Abstract: A method by one or more computing devices implementing a data insights sharing service to allow a first user of the data insights sharing service to share data insights with other users of the data insights sharing service. The method includes storing metadata describing one or more data insights, where the one or more data insights were generated based on analyzing a dataset of the first user, responsive to receiving a request from a second user to access the one or more data insights, generating the one or more data insights based on the metadata describing the one or more data insights without accessing the dataset, and providing the one or more data insights to the second user via a graphical user interface (GUI) of the data insights sharing service.

Abstract: Disclosed embodiments relate to providing dynamic and least-privilege access to network resources. Techniques include receiving a request from a network identity to access a network resource, authenticating the network identity using a native client and communication protocol, authorizing the network identity based on one or more access policy, generating a least privilege ephemeral account having ephemeral credentials, accessing the network resource using the ephemeral credentials, and enabling the network identity to access the network resource using the least-privilege ephemeral account using the native client and communication protocol. The techniques may further include matching an existing account to the network identity based on the one or more access policy and enabling the network identity to access the network resource using the matched existing account using the native client and communication protocol.

Abstract: An example operation may include one or more of receiving a request to certify a digital record, retrieving a first hashed data value of the digital record from a data block included among a first hash-linked chain of blocks on a first blockchain, retrieving a second hashed data value of the digital record from a second data block included among a second hash-linked chain of blocks on a second blockchain which is different from the first blockchain, determining whether the digital record is valid based on a cross-validation of the first hashed data value and the second hashed data value, and storing the determination of the validity of the digital record in a data block among a third hash-linked chain of blocks.

Abstract: Methods, computer-readable media, software, and apparatuses may assist a consumer in keeping track of a consumer's accounts in order to prevent unauthorized access or use of the consumer's identified subscriptions and financial accounts. The identified subscriptions and financial accounts may be displayed to the consumer along with recommendations and assistance for closing unused or unwanted financial accounts and subscriptions to prevent unauthorized access or use.

Abstract: A blockchain based system for managing credentials in batch with selective attributes disclosing/hiding capability and auditable Merkle tree are disclosed with include a SmartCert unit coupled to a blockchain ecosystem and a public key infrastructure (PKI); the SmartCert unit further includes an issuer SmartCert and SmartCert verifier interface so that the holder can select to hide optional components completely from the verifier; and the verifier can check the certificate using the auditable Merkle tree.

Abstract: A method comprising maintaining, in a central database, stored host device information related to one or more host devices associated with providing harmful data, which potentially includes harmful content; configuring a VPN server to receive, from a DNS server, obtained host device information associated with a host device based at least in part on receiving an indication that data of interest is to be requested from the host device; configuring the VPN server to determine that the data of interest potentially includes harmful content based at least in part on determining that the obtained host device information matches the stored host device information; and configuring the VPN server to transmit, based at least in part on determining that the data of interest potentially includes harmful content, a notification indicating that the data of interest to be requested potentially includes harmful content. Various other aspects are contemplated.

Abstract: The present disclosure relates to systems and methods for filtering electronic activities. The method includes identifying an electronic activity. The method includes parsing the electronic activity to identify one or more electronic accounts in the electronic activity. The method includes determining, responsive to parsing the electronic activity, that the electronic activity is associated with an electronic account of the one or more electronic accounts. The method includes selecting, based on the electronic account, one or more filtering policies associated with the data source provider to apply to the electronic activity. The method includes determining, by applying the selected one or more filtering policies to the electronic activity, to restrict the electronic activity from further processing based on the electronic activity satisfying at least one of the selected one or more filtering policies. The method includes restricting, the electronic activity from further processing.

Abstract: A security information visualization method including the steps of: preprocessing log data extracted from a security device; calculating, from the pre-processed log data, periodic data of element information related to internet protocol (IP) address information about a security action; and providing visualization information visualizing the IP address information and the calculated periodic data of element information.

Abstract: To promptly investigate the cause of interruption of Ethernet communication. An anomaly monitoring device includes a power supply, an Ethernet port, an anomaly determination unit configured to determine whether or not an anomaly related to Ethernet communication has occurred between a peripheral device and a control device, an information collection unit configured to collect operation information about operation of the peripheral device when the anomaly determination unit determines that an anomaly related to the Ethernet communication has occurred, and an information transmission unit configured to transmit the collected operation information outside via the Ethernet port, on the basis of the Ethernet communication.

Abstract: Disclosed in some examples are methods, systems, devices, and machine-readable mediums which utilize digital tracking tags attached to data to monitor and/or control the data as it moves between applications and/or computing devices. The digital tracking tag may be embedded in the data (e.g., as a digital watermark) or associated with the data e.g., as metadata. In some examples, the digital tracking tag may include an address of a tracking database with which to record one or more events related to the data. For example, recipients, senders, or other participants in a data transfer event may register the data transfer event with the tracking database.

