Abstract: Aspects of the disclosure relate to preventing unauthorized access to secured information systems. A computing platform may receive, from an end user desktop computing device, a request to login to a user account associated with a user account portal. In response to receiving the request, the computing platform may generate an authentication token in an authentication database and may send a notification to at least one registered device linked to the user account. After sending the notification, the computing platform may receive, from the at least one registered device, an authentication response message. If the authentication response message indicates that valid authentication input was received, the computing platform may update the authentication token to indicate that the request to login to the user account has been approved. After updating the authentication token, the computing platform may provide, to the end user desktop computing device, access to a portal interface.

Abstract: Various embodiments of the present technology can include systems, methods, and non-transitory computer readable media configured to receive information about a plurality of regions contained within a hierarchy of a computer network environment, wherein the plurality of regions are assigned respective prime numbers. A first prime number assigned to a first region of the plurality of regions is determined. A second prime number assigned to a second region of the plurality of regions, wherein the second prime number is different from the first prime number is determined. A nearest common region in the hierarchy that includes the first region and the second region based on the respective prime numbers is identified. A security policy associated with the nearest common region is determined.

Abstract: A service provider provides flexible access to services using an identity provider. The service provider is associated with a custom access policy used by the identity provider to authenticate access requests associated with client devices for services of the client system. The custom access policy describes a set of access levels corresponding to variable levels of access to services of the service provider. The identity provider authenticates access requests by client devices using one or more device signals from the client devices. In some embodiments, the identity provider determines a device trust score for the client device using the one or more device signals. The identity provider provides an authentication response to the client system based on the custom access policy. The client system uses the authentication response to determine an access level for the client device from the set of access levels described by the custom access policy.

Abstract: This disclosure describes techniques including, by a domain name service (DNS), receiving a name resolution request from a client computing device and, by the DNS, providing a nonce to the client computing device, wherein a service is configured to authorize a connection request from the client computing device based at least in part on processing the nonce. This disclosure further describes techniques include a method of validating a connection request from a client computing device, including receiving the connection request, the connection request including a nonce. The techniques further include determining that the nonce is a valid nonce. The techniques further include, based at least in part on determining that the nonce is a valid nonce, authorizing the connection request and disabling the nonce.

Abstract: A method includes: accessing an attack record defining actions representing a previous known attack on a second computer network; initializing an attack graph; for each action, defining a set of behaviors—analogous to the action and executable by an asset on a target network to emulate an effect of the action on the second computer network—and storing the set of behaviors in a node in the attack graph; connecting nodes in the attack graph according to an order of actions in the known attack; scheduling the asset to selectively execute analogous behaviors stored in the set of nodes in the attack graph; accessing alerts generated by a set of security tools deployed on the target network; and characterizing vulnerability of the target network based on alerts, in the set of alerts, indicating detection and prevention of behaviors executed by the asset according to the attack graph.

Abstract: One example method includes receiving clear text data at a storage system, generating, at the storage system, a clear text data encryption key, requesting a key management system to encrypt the clear text data encryption key with a master key to create an encrypted data encryption key, and the requesting is performed by the storage system, receiving, at the storage system, the encrypted data encryption key from the key management system, encrypting, at the storage system, the clear text data with the clear text data encryption key to create encrypted data, and storing, together, the encrypted data and the encrypted data encryption key.

Abstract: Protecting data in non-volatile storages provided to clouds against malicious attacks. According to an aspect, multiple malicious patterns indicating respective malicious attacks to access non-volatile storages provided to clouds in a cloud infrastructure are maintained. When an access request is received, the data stream representing the access request is examined to determine whether the data stream contains any of the malicious patterns. If the data stream is found not to contain any malicious pattern, it is concluded that the access request is free of the malicious attacks. If the data stream is found to contain at least one malicious pattern, it is concluded that the access request is a malicious attack corresponding to the malicious pattern.

Abstract: A security module for a CAN node includes a RXD input interface for receiving data from a CAN bus, TXD output interface for transmitting data to the CAN bus, and a RXD output interface for providing data to a local controller. The security module is configured to receive a CAN frame from the CAN bus. The CAN frame includes a CAN message. The security module is also configured to compare an identifier of the received CAN frame with at least one identifier associated with the local controller; and upon detection of a match between the identifier of the received CAN frame and the at least one identifier associated with the local controller: pass the CAN message to the local controller via the RXD output interface; decouple the local controller from the CAN bus; and invalidate the CAN message on the CAN bus via the TXD output interface.

Abstract: Systems and methods of performing identity verification across different geographical or jurisdictional regions are provided. In one exemplary embodiment, a method by a first network node comprises sending, by the first network node located in a first geographical or jurisdictional region, to a second network node located in a second geographical or jurisdictional region, an indication of an identity verification associated with a certain identity based on personally identifiable information of that identity received by the first network node from the second network node. Further, the identity verification is determined based on whether the PII data of the certain identity corresponds to PII data of at least one of a plurality of identities associated with the first region and stored in one or more databases located in the first region and on identity verification rule(s) associated with the first region.

Abstract: A method of providing a secure development operations system that can accommodate multiple projects, multiple tenants, and multiple security classifications includes creating a first sub-program with the first sub-program being part of a first project and designating the first sub-program with a first security classification label. The method also includes transferring the first sub-program to a first repository of the development operations system with the first repository being configured to contain sub-programs associated with the first project and transferring a copy of the first sub-program to a second repository of the development operations system. The second repository is configured to contain sub-programs from multiple projects and sub-programs that have different security classification labels.

