Abstract: Introduced here are Internet monitoring platforms configured to define, monitor, and assess the boundary of a private network associated with a client. By monitoring the entire Internet, a private network, and relationships between these networks, an Internet monitoring platform can discover changes in the boundary of the private network that is defined by those assets on the private network capable of interfacing with a public network, such as the Internet. The Internet monitoring platform may, in response to discovering the boundary of the private network has experienced a change, identify an appropriate remediation action by mapping the change to a technological issue, a relevant business relationship, etc. For example.

Abstract: A system includes an application instance or application environment instance and a first cloud service of a trusted cloud provider. The first cloud service is configured to receive an encrypted disk image and to launch the application instance or application environment instance. The system also includes a second cloud service of a first alternate cloud provider, which is configured to launch a first attestation service instance from an attestation disk image that includes a secret and to provide the secret to the application instance or application environment instance.

Abstract: A computerized method for restricting communications between virtual private cloud networks comprises creating a plurality of security domains. Each of the plurality of security domains identifies gateways associated with one or more virtual private cloud networks. Also, the method features generating transit routing data stores in accordance with each of the plurality of security domains; determining whether a connection policy exists between at least a first security domain and a second security domain of the plurality of security domains; and precluding communications between gateways associated with the first security domain and gateways associated with the second security domain in response to determining that no connection policy exists between the first security domain and the second security domain.

Abstract: A method for monitoring data transiting via a user equipment is described, as well as a cyber attack detection device, The method includes obtaining a first decision from a first cyber attack detection technique and a second decision from a second cyber attack detection technique, indicating whether the data are associated with attack traffic, obtaining a third decision from a third cyber attack detection technique indicating whether the data are associated with attack traffic, the third technique the first and second decisions and confidence levels assigned to the first and second detection techniques, updating the confidence levels on the basis of the first, second and third decisions, and adapting, triggered on the basis of the obtained first, second and third decisions and of the updated confidence levels, at least one rule applied by the first and/or the second technique.

Abstract: A cyber threat defense system and a method for detecting a cyber threat may use a predictor, e.g. a Transformer deep learning model, which is configured to predict a next item in the sequence of events and to detect one or more anomalies in the sequence of events. This provides a notification comprising (i) information about the one or more anomalies; and (ii) a prediction of what would have been expected.

Abstract: A method for verifying identities of parties to a transaction includes receiving a login attempt from a mobile communication device, the login attempt including a security credential. The method determines that the security credential of the login attempt from the mobile communication device is authentic. The method communicates a one-time access code to the mobile communication device. The method receives a one-time entry code and mobile communication device information from the mobile communication device. The method determines that the one-time entry code and the mobile communication device information from the mobile communication device satisfies the communicated one-time access code and predetermined user mobile communication device information. The method provides by the mobile communication device access to a secure transaction environment.

Abstract: A computer-implemented method includes receiving, by a storage system, encrypted data and a set of key identifiers. Each key identifier is associated with information specifying a storage location for which the key identifier is authorized. The method also includes storing, by the storage system, the encrypted data in at least one storage location and receiving, by the storage system, at least one key identifier of the set of key identifiers with a data access request. The method includes determining, by the storage system, whether the data access request is authorized for the at least one key identifier.

Abstract: Methods, systems, and computer programs are presented for enabling any sandboxed user-defined function code to securely access the Internet via a cloud data platform. A remote procedure call is received by a cloud data platform from a user-defined function (UDF) executing within a sandbox process. The UDF includes code related to at least one operation to be performed. The cloud data platform provides an overlay network to establish a secure egress path for UDF external access. The cloud data platform enables the UDF executing in the sandbox process to initiate a network call.

Abstract: Participants as requestors using a requesting network element request one or more tokenization processors to generate tokens that represent a sanitized version of data such that the resultant tokens are amenable to comparison across participants. As circumstances warrant, one or more such tokens can be submitted to the tokenization processor(s) to privately retrieve the original data. Role-based access control scope parameters and tokenization processor-specific tokenization processor secrets can be embedded into reversible tokens that remain invariant under updating of the tokenization processor secrets across tokenization processors.

Abstract: An information processing apparatus connected to one or more vehicles and a threat information server storing pieces of threat information. The information processing apparatus includes: a processor; and a memory including at least one set of instructions that, when executed by the processor, causes the processor to perform: obtaining a detection result of an attack on one of the vehicles; (a) determining whether the attack is included in any one of the pieces of threat information; (b) when the attack is included therein, determining whether the resolution state to the attack included in the one of the pieces of threat information indicates that the attack has not been resolved or has been resolved; (c) deciding a processing priority level of the attack, based on a determination result in (a) and a determination result in (b); and (d) outputting the processing priority level decided.

