Abstract: Technologies for on-device experimentation include embodiments that receive a request to provide digital content for display in a slot of a user interface display screen of a first device. By a secure execution environment, an identifier received with the request is anonymized. The request is determined to be associated with a content distribution test. The anonymized identifier is assigned to a test group associated with the content distribution test. The secure execution environment receives user interface event data generated by the first device in response to the content distribution test. The received user interface event data is attributed to the test group. An association of the user interface event data with the test group and the content distribution test is provided by the secure execution environment to a second device different than the first device while the identifier and the anonymized identifier are not provided to the second device.

Abstract: A digital optical data network system for improving information security in Passive Optical Networks (“PON”) by providing virtual information separation in the router, such as a premise router, or routers interfacing the entire PON, such as by utilizing virtual routing and forwarding, thus allowing safe data traffic between multiple carriers, service providers accessing the PON and multiple end users on the PON such as tenants in a building, employees of a business entity, or subscribers in a residential community.

Abstract: A system and method for receiving secure data in a client device. In one embodiment, the method comprises (a) receiving a token having a token ID and a digital certificate generated by a certificate authority (CA) having client device fingerprint data generated from client device parameters, (b) accepting a request in the client device to provide secure data to the client device, (c) regenerating the client device fingerprint data from the client device parameters, (d) determining, in the client device, differences between the client device fingerprint data of the digital certificate from the regenerated client device fingerprint data, and (e) transmitting a request to a secure data service to provide secure data based upon the determination.

Abstract: Techniques for enabling fast user access to the desktop computing environment of a remote computer via a user device in response to notification of a change in the display screen of the remote computer. The techniques include specifying an area of the display screen, setting a policy for determining whether to notify a subscribed user of a change within the specified display screen area, generating a notification packet containing information for validating the subscribed user and establishing a connection to the remote computer, encrypting the notification packet, sending or pushing the notification packet to the user device of the subscribed user, decrypting the notification packet, extracting the information for validating the subscribed user and establishing the connection from the notification packet, and constructing and rendering an image of a shortcut icon on a display of the user device for providing fast user access to the remote computer desktop computing environment.

Abstract: A method and system are disclosed. The method and system include receiving, at a wrapper, a communication and a context associated with the communication from a client. The communication is for a data source. The wrapper includes a dispatcher and a service. The dispatcher receives the communication and is data agnostic. The method and system also include providing the context from the dispatcher to the service. In some embodiments, the method and system use the service to compare the context to a behavioral baseline for the client. The behavioral baseline incorporates a plurality of contexts previously received from the client.

Abstract: The present invention includes an embodiment that may determine an access level within an organization. The embodiment may generate a simulated scenario based on the access level. The embodiment may identify responses of the user to the generated simulated scenario. The embodiment may capture one or more input frames. The embodiment may analyze the responses and the one or more input frames and generate education for the user based on the responses and the one or more input frames.

Abstract: A method for providing graph-based application modeling to facilitate application lifecycle management is disclosed. The method includes receiving, via a graphical user interface, an input, the input relating to a request to design and develop an application; determining, based on the input, a model development plan, the model development plan including a universal schema that is compatible with a variety of application development schemas; generating a model based on the model development plan and the input, the model relating to an illustration of a topology corresponding to the application; associating the model with the application; storing the model and the association in a model repository; and exposing the model via a network interface.

Abstract: An anomaly detection device (IDS ECU) includes a detection rule generator that monitors a communication establishment frame flowing over Ethernet in a communication establishment phase of service-oriented communication and that generates, for each communication ID, a detection rule including the communication ID written in the communication establishment frame and a server (or client) address written in the communication establishment frame; an anomaly detector that monitors a communication frame flowing over the Ethernet in a communication phase of the service-oriented communication and that, by referring to a detection rule that includes a communication ID written in the communication frame, detects the communication frame as an anomalous frame when a server (or client) address written in the communication frame differs from a server (or client) address included in the detection rule; and an anomaly notifier that provides a notification of an anomaly in response to the anomalous frame being detected.

Abstract: Isolating suspicious email links is described. An email security service receives an email that includes a link that refers to an external resource. A first suspicious link determination is performed to determine whether the link is suspicious. If the link is suspicious, the link is rewritten to refer to the email security and the email is delivered to the recipient. A request from a client device is received responsive to the link being opened. A second suspicious link determination is performed to determine whether the link is suspicious. If the link is suspicious, an interstitial page is transmitted to the client device that includes an option that, when selected, causes the first link to be opened in a remote browser isolation session.

Abstract: Systems, devices, and methods of protecting electronic or Internet-connected devices against fraudulent and malicious activities. A Data Collector and Mediator Unit monitors network traffic, and generates datasets of network traffic; each dataset includes network traffic monitored within a time-slot having a particular fixed time-length. A Predictor Unit includes a Features Extractor, to extract features from the datasets; and a Machine Learning (ML) unit, to run the extracted features through a ML model and to classify a particular traffic-portion as being either (I) an anomalous traffic-portion that is associated with fraudulent or malicious activity, or (II) a non-anomalous traffic-portion that is not-associated with fraudulent or malicious activity. The ML unit operates on both (i) anomalies in traffic patterns, and (ii) anomalies of user behavior and/or device behavior.