Abstract: A cyber security appliance has one or more modules to interact with entities in an operational technology network and potentially in an informational technology network. The operational technology module can reference various machine-learning models trained on a normal pattern of life of users, devices, and/or controllers of the operational technology network. A comparator module cooperates with the operational technology module to compare the received data on the operational technology network to the normal pattern of life of any of the users, devices, and controllers to detect anomalies in the normal pattern of life for these entities in order to detect a cyber threat. An autonomous response module can be programmed to respond to counter the detected cyber threat.

Abstract: A method of evaluating risk associated with a social media account. Content associated with the account and with social media accounts connected to the account is scanned. Collected data relating to the account content and the connected account content is stored. The account content is analyzed by determining one or more of characteristics of a posted image, parameters of posted comments, and changes in the list of connected social media accounts. The collected data is also analyzed in order to characterize the connected social media accounts with levels of suspicion. A report may be generated that includes one or more of: information identifying at least some of the account content as presenting a risk based upon characteristics of posted images or comments, information identifying material changes in account user traffic, and information identifying one or more of the connected social media accounts as being associated with suspicious activity.

Abstract: Methods, apparatus, computer program products for tracking sensitive data are provided. A method for tracking sensitive data comprises identifying, by one or more processing units, for a type of sensitive data, at least one key interface that carries the type of sensitive data and recording the at least one key interface. The method further comprises generating, by one or more processing units, for the type of sensitive data, for each type of sensitive data, a series of service nodes based on the at least one key interface, and monitoring, by one or more processing units, for the type of sensitive data, corresponding data traffic flowing through corresponding series of service nodes, based on the identified at least one key interface.

Abstract: A log generation method for generating a log of communication on an in-vehicle network includes: performing a plurality of determination processes for determining, by using different methods, whether or not a message sent to the in-vehicle network is anomalous; generating a log in accordance with results of the plurality of determination processes; and transmitting the generated log. In the generating, information items to be included in the log are determined in accordance with a combination of the results of the plurality of determination processes so that the log does not include identical information items.

Abstract: Disclosed herein are system, method, and computer program product embodiments for providing an anomaly detection system. Some aspects of this disclosure include a method for detecting anomaly in a network device. The method includes determining one or more similarity values between a flow vector corresponding to a flow associated with the network device and one or more flow clusters associated with the network device. The method further includes determining a maximum similarity value as a maximum of the one or more similarity values and comparing the maximum similarity value to a threshold. The method also includes, in response to the maximum similarity value being equal to or greater than the threshold, updating a flow cluster associated with the maximum similarity value. The method also includes, in response to the maximum similarity measure being less than the threshold, detecting the anomaly in the network device.

Abstract: A system and method for anomaly interpretation and mitigation. A method includes extracting at least one input feature vector from observation data related to an observation; applying an isolation forest to the at least one input feature vector, wherein the isolation forest includes a plurality of estimators, wherein each estimator is a decision tree, wherein the output of each estimator is a split-path of a plurality of split-paths, each split-path having a path-length and including name and a corresponding value for a respective output feature of a plurality of output features; generating a mapping object based on the application of the isolation forest to the at least one feature vector, wherein the mapping object includes the plurality of split-paths; clipping the mapping object based on the path-length of each split-path; and determining at least one mitigation action based on the clipped mapping object.

Abstract: Aspects of the disclosure relate to malware detection at endpoint devices. A computing platform may send rule information to a browser extension including a set of rules defining reportable behavior of network traffic associated with a website. Subsequently, the computing platform may receive report information including an identification of a loaded web page associated with the website that exhibits the reportable behavior defined by at least one rule of the set of rules and an indication of which rules of the set of rules have been met. Based on receiving the report information, the computing platform may assign a risk score for the identified loaded web page. Thereafter, the computing platform may determine that the risk score is above a predetermined threshold, and in response, the computing platform may send commands to the browser extension directing the browser extension to close the identified loaded web page.

Abstract: A method and system are disclosed. The method and system include receiving, at a wrapper, a communication and a context associated with the communication from a client. The communication is for a data source. The wrapper includes a dispatcher and a service. The dispatcher receives the communication and is data agnostic. The method and system also include providing the context from the dispatcher to the service. In some embodiments, the method and system use the service to compare the context to a behavioral baseline for the client. The behavioral baseline incorporates a plurality of contexts previously received from the client.

Abstract: A method, system and computer-usable medium for identifying probability distributions. The identifying probability distributions includes receiving a stream of events, the stream of events comprising a plurality of events; extracting features from the plurality of events, at least some extracted features corresponding to interrelated events; identifying items of interest based upon the interrelated events; and, generating a distribution value based upon the items of interest.

Abstract: A system for authenticating a requesting device using verified evaluators includes an authenticating device. The authenticating device is designed and configured to receive at least a first digitally signed assertion from a requesting device, the at least a first digitally signed assertion linked to at least a verification datum, evaluate at least a second digitally signed assertion, signed by at least a cryptographic evaluator, conferring a credential to the requesting device, validate the credential, as a function of the at least a second digitally signed assertion, and authenticate the requesting device based on the credential.