Abstract: An autonomous report composer composes a type of report on cyber threats that is composed in a human-readable format with natural language prose, terminology, and level of detail on the cyber threats aimed at a target audience. The autonomous report composer cooperates with libraries with prewritten text templates with i) standard pre-written sentences written in the natural language prose and ii) prewritten text templates with fillable blanks that are populated with data for the cyber threats specific for a current report being composed, where a template for the type of report contains two or more sections in that template. Each section having different standard pre-written sentences written in the natural language prose.

Abstract: This disclosure and the exemplary embodiments described herein, provide methods and systems for detecting a ransomware infection in one or more files. According to an exemplary embodiment, a low frequency encryption analysis and a high frequency encryption analysis of a plurality of received files is performed to determine if the one or more of the files are encrypted. If a file is encrypted, a watcher is utilized to monitor file events associated with the files for determining if one or more of the files are infected with ransomware.

Abstract: A first device governs operation of a second device based on a network security risk posed by the second device. The second device is disposed locally to the first device and in local network communication with the first device. The first device is in network communication with a cloud-based computational service.

Abstract: A mobile device can receive input to execute a target application in a private session. The target application is a native application for a mobile platform of the mobile device. The private session is a native function of the mobile device configured to isolate data of the target application. In response to the input, the mobile device can configure a local resource of the mobile device to support the target application in the private session, instantiate a procedure that utilizes the local resource to isolate the data of the target application while in the private session, and execute the target application in the private session on the mobile device. The operation of the private session is transparent and undetectable to the target application.

Abstract: A simulated process is initiated. The simulated process includes generating, by an emulator, a control signal based on external inputs. The simulated process further includes processing, by a simulator, the control signal to generate simulated response data. The simulated process further includes generating, by a deep learning processor, expected behavioral pattern data based on the simulated response data. An actual process is initiated by initializing setpoints for a process station in a manufacturing system. The actual process includes generating, by the deep learning processor, actual behavioral pattern data based on actual process data from the at least one process station. The deep learning processor compares the expected behavioral pattern to the actual behavioral pattern. Based on the comparing, the deep learning processor determines that anomalous activity is present in the manufacturing system. Based on the anomalous activity being present, the deep learning processor initiates an alert protocol.

Abstract: A server receives encrypted data from a protected-resource-requesting device that includes an encrypted combination of the device and user identification. The first server requests a most recent copy of data of a distributed ledger from a randomly selected logged-in workstation. The first server searches for a match of the encrypted data from the first device in the distributed ledger data received from the randomly selected workstation. In response to determining a match, the first server updates a table of a second server with a one-time-password (OTP) and a copy of the encrypted data received from the device. The first server sends the OTP and an instruction to the device to send the OTP and the encrypted data to the second server, which determines whether a match exists. In response to a confirmed match, the first server grants access to the device.

Abstract: Described is a system for detecting adversarial activities. During operation, the system generates a multi-layer temporal graph tensor (MTGT) representation based on an input tag stream of activities. The MTGT representation is decomposed to identify normal activities and abnormal activities, with the abnormal activities being designated as adversarial activities. A device can then be controlled based on the designation of the adversarial activities.

Abstract: A system includes a user computing device with an application for removal of privacy data. The application obtains vehicle information associated with a target vehicle that has a target in-vehicle device from which privacy information of a user is to be removed. Using the vehicle information, the application determines vehicle parameters associated with the target vehicle. The application obtains a privacy information removal file comprising an instruction set associated with removing privacy data from candidate in-vehicle devices, and presents the instruction set. A user experience feedback associated with the candidate in-vehicle devices is obtained and stored in a database.

Abstract: A storage system may assign a different encryption key to each logical storage unit (LSU) of a storage system. For each LSU, the encryption key of the LSU may be shared only with host systems authorized to access data of the LSU. In response to a read request for a data portion received from a host application executing on the host system, encryption metadata for the data portion may be accessed. If it is determined from the encryption metadata that the data portion is encrypted, the data encryption metadata for the data portion may be further analyzed to determine the encryption key for the data portion. The data may be retrieved from the storage system, for example, by performance of a direct read operation. The retrieved data may be decrypted, and the decrypted data may be returned to the requesting application.

Abstract: Systems, computer program products, and methods are described herein for intrusion detection using resource activity analysis. The present invention is configured to receive, from a computing device of a user, an indication that the user has accessed a resource allocation portfolio of a customer; determine a geographic information of the user; retrieve a geographic information of the customer; determine that the geographic information of the user does not match the geographic information of the customer; determine an exposure level associated with the user access of the resource allocation portfolio of the customer; determine that the exposure level is greater than a predetermined threshold; and automatically trigger a transmission of a notification to a computing device of an administrator indicating that the exposure level associated with the user access of the resource allocation portfolio of the customer is greater than the predetermined threshold.