Abstract: A device for automatically identifying anti-analysis techniques by using the signature extraction, includes an extraction unit which extracts a DEX file and an ELF file from an application file after unpacking the application file, which is in an APK format and includes compressed execution code to be executed on Android, a detection unit which receives the acquired signature classified according to types of the signature, analytically compares the input signature with the signature stored in a database, and detects the signature used in anti-analysis techniques, and a determination unit which determines according to the detected signature what anti-analysis technique is applied to the application. According to the present invention, it is possible to enable an appropriate and quick response to damages due to malicious applications by shortening the time required for analysis and automatically recognizing the application to which the anti-analysis technique is applied.

Abstract: An unauthorized frame detection device that can keep an unauthorized ECU from spoofing as a legitimate server or client while suppressing an overhead during communication is provided. The unauthorized frame detection device includes a plurality of communication ports corresponding to the respective of networks, a communication controller, and an unauthorized frame detector. The plurality of communication ports are each connected to a corresponding predetermined network among the plurality of networks and each transmit or receive a frame via the predetermined network. The unauthorized frame detector determines whether an identifier of a service, a type of the service, and port information that are each included in the frame match a permission rule set in advance and outputs a result of the determination.

Abstract: An integration manager identifies one or more services accessible by a computer system; determines a set of action components associated with the computer system, wherein each action component of the set of action components is configured to provide a functionality associated with at least one of the one or more services; receives, from a user of the computer system, a selection of a first action component from the set of action components; determines, based at least in part on the first action component, a second action component from the set of action components; links the first action component with the second action component, wherein an output of the first action component is linked to an input of the second action component; and generates an executable workflow, the executable workflow comprising the first action component linked with the second action component.

Abstract: Techniques are described herein that are capable of performing automatic graph-based detection of potential security threats. A Bayesian network is initialized using an association graph to establish connections among network nodes in the Bayesian network. The network nodes are grouped among clusters that correspond to respective intents. Patterns in the Bayesian network are identified. At least one redundant connection, which is redundant with regard to one or more other connections, is removed from the patterns. Scores are assigned to the respective patterns in the Bayesian network, based on knowledge of historical patterns and historical security threats, such that each score indicates a likelihood of the respective pattern to indicate a security threat. An output graph is automatically generated. The output graph includes each pattern that has a score that is greater than or equal to a score threshold. Each pattern in the output graph represents a potential security threat.

Abstract: A cyber-defense appliance securely communicates and cooperates with a suite of different lightweight probes that can ingest onboard traffic from multiple different independent systems using protocols for at least one of a data link layer, a physical layer, and then one or more of an application layer, a transport layer, a network layer, and any combination of these layers when a protocol is used in that layer in the independent system. The lightweight probe ingests data and meta data with an independent system it resides within. The appliance has AI models to model a normal pattern of life in each of the independent systems using the data and/or meta data from protocols listed above. An analyzer module cooperates with the AI models that model a normal pattern of life in each of the independent systems to determine when abnormal behavior or suspicious activity is detected.

Abstract: Techniques for automated identification of false positives in DNS tunneling detectors are disclosed. In some embodiments, a system, process, and/or computer program product for automated identification of false positives in DNS tunneling detectors includes receiving a set of passive DNS data, wherein the set of passive DNS data includes a DNS query and a DNS response for resolution of the DNS query for each of a plurality of DNS queries; extracting a plurality of features associated with each domain in the set of passive DNS data; and classifying DNS tunneling activities and performing false positive reduction using the plurality of features associated with each domain in the set of passive DNS data to reduce false positive detections.

Abstract: Systems and methods are provided for determining a query involving at least one dataset comprising a plurality of records, the query being submitted by a first user operating a computing device. An archetype policy that governs access to records of the at least one dataset can be determined, wherein the archetype policy includes at least one logical formula to be evaluated when determining whether a requesting user is permitted to access a given record, and wherein the at least one logical formula is satisfied based at least in part on a state associated with the requesting user and at least one first variable evaluated by the at least one logical formula. At least one record that the first user is permitted to access can be determined based at least in part on satisfaction of the at least one logical formula associated with the archetype policy.

Abstract: Disclosed embodiments relate to passwordless authentication. Techniques include identifying a request by a user to access an access-restricted target resource, the user operating on a client computing device and the request being associated with a network address for the access-restricted target resource; intercepting the request; generating a unique session identifier for the user; making available the unique session identifier to the user of the client computing device; performing dual-mode, passwordless authentication of the user; confirming, based on the dual-mode, passwordless authentication of the user, the identity of the user and the user's current use of the client computing device; and permitting, based on the confirmation, the user to access the access-restricted target resource.

Abstract: A method by one or more computing devices implementing a data insights sharing service to allow a first user of the data insights sharing service to share data insights with other users of the data insights sharing service. The method includes storing metadata describing one or more data insights, where the one or more data insights were generated based on analyzing a dataset of the first user, responsive to receiving a request from a second user to access the one or more data insights, generating the one or more data insights based on the metadata describing the one or more data insights without accessing the dataset, and providing the one or more data insights to the second user via a graphical user interface (GUI) of the data insights sharing service.

Abstract: Disclosed embodiments relate to providing dynamic and least-privilege access to network resources. Techniques include receiving a request from a network identity to access a network resource, authenticating the network identity using a native client and communication protocol, authorizing the network identity based on one or more access policy, generating a least privilege ephemeral account having ephemeral credentials, accessing the network resource using the ephemeral credentials, and enabling the network identity to access the network resource using the least-privilege ephemeral account using the native client and communication protocol. The techniques may further include matching an existing account to the network identity based on the one or more access policy and enabling the network identity to access the network resource using the matched existing account using the native client and communication protocol.