PATENTS

A system and method of implementing an API of an authentication service includes implementing a confirmation API, wherein the implementing includes: initiating a confirmation API request based on receiving an access request, identifying the requestor, identifying a subscriber account and user device enrolled with the subscriber account, transmitting a confirmation request to the user device, and granting or denying the access request based on the response.

A method includes generating, by an internal segmentation orchestrator, a key to cipher/decipher a cryptographic segmentation tag used by an untrusted device, transmitting the key to an external segmentation orchestrator, transmitting the cryptographic segmentation tag, and provisioning a trusted network edge with the key and optionally the cryptographic segmentation tag.

A system and method of securing a computing device with a remote computer security service includes: identifying an occurrence of an anti-authentication action, and responsively performing anti-authentication protective services by protectively altering the computing device from a normal state to a protected state.

A system and method for extending enterprise networks' trusted policy frameworks to cloud-native applications. Comprises sending, by an enterprise network controller, a communication to a service mesh orchestrator informing it of traffic segmentation policies and layer 7 extension headers corresponding to the enterprise network traffic segmentation policies.

A method of restricting transmission of data packets from a host entity in a network, including: over the course of repeated time intervals, restricting to a predetermined number the destination hosts not identified in a working set to which packets may be transmitted; adding host identities upon transmission with a time to live; deleting expired records.

Method and arrangements for managing a network having one or more user computing entities and one or more administrative computing entities. Includes monitoring network traffic from a user computing entity, detecting a client request, and scanning the user computing entity for vulnerabilities.

A data-handling system arranged to scan through data it holds for instances of sensitive information as identified by reference to a set of sensitive-information identifiers. Each identifier is formed or protected so as to not reveal any such item. Following an instance being found, it is replaced by a reference to an instance held in protected storage.

Administration and management of the vulnerability of computing entities to malicious code. Examples of networks range from domestic networks involving interconnected computers to intranets of commercial organisations having a relatively large number of computers on a Local Area Network.

A method of restricting transmission of data packets from a host entity in a network, comprising transmitting outgoing packets to destination hosts whose identities are contained in a working set, restricting destination hosts not identified in the working set over repeated time intervals, and deleting packets whose transmission has been restricted.

A method of managing access by a transient computing entity to a computing network via a VPN gateway, comprising authenticating the entity's identity, restricting access, performing a vulnerability scan, and upon completion enabling access to at least a part of the network which was previously restricted.

A method of administering a network comprising the steps of configuring a computing platform within the network to include, within data packets transmitted from that computing platform, a parameter which identifies the platform type.