Abstract: Systems and methods for artificial intelligence systems for identity management systems are disclosed. Embodiments may perform outlier detection and risk assessment based on identity management data, including one or more property graphs or peer groups determined from those property graphs, to determine identity management artifacts with ‘abnormal’ patterns when compared to other related identity management artifacts.

Abstract: Technologies are shown for detection of identity misconfiguration that involve collecting identity/role binding and role/access rules data from multiple clusters supported by a computing resource system. Access rules for identities are extracted from the collected data and an access rule prediction model created to predict access rules for identities. An identity definition request for a tenant is received having a requested identity and a role assigned to the identity. A set of access rules is obtained for the role assigned to the identity and a predicted set of access rules is obtained for the requested identity from the prediction model. The access rules for the requested role are compared to the predicted set of access rules and a misconfiguration alert generated when there is a difference between the set of access rules for the requested role and the predicted set of access rules for the requested identity.

Abstract: Disclosed herein are systems and method for spam identification. A spam filter module may receive an email at a client device and may determine a signature of the email. The spam filter module may compare the determined signature with a plurality of spam signatures stored in a database. In response to determining that no match exists between the determined signature and the plurality of spam signatures, the spam filter module may placing the email in quarantine. A spam classifier module may extract header information of the email and determine a degree of similarity between known spam emails and the email. In response to determining that the degree of similarity exceeds a threshold, the spam filter module may transfer the email from the quarantine to a spam repository.

Abstract: A method for identifying gaps in an organization's cyber defenses, and identifying and prioritizing remediations that are designed to eliminate those gaps, including using multiple choice questionnaires, wherein the answers to a series of multiple choice questions are scored for inherent risk, selecting security controls and calculating expected maturity scores for these controls based on the inherent risk score, using multiple choice questionnaires, wherein the answers to a series of multiple-choice questions are scored for actual control maturity, aggregating said actual and expected maturity scores and comparing these to identify and quantify gaps, and recommending and prioritizing control improvements that are designed to raise the score to an expected level. These steps are implemented using a computing device. In this manner the organization can identify a sequenced set of concrete steps it can take to achieve reasonable and effective security.

Abstract: A system includes a central server and one or more user devices connected by a network. The central server receives a request initiated by a user using a user device for a data interaction associated with a data file. The central server checks whether the user is authorized to perform the requested data interaction based on a list of user authorizations. If the user is authorized to perform the data interaction, the central server checks whether the data interaction satisfies at least one rule defined for the user relating to a type of the requested data interaction. If the data interaction satisfies the at least one rule, the central server performs an additional level of authorization to verify an identity of the user. The central server further processes the data interaction when the additional level of authorization is successful.

Abstract: An approach for dynamically transitioning mobile client devices from one location to another within edge computing is disclosed. The approach includes retrieving locations for near edges and far edges and collecting one or more SCC (security compliance center) rules. The approach includes identifying edge access from one or more client devices and determining mobility pattern associated with the edge access. The approach includes determining edge recommendation based on the mobility patterns and applying the edge recommendation.

Abstract: A processor-implemented method for the ownership transfer and tracking of tangible assets using a blockchain is described. In an embodiment, the method includes generating a root node associated with a tangible asset via a processor. The root node has a first hash value that represents a storage location of the root node, data associated with a tangible asset, and a second hash value that represents a storage location of the subsidiary node. The method also includes storing a hierarchical hash-linked tree structure in a non-transitory, processor-readable memory. The hierarchical hash-linked tree structure can include multiple nodes. The multiple nodes include the root node and the subsidiary node. The subsidiary node has the second hash value, and data associated with a tangible sub-asset of the tangible asset.

Abstract: Methods and systems for detecting and preventing malicious software activity are presented. In one embodiment, a method is presented that includes monitoring network communications on a network. The method may also include detect a suspect network communication associated with a suspect network activity and, in response, determine an originating machine based on the suspect network activity. The method may further suspend network communications for the originating machine. A forensics software agent may then be selected based on the suspect network activity. Then, the forensics software agent may be deployed on the originating machine. After deployment, the forensics software agent may fetch computer forensics data from the originating machine. Once the computer forensics data is fetched, a response action may be selected and executed based on said computer forensics data.

Abstract: Mesh agents for an overlay network may be provided such that each mesh agent may be hosted on network computers in the overlay network. In response to a network interface providing raw datagrams to a mesh agent in the overlay network further actions may be performed, including: determining a payload protocol based on the raw datagrams; determining payload datagrams included in the raw datagrams based on the payload protocol; determining a request from a client based on the payload datagrams and the payload protocol; or the like. In response to an infrastructure security computer determining validation information that validates the request further actions may be performed, including: modifying the payload datagrams based on the payload protocol and the validation information; modifying the raw datagrams to include the modified payload datagrams; forwarding the modified raw datagrams to a next mesh agent identified with the validation information; or the like.

Abstract: Embodiments are directed to managing and monitoring endpoint activity in secured networks. In response to a client request being provided to an agent associated with the resource server. A driver associated with the resource server may be determined based on the client request. The client request may be provided to the resource server via a second network connection. Responses from the resource server may be provided to a server-tee module such that the server-tee module provides a copy of the responses to the server-handler module; employing the server-handler module to generate log information based on the copied responses; employing the server-tee module to modify the responses from the resource server such that the responses are forwarded to the client via the first network connection over the overlay network; or the like.