Abstract: A method for updating a cryptographic key via a computation unit configured with one or more processors and a memory coupled to the one or more processors is disclosed. The method includes loading a base key into a cryptographic storage unit integrated with a cryptographic application. The method includes generating a temporal key based on the base key using a one-way key update algorithm via cryptographic application logic integrated within the cryptographic application. The temporal key is assigned an update count based on the number of updates performed on the temporal key. The method further includes comparing the update count value to a required update count, updating the temporal key if the update count is less than the required update count, and zeroizing the temporal key if the update count is more than the required update count, in which the temporal key may be regenerated with the required update count.

Abstract: A computer system controls access to network devices. One or more user interface elements associated with one or more network devices that are within a view of a user are displayed to the user via an augmented reality display. Input from the user is received comprising instructions to execute a command at a network device of the one or more network devices. The user is determined, according to a security policy, to be authorized to execute the command at the network device. In response to determining that the user is authorized to execute the command, the command is executed at the network device. Embodiments of the present invention further include a method and program product for controlling access to network devices in substantially the same manner described above.

Abstract: Mechanisms for authorizing requests to access a resource are provided, the methods comprising: receiving a request to access the resource at a hardware processor from an Internet Protocol (IP) address; determining whether a rule applies to the request to access the resource; in response to determining that a rule does not apply to the request to access the resource, sending a request for authorization; receiving a response to the request for authorization; and in response to the response to the request for authorization indicating that access is authorized, providing a connection to the resource.

Abstract: Embodiments of systems and methods for platform framework policy management are described. A platform framework may receive, from an application of an IHS (Information Handling System), a registration as a user of a platform policy that is used to operate one or more of the hardware devices of the IHS. A platform framework of the IHS provides the application with a reference to the platform policy. In response to notifications of updates to the platform policy, the platform framework identifies the application as a registered user of the platform policy and provides the application with a reference to the updated platform policy. The platform policy may include a communication handle by which the policy is retrieved, where the handle may include a token that validates the authenticity of the platform policy.

Abstract: A method for verifying a drone included in an industrial Internet of Things (IIoT) system, using a petri-net modeling is disclosed. In an embodiment, the method includes a step of modeling the IIoT system as a hierarchical petri-net (modeling step); and a step of verifying whether the drone has security vulnerability on the basis of the hierarchical petri-net model (verification step), wherein the verification step can determine that a drone has security vulnerability when at least one of a plurality of determination factors provided as places to the hierarchical petri-net model determines that the drone is operating abnormally.

Abstract: Example methods disclosed herein to determine whether a first monitored device is compromised include determining a first entropy value for the first monitored device based on a first number of unique event identifiers included in log entries obtained for the first monitored device, the log entries associated with a first time window. Disclosed example methods also include determining a second entropy value for the first monitored device based on numbers of unique event identifiers included in corresponding groups of log entries obtained for respective ones of a plurality of monitored devices including the first monitored device, the groups of log entries associated with the first time window. Disclosed example methods further include determining whether the first monitored device is compromised based on the first entropy value and the second entropy value, and performing an action in response to a determination that the first monitored device is compromised.

Abstract: An apparatus and method for mapping user-associated data to an identifier. The apparatus includes a processor configured to store a plurality of user identifiers. User identifiers may be determined by way of user or by machine-learning modules or the like. Apparatus receives user-associated data from a user to be stored in a resource data storage system. User-associated data may include a plurality of data sets to be mapped to an identifier. Mapping a data set to an identifier may be user determined or use a machine-learning module. Apparatus is configured to update the immutable sequential listing associated with the data set with the mapped identifier.

Abstract: A system for access policy management of a plurality of valid entities communicating over a network comprising a server executing an application programming interface for registration and authentication of said entities directly or via an edge router, one or more encrypted tunnels between entities and one or more gateways. Wherein said server assigns a private IP address to each authenticated entities and propagates said IP address and associated access policies to each of said one or more gateway; and said one or more gateway processing and routing a plurality of packets received from each entity and enforcing one or more access policies associated with the private IP address assigned to the authenticated entity; and said one or more gateways manage routes based on the propagated private IP addresses of each authenticated entities and routes packets to reach one or more remote entities via one or more tunnels to one or more other gateways creating a network overlay between authenticated entities.

Abstract: Embodiments described herein provide a compressed container format that enables the container to be decrypted and decompressed in a streaming manner. One embodiment provides a container format for encrypted archives in which data is compressed and encrypted in a segmented manner. A segment of the archive can be decompressed, decrypted, and checked for integrity before the entire archive is received. Metadata for the encrypted archive is also encrypted to secure details of data stored within the archive.

Abstract: Disclosed embodiments relate to systems and methods for securely performing actions on a resource. Techniques include receiving a request by the entity to perform a privileged action on a resource, the request including a token associated with the entity; providing a first indication of the request to a first handler; providing a second indication of the request to a second handler configured to perform the privileged action on the resource, wherein when the privileged action includes a query, the second indication of the request is provided to a query handler, and when the privileged action includes a write command, the second indication of the request is provided to a command handler.