connect to a private cloud, wherein the private cloud is used to manage IoT devices, is received at a private cloud control center agent. An identification of the IoT device is determined. The IoT device is onboarded, using the identification, for management through the private cloud. A device profile of the IoT device is generated. The flow of data to and from the IoT device is regulated through application of IoT rules of an IoT firewall according to the device profile of the IoT device.

In general, in an aspect, a method for providing an outbound gateway protection includes provisioning one or more worker gateways located in a first gateway virtual private cloud, the one or more worker gateways sharing configuration data with the controller gateway, provisioning one or more load balancer gateways in one or more client virtual clouds, the one or more client virtual clouds each comprising one or more clients, the one or more load balancer gateways distributing client requests among the worker gateways, assigning groups of the one or more clients to one of the one or more load balancer gateways based on requests from a majority of the worker gateways, and communicating outbound network traffic from the clients via the assigned load balancer gateways.

Security system for protecting a vehicle electronic system by selectively intervening in the communications path in order to prevent the arrival of malicious messages at ECUs, in particular at the safety critical ECUs. The security system includes a filter which prevents illegal messages sent by any system or device communicating over a vehicle communications bus from reaching their destination. The filter may, at its discretion according to preconfigured rules, send messages as is, block messages, change the content of the messages, request authentication or limit the rate such messages can be delivered, by buffering the messages and sending them only in preconfigured intervals.

Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for protecting user privacy in the playback of user sessions are described. In one aspect, a method includes accessing, for a user session with one or more user interfaces, event data that includes interface data specifying a structure of the user interface(s), and, for each of one or more user interface elements for which content was presented by the user interface(s) during the user session, an encrypted content element including the content of the user interface element encrypted using a public key corresponding to a rule enabling recording of the content of the user interface element and data identifying the rule. Playback of the user session is generated including, for each of the interface element(s), decrypting the encrypted content element for the user interface element and presenting the decrypted content during the playback of the user session.

A method may include obtaining a request to unblock a predetermined website in a network and that is associated with a predetermined list. The predetermined list may be used to determine whether a respective user device among various user devices can access one or more websites. The method may further include determining an impact level of the predetermined website for an organization using a machine-learning algorithm and website gateway data. The method may further include determining a probability of a security breach using the machine-learning algorithm and threat data. The method may further include determining whether to unblock the predetermined website based on the impact level and the probability of a security breach. The method may further include transmitting, in response to determining that the predetermined website should be unblocked, a command that modifies the predetermined list to enable the respective user device to access the predetermined website.