Abstract: The disclosed embodiments relate to virtual distributed ledger networks provisioning using distributed ledger technology. In one embodiment, a system is disclosed, comprising a hardware processor and a memory device storing instructions executable by the hardware processor to perform operations. The operations comprise creating one or more virtual machines, and executing a plurality of microservices via the one or more virtual machines. At least two of the plurality of microservices are associated with different distributed ledger technology networks.

Abstract: There is disclosed a method, computer program product and a system for regulating execution of a suspicious process, comprising determining a file system location of an executable file associated with the suspicious process, encrypting the file, and creating a wrapper for the file with the same file name and location as the file associated with the suspicious process.

Abstract: Methods, systems, and devices for enabling public key infrastructure (PKI) in the generic could environment and the network function virtualization (NFV) environment. A host device may receive, from an orchestrator of a computer network environment, an indication of a workload to be executed by a virtual machine (VM) hosted on the host device, where the indication includes an identifier of the workload. The VM may transmit a request for a certificate to a hardware security module associated with the host device including the identifier of the workload. After transmitting the request for the certificate, the VM may receive the requested certificate from the HSM. In some cases, the VM may determine a private key associated with the workload and include the private key within the request for the certificate. Additionally or alternatively, the HSM may determine the private key. Here, the HSM may include the private key within the certificate.

Abstract: A cloud security system and method implements cloud activity threat detection using analysis of cloud usage user behavior. In particular, the cloud security system and method implements threat detection for users, cloud service providers, or tenants (enterprises) of the cloud security system who are new or unknown to the cloud security system and therefore lacking sufficient cloud activity data to generate an accurate behavior model for effective threat detection. In accordance with embodiments of the present invention, the cloud security system and method performs user behavior analysis to generate generalized user behavior models for user groups, where each user group includes users with similar cloud usage behavior. The user behavior models of the user groups are assigned to users with sparse cloud activity data. In this manner, the cloud security system and method of the present invention ensures effective threat detection by using accurate and reliable user behavior models.

Abstract: A lighting device includes a light source configured to emit a light and a sensor configured to receive identification information from an asset tag of a physical asset. The lighting device further includes a processor configured to send the identification information received from the asset tag and location information of the lighting device to a control device. The processor is further configured to receive a usage control message from the control device and transmit the usage control message, where the usage control message controls whether the physical asset is used at a location indicated by the location information.

Abstract: Systems and methods described herein provide for building policies using namespaces. A device may receive a request to access a resource in a computing environment. The request may include one or more attributes. The device may identify a set of namespaces having domain-specific policy grammar to generate domain-specific policies. The device may determine a namespace from the identified set of namespaces which corresponds to the one or more attributes of the request. The device may generate, using domain-specific policy grammar of the determined namespace, a domain-specific policy to apply to the request.

Abstract: This disclosure relates to systems and methods for verifying the presentation of content to a target audience using generated metrics indicative of a likelihood that the content was presented to actual human individuals within the target audience. In some instances, such a metric may be associated with a probability model estimating that a user (e.g., a user of a device) is human and not a bot and/or other automated service. Metrics consistent with aspects of the disclosed embodiments may be generated based, at least in part, on user information received from a user and/or associated devices and/or associated services. Consistent with various disclosed embodiments, metrics indicative of whether a user is human, content distribution decisions and user agency decisions may use such metrics.

Abstract: Systems and methods for recent file malware scanning are provided herein. In some embodiments, a security system may include a processor programmed to download one or more files; filter, by a first driver, the one or more downloaded files using a security zone identifier; scan, by the first driver, the filtered subset of one or more files for malware; store, by a second driver, a first set of information associated with each of the scanned files to indicate that each the filtered subset of one or more files have been scanned, wherein the first set of information is stored as metadata using alternative data stream (ADS) associated with each scanned file; monitor, by the second driver, changes to existing files based on the metadata stored; send instructions to rescan any existing file that has changed for malware; and update the information associated with any rescanned file's metadata using the ADS.

Abstract: A path for a node of a computing environment is secured. The securing includes obtaining, by the node, a message that includes an identifier of a shared key and an encrypted message. The node obtains the shared key from a key server and uses it to decrypt the encrypted message to obtain an encryption key and one or more parameters. A security parameters index to be associated with the encryption key and the one or more parameters is obtained. The node sends a response message to another node, the response message including the security parameters index.

Abstract: A method for managing customer information pertaining to at least one application associated with a provider. The method includes obtaining initial application information pertaining to the at least one application. The initial application information includes a location of processing of the customer information by the at least one application. The method further includes determining whether additional application information is required based on the location of processing. The method further includes, upon determining that the additional application information is required, obtaining the additional application information based at least in part on the location of processing. The method further includes determining a risk level associated with the at least one application based on the initial application information and the additional application information.