Abstract: A method for link layer authentication includes receiving, at an edge network access node, a link layer authentication packet from a client, seeking network access, using a remote NAS agent running on the edge network access node. The method transmits, using a tunneling connection, the link layer authentication packet to a remote NAS in a link layer authentication process. The link layer authentication process exchanges the link layer authentication packet with an authentication server to authenticate the client. The method includes receiving a link layer authentication packet from the remote NAS over the tunneling connection. The received link layer authentication packet includes a response from the authentication server regarding the transmitted link layer authentication packet.

Abstract: Systems and methods for ensuring that data received from a virtual device is random are provided. A processing device may be used to generate, by a virtual device executing on a hypervisor, data intended for a virtual machine (VM) having a guest memory that includes one or more encrypted pages and one or more unencrypted pages. Data written to an encrypted page of the guest memory by the VM is encrypted using an encryption key assigned to the VM and information read from the encrypted page by the VM is decrypted using the encryption key. The hypervisor may write the data to the encrypted page, wherein the data is not encrypted by the encryption key assigned to the VM because it is written by the hypervisor. The VM reads the data from the encrypted page as randomized data because it cannot be properly decrypted by the encryption key.

Abstract: Ransomware detection and/or isolation and/or remediation of a ransomware-encryption device is performed in a Remote Monitoring and Management (RMM) system environment. The RMM system is operatively associated with monitoring and managing a plurality of devices and, according to an exemplary embodiment, the RMM system includes a RMM agent module locally installed on each device, a cloud-based RMM platform operatively communicating with each device RMM agent module, and a Ransomware Detection (RD)/Isolation module locally installed on each device. The RD/Isolation module locally detects a potential ransomware-encryption in one or more files received by the device and the RMM system isolates a ransomware affected device using a locally executed script provided by the cloud-based RMM platform.

Abstract: A management request is received by a system for carrying out one or more data management operations (including, but not limited to, adding data, merging data or searching for data). The management request is received from a requesting entity. The system comprises a representation database, which comprises at least one secure element. The at least one secure element is a representation of at least one dataset containing confidential data elements stored in at least one database owned or operated by a third party entity. The management request is processed by performing at least one operation, for example by a processing component in the system, on the representation database. In a third step, a processing result is provided, which comprises any suitable information or data content. The processing result is dependent on the contents of the management request.

Abstract: Devices, systems, and methods are provided for detecting and preventing inter-cloud attacks. A method may include determining, by a first cloud management service, a cyber attack on a second cloud management service using the first cloud management service, and determining two or more source Internet protocol (IP) addresses associated with the cyber attack. The method may include determining a response to the cyber attack, the response associated with controlling egress traffic from the first cloud management service, the egress traffic associated with the two or more source IP addresses. The method may include sending a notification to the second cloud management service, the notification including an indication of the response.

Abstract: A first network device may receive a notification over a network; in response to the notification, cause a virtualized operating system (OS) and a hypervisor of the first network device to obtain state units from one or more of first hardware components and virtual components; create a context state transfer package (CSTP) based on the state units; and forward the CSTP from the first network device to a second network device over the network. The second network device may receive the CSTP from the first network device; unpack the CSTP to obtain the state units; and put, at the second network device, second hardware components and virtual components of the second network device in a same state as the first hardware components and virtual components when the state units were obtained at the first network device.

Abstract: At least one information processing apparatus includes a circuitry that: receives, as a package management unit, a setting of a role, which can assign a usage authority of an application package containing at least one application, with respect to the application package, and permits or restricts, as a user management unit, a user to use the application package in conformity with the role, which is allocated to the user of the application, and the role, which is set in the application package.

Abstract: There is provided a system for automating processes, the system comprising at least one computer configured to provide at least one virtual user which interacts with applications and/or documents to run at least one automated process. There is also provided a method of running automated processes, the method comprising the steps of providing at least one computer and providing at least one virtual user on the at least one computer which interacts with applications and/or documents to execute at least one automated process.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media for data security protection are provided. One of the methods includes: receiving a job associated with a project, wherein the project is associated with one or more data sources; identifying a plurality of inputs and a plurality of outputs associated with the job; determining a plurality of required permissions associated with the job, wherein each of the required permissions comprises an operation on a required data source, the operation corresponding to at least one of the inputs or the outputs; verifying that the one or more data sources associated with the project comprise the required data source associated with each of the required permissions; and generating a token associated with the job, the token encoding the required permissions associated with the job, wherein the token is required for execution of the job.

Abstract: Systems and methods are provided for the classification of identified security vulnerabilities in software applications, and their automated triage based on machine learning. The disclosed system may generate a report listing detected potential vulnerability issues, and extract features from the report for each potential vulnerability issue. The system may receive policy data and business rules, and compare the extracted features relative to such data and rules. The system may determine a token based on the source code of a potential vulnerability issue, and a vector based on the extracted features of a potential vulnerability issue and based on the token. The system may select a machine learning modelling method and/or an automated triaging method based on the vector, and determine a vulnerability accuracy score based on the vector using the selected method.