Abstract: Methods and systems for artificially intelligent security incident and event management using an attention-based deep neural network and transfer learning are disclosed. A method includes: collecting, by a computing device, system and network activity events in bulk; forming, by the computing device, a corpus using the collected system and network activity events; correlating, by the computing device, discrete events of the system and network activity events into offenses; adding, by the computing device, additional features to the corpus representing the offenses and disposition decisions regarding the offenses; training, by the computing device, a deep neural network using the corpus; and tuning, by the computing device, the deep neural network for a monitored computing environment using transfer learning.

Abstract: The computer-implemented method for generating a public key and a secret key of the present disclosure comprises determining, by a processor, the secret key (s) by sampling from a distribution over {?1, 0, 1}nd; determining, by a processor, a first error vector (e) by sampling from (D?qn)d and a second error value (e?) by sampling from D?qn; choosing, by a processor, a randomly uniform matrix A which satisfies A·s=e (mod q); choosing, by a processor, a random column vector b which satisfies ? b , s ? = ? q 2 ? + e ? ? ( mod ? ? q ) ; and determining, by a processor, the public key (pk) by (A?b)?Rqd×(d+1).

Abstract: In one embodiment, a method includes receiving a user request from a client device associated with a user, accessing an instructional file comprising one or more binary inference engines and one or more encrypted model data corresponding to the one or more binary inference engines, respectively, selecting a binary inference engine from the one or more binary inference engines in the accessed instructional file based on the user request, sending a validation request for a permission to execute the binary inference engine to a licensing server, receiving the permission from the licensing server, decrypting the encrypted model data corresponding to the binary inference engine by a decryption key, executing the binary inference engine based on the user request and the decrypted model data, and sending one or more execution results responsive to the execution of the binary inference engine to the client device.

Abstract: Examples disclosed herein relate to processing health information of a computing device according to a deep learning model to determine whether an anomaly has occurred. Multiple computing devices can be part of a system. One of the computing devices includes a host processing element, a management controller separate from the host processing element, and a deep learning model that includes parameters that are trained to identify anomalistic behavior for the computing device. The management controller can receive health information from multiple components of the computing device and process the health information according to the deep learning model to determine whether an anomaly occurred.

Abstract: Systems, methods, and apparatuses for anomalous user behavior detection and risk-scoring individuals are described. User activity data associated with a first computing device of a first user is received from an agentless monitoring data source different from the first computing device. The user activity data includes a user identifier. An active directory (AD) identifier and employee-related information from a human resources database are determined based on the user identifier. Based on the employee-related information and/or AD identifier, a probability of an adverse event is determined. When the probability of the adverse event exceeds a predetermined threshold, a logging agent is activated on the first computing device and additional user activity data is received from the logging agent.

Abstract: A policy management server manages a segmentation policy and policy constraints. The segmentation policy comprises a set of segmentation rules that each permit connections between specified groups of workloads that provide or consume network-based services. The policy constraints comprise a set of constraint rules that determine compliance of the segmentation rules. A workflow process may be initiated to resolve non-compliant rules by enabling an administrator to approve or deny the rule. In a large enterprise managing significant numbers of workloads, the policy constraints may be employed to ensure that overly permissive segmentation rules are not being created. This facilitates creation of a robust and narrowly tailored segmentation policy that reduces exposure of the enterprise to network-based security threats.

Abstract: A method non-transitory computer readable medium, device and system that receives one of one or more requests from a client to a web server system. An interstitial page is served to the client and comprises instrumentation code that, when executed at the client, collects telemetry data. The telemetry data is received and a threat analysis is performed on the telemetry data collected in association with the one of the requests. A determination is made on when, based on the performing the threat analysis, that the one of the requests is from a potential attacker. When the determination indicates the one of the requests is not from the potential attacker then the one of the requests is allowed.

Abstract: The technology disclosed describes a system. The system comprises a network security system interposed between clients and cloud applications. The network security system is configured to process an incoming request from a client and generate metadata. The network security system is further configured to transmit the incoming request to a cloud application. The network security system is further configured to configure the metadata to expire after an expiration window. The network security system is further configured to receive, after the expiration window, a further incoming request from the client. The further incoming request is directed towards the cloud application and subject to policy enforcement that requires the expired metadata. The network security system is further configured to hold the further incoming request and transmit a synthetic request to the cloud application. The synthetic request is configured to retrieve the expired metadata from the cloud application.

Abstract: Disclosed herein are embodiments of systems, methods, and products that execute tools to identify non-malicious faults in source codes introduced by engineers and programmers. The tools may execute a machine learning model on the source codes to perform sentiment analysis and pattern analysis on information associated with the source codes to generate annotated source code files identifying anomalies based on the sentiment analysis and the pattern analysis. One or more threat levels are then identified and ranked based on the one or more anomalies and a ranked list of the one or more threat levels is displayed on a graphical user interface of a computer.

Abstract: A power is computed at high speed with a small number of communication rounds. A secret computation system that includes three or more secret computation apparatuses computes a share [a?] of the ?-th power of data “a” from a share [a] of data “a” while data “a” is concealed. The share [a] of data “a” and an exponent ? are input to an input unit (step S11). A local operation unit computes the pu-th power of a share [at] of the t-th power of data “a” without communication with the other secret computation apparatuses (step S12). A secret computation unit uses secret computation that requires communication with the other secret computation apparatuses to compute a multiplication in which at least one of the multiplicands is [ a ( t * p ^ u ) ] , the computation result of the local operation unit, to obtain the share [a?] (step S13). An output unit outputs the share [a?] (step S14).