Abstract: Example methods and computer systems for receive-side processing for encapsulated encrypted packets. One example may comprise: in response to receiving, over a tunnel, a first encapsulated encrypted packet that includes a first encrypted inner packet and a first outer header, generating a first decrypted inner packet by performing decryption and decapsulation; and based on content of the first decrypted inner packet, assigning the first decrypted inner packet to a first processing unit. The method may further comprise: in response to receiving, over the tunnel, a second encapsulated encrypted packet that includes a second encrypted inner packet and a second outer header, generating a second decrypted inner packet by performing decryption and decapsulation; and based on content of the second decrypted inner packet, assigning the second decrypted inner packet to a second processing unit, thereby distributing post-cryptography processing over multiple processing units.

Abstract: Techniques regarding managing one or more software application build processes are provided. For example, one or more embodiments described herein can comprise a system, which can comprise a memory that can store computer executable components. The system can also comprise a processor, operably coupled to the memory, and that can execute the computer executable components stored in the memory. The computer executable components can comprise a control component that can execute a freeze algorithm that modifies an incorporation of a software artifact within a software application build set. The freeze algorithm can prevent implementation of a change to the software artifact by a version control program.

Abstract: Apparatuses, methods, systems, and program products are disclosed for secure data handling and storage. An apparatus includes a lock module that receives a request to decrypt encrypted data that is stored in a data repository, the encrypted data encrypted using a first encryption key, and unlocks an encryption engine in response to the request. An encryption engine may be unlocked using a master key that is generated based on combination of a plurality of keys held by a plurality of key holders. An apparatus includes a decryption module that decrypts encrypted data using an encryption engine. Encrypted data may be decrypted using a first encryption key. An apparatus includes an encryption module that re-encrypts decrypted data using an encryption engine. Decrypted data may be re-encrypted with a second encryption key that is different than a first encryption key and stored in a data repository.

Abstract: Embodiments of the present disclosure leverage distributed ledger technologies to exert user-centric control over data shared with third party service providers. User access provider (UAP) devices manage user-configured permissions and metadata that control access to user data by the third party service providers. Permissions may enable service providers to access, write, and share user data with other service providers having appropriate permissions. Users may provide data to various service providers as they interact with services supported by the platform and as the data is received it may be validated and then stored on the distributed ledger. Data may be periodically synchronized across different service provider nodes responsible for maintaining the distributed ledger to ensure consistency with respect to each user's data.

Abstract: A method includes utilizing a user computing device to remove privacy information. The user computing device may obtain a vehicle identification number associated with a target vehicle that has a target in-vehicle device from which privacy information of a user is to be removed. Using the vehicle identification number, the user computing device may obtain vehicle parameters associated with the target vehicle. The user computing device may obtain a privacy information removal file comprising an instruction set associated with removing privacy data from candidate in-vehicle devices, and may present the instruction set. The user computing device may obtain a user feedback experience. The user feedback experience may include a confirmation of removal of the privacy information from the at least one candidate in-vehicle device, user comments, a voice recording, or an image, captured by a camera of the user computing device, of the at least one candidate in-vehicle device.

Abstract: Disclosed is a method for the secure storage, in a network, of a container image in a container registry, including sending a container image, this container image corresponding to an initial state of a client machine environment which can subsequently be used to execute this container, from a client machine of the network to a container registry of a server machine of the network remote from the client machine. The method also includes encrypting this container image, carried out in the random access memory of the client machine before sending to the server machine, so that the container image is already encrypted when received by the container registry for storage therein, and in that the encryption key of this container image is usable in the random access memory of the client machine, inaccessible in the mass storage of the client machine, and inaccessible on the server machine.

Abstract: The invention includes a method and a communication network for preventing impermissible access to software applications implemented in field devices, wherein the field devices are integrated in a communication network of automation technology and wherein each software application exchanges information within the communication network via at least one communication interface.

Abstract: A computer-implemented method for creating a secure software container. The method comprises providing a first layered software container image, transforming all files, except corresponding metadata, of each layer of the first layered software container image into a volume, the volume comprises a set of blocks, wherein each layer comprises an incremental difference to a next lower layer, encrypting each block of the set of blocks of a portion of the layers, and storing each encrypted set of the blocks as a layer of an encrypted container image along with unencrypted metadata for rebuilding an order of the set of blocks equal to an order of the first layered software container image, so that a secure encrypted software container is created.

Abstract: The endpoint agent detects a cyber threat on an end-point computing device. The endpoint agent on the computing device has a communications module that communicates with a cyber defense appliance. A collections module monitors and collects pattern of life data on processes executing on the end-point computing-device and users of the end-point computing-device. The communications module sends the pattern of life data to the cyber defense appliance installed on a network. The cyber defense appliance at least contains one or more machine-learning models to analyze the pattern of life data for each endpoint agent connected to that cyber defense appliance. The endpoint agent and the cyber defense appliance may trigger one or more actions to be autonomously taken to contain a detected cyber threat when a cyber-threat risk score is indicative of a likelihood of a cyber-threat is equal to or above an actionable threshold.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; and instructions encoded within the memory to instruct the processor to: receive an unknown file object; select the unknown file object for visual analysis; compute first, second, and third property sets for the unknown object; and construct an n×m bitmap of pixels, including comparing the unknown file object to n×m known file objects, wherein the pixels include first, second, and third color channels, wherein the first, second, and third color channels represent similarity of the first, second, and third properties to corresponding first, second, and third properties of a known file object from among the n×m file objects.