Abstract: A method and system for anonymizing data to be transmitted to a destination computing device is disclosed. Anonymization strategy for data anonymization is provided. Data to be transmitted is received from a user computer. Selective anonymization of the data is performed, based on the anonymization strategy, using an anonymization module. The data includes a plurality of characters. A portion of the anonymized data is selected as a search ID. A cross reference between a search key indicative of a portion of the received data and the corresponding search ID is stored.

Abstract: A computer implemented method for generating a dispatch datagram is disclosed. The computer implemented method includes receiving, at a dispatcher, a request from a client. The method further includes generating an authorization header based on the received request. The authorization header includes one or more rules for handling the request. The method further includes wrapping the received request and the generated authorization header together to generate a dispatch datagram.

Abstract: Using various embodiments, methods and systems for verification of a digital asset owner in a digital environment are described. In one embodiment, a system is configured to receive a non-fungible token (NFT) associated with a digital asset, the NFT providing proof of ownership of the digital asset through a cryptographic public key and retrieve the digital asset. The system then retrieves a secret pattern from the digital asset, wherein the secret pattern was previously embedded into the digital asset, the secret pattern associated with the cryptographic public key and computes a first identification hash value using a hash function, the hash function receiving a parameter value derived from the secret pattern. The system then receives a second identification hash value and compares the first identification hash value to the second identification hash value. If the first and second identification hash values are identical, then the digital asset is determined to be authentic.

Abstract: A method includes executing a configuration engine on one or more data processing device(s) of a computing system. In accordance with the execution, the method also includes discovering at least a subset of a number of resources associated with a target environment of the computing system, generating an environment definition associated with the target environment, building baseline configurations, policies, and metadata for at least the subset of the number of resources, and versioning the aforementioned data.

Abstract: Aspects of the disclosure relate to exfiltrated data detection. A computing platform may receive secure enterprise data from an enterprise data management platform. In response to receiving the secure enterprise data, the computing platform may generate data entities. The computing platform may load, into the data entities, secure enterprise data. After loading the secure enterprise data into the data entities, the computing platform may activate a verification process associated with each data entity, which may include triggering each data entity to send verification messages to other data entities. Each data entity may be configured to receive and validate verification messages received from the other data entities of the plurality of data entities, and may be configured to delete secure enterprise data stored in the corresponding data entity upon failing to receive the verification messages from the other data entities.

Abstract: Data relating to attacks is collected in honeypots, including network address of attacks and time of attacks. The attack data is analyzed to generate a predicted likelihood of future attacks from network addresses in the activity data, and a network address blacklist is constructed including network addresses predicted likely to be a source of a future attack. The process is repeated over time, such that network addresses with no recent honeypot activity are removed from the blacklist.

Abstract: A policy-controlled communication system including a plurality of client devices establishing a secure session with remote instances on a web server using a protocol. The system includes a policy component with a set of policies customized based on parameters. The policies specify configuration settings of encryption protocols for content security on a client device. A local application on the client device selects a cloud service. A mid-link server includes a security developer to determine an encryption link to deliver the cloud service to the client device and a linker to select a session protocol for establishing the secure session between the client device and the web server based on the set of policies. The policies are modified when the encryption link does not meet the set of policies. The router establishes via the encryption link the secure session based on the session protocol and the modified policies.

Abstract: A data processing method performed by a security protocol device is provided. The data processing method includes assigning each of a plurality of leaf nodes of a binary tree stored in a database device an identification number; and performing a first procedure in a case that the security protocol device receives first record data and first identification data of the first record data from a terminal apparatus, the first procedure including: determining a first identification number from the first identification data; storing a hash value of the first record data into a first leaf node of the binary tree identified by the first identification number; generating at least one slice of the binary tree; uploading a root hash value of the binary tree to a blockchain device; and transmitting a first slice to the terminal apparatus, the first slice including the first leaf node. A security protocol device using the same is also provided.

Abstract: A method comprises monitoring a computing environment including a plurality of containers, determining, for one of the containers, a service type and an IP address, assigning the IP address of the container having the determined service type to a first list of IP addresses, assigning an IP address of each of the containers to a second list of IP addresses, applying a first security policy for a first source of network traffic for processing by the container having the determined service type and the IP address assigned to the first list of IP addresses, and applying a second security policy for a second source of network traffic for processing by the containers having the IP addresses assigned to the second list of IP addresses.

Abstract: A system automatically manages data through a declarative client that retrieves data and caches data in response to a transmission of an auto-generated query from an end-user interface. The declarative client is served by a cloud services platform. A serverless engine receives images as a template in which a secure container is generated and receives multiple tasks that process the image within the secure container. An application programming interface extracts data in response to the auto-generated query. The declarative client includes a cache that breaks up results of the auto-generated queries into individual objects that are associated with a unique identifier across and a unique name to speed up the execution of the auto-generated queries. A scalable domain name system routes requests to access an instance of a cloud application and caches the name of the domain in response to the request.