Abstract: Aspects of the disclosure relate to real-time validation of data transmissions based on security profiles. A computing platform may collect, in real-time, information associated with a plurality of data transmissions between applications, where the information may include, for each data transmission, an indication of a source application and a destination application. Then, the computing platform may retrieve, from a repository and for each data transmission, a first security profile associated with the source application, and a second security profile associated with the destination application. The computing platform may then compare, for each data transmission, the first security profile to the second security profile. Subsequently, the computing platform may detect, based on a determination that the first security profile does not match the second security profile, a potentially unauthorized data transmission.

Abstract: A method, an intelligent switch, a device, and a network for recognizing deviations in communication behavior of the network are provided. Characteristics of communication are monitored and evaluated regarding security behavior of the network using a model of a communication behavior of the network. For each communication over a switch of the network, at most three security values are derived from communication metadata of the respective communication using the model of the communication behavior. For each communication, it is checked whether the respective at most three security values meet respective predetermined threshold values. When the respective predetermined threshold values are not met by at least one of the security values, a security warning is generated.

Abstract: A multidimensional security situation real-time presentation method according to an embodiment includes selecting security testing cases of at least one dimensionality based on a test instruction to generate a target test set, and generating a corresponding target log set according to the target test set, determining a difference log set according to the target log set and a monitoring log set, and performing real-time output display of difference log events, test processing time periods, enhanced training nodes and a test processing efficiency corresponding to the difference log set.

Abstract: An example operation may include one or more of executing, by an endorser node, a smart contract to generate a blockchain transaction data, generating, by the endorser node, metadata specific to the endorser node, concatenating, by the endorser node, the metadata with the blockchain transaction data, signing, by the endorser node, a concatenation result data with a key of the endorser node, and providing, by the endorser node, the signed concatenation result data to a committer node for verification.

Abstract: Disclosed is a unified security system of cloud-based components configured for (a) packet-level and (b) protocol-level access control and traffic inspection, (c) threat detection and (d) activity contextualization. Packet-level inspects and classifies headers in requests or responses, sets a first restrictive state or passes the request or response. Protocol-level performs deep packet inspection for malicious signatures then sets a second state or passes. Threat detection, when the request or response is an HTTP/S stream, classifies as directed to a threat destination or not, then sets a third state or passes the request or response and activity contextualization, when the request is an HTTP/S stream seeking access to a cloud-based application, recognizes, processes and classifies content-containing activity as compromising or not, then sets a fourth state or passes.

Abstract: This document relates to securing ownership of devices to particular users when the devices are shipped directly from an original equipment manufacturer in order to prevent malicious use of devices that are lost or stolen. A purchaser may purchase a device from an original equipment manufacturer, and as part of the purchasing process, may provide ownership information for the device, which may include a user identifier and an identity provider. The ownership data can be written to firmware, and upon powering on of the device, the device can request a user identifier, which is then validated by the identity provider before allowing operating systems operations to continue on the device.

Abstract: A system for detecting and profiling endpoints of a computer network is provided. The system includes a first computing device including at least one processor in communication with at least one memory device. The first computing device is in communication with a computer network. The at least one memory device stores a plurality of instructions, which when executed by the at least one processor cause the at least one processor to receive a plurality of packets transmitted to the computer network, determine an identity of a first end point device associated with the plurality of packets, determine a behavior pattern for the first end point device based on the plurality of packets, and generate a synthetic profile for the first end point device based on the identity and the behavior pattern.

Abstract: A system or method may include an in-vehicle network including an interface port for connecting an external device to the in-vehicle network; and a security unit connected to the in-vehicle network, the security unit adapted to enable an external device to communicate with the in-vehicle network, over the interface port, based on a security token received from the external device. A system or method may, based on a token, prevent an external device from at least one of: communicating with a selected set of components on in an in-vehicle network, communicating with a selected set of network segments in the in-vehicle network and performing a selected set of operations.

Abstract: Aspects of a privileged identity management system and method provide users with the ability to request elevated privileges to perform tasks on computing systems and software applications. The privileged identity management system and method also provides users with the ability to extend the elevated privileges to access privileged features or perform tasks using elevated privileges. The privileged identity management system and method utilize a different device that is readily available to the user in order to provide communications relating to the elevated privileges.

Abstract: The present invention relates to the technical field of industrial networks and information security, and in particular to an industrial control system and a network security monitoring method therefor, for effectively monitoring the network security of an industrial control system. The method comprises: selecting at least one first data source related to an industrial control system and acquiring first data therefrom; counting time-varying features of the first data to serve as a behavior model for the industrial control system; acquiring second data from some or all of the at least one first data source; and determining whether the second data has the features described by the behavior model, and if so, determining that the industrial control system exhibits normal behavior, and if not, determining that the industrial control system exhibits abnormal behavior. In consideration of the certainty of the behavior of the industrial control system, a system behavior model is obtained by means of counting.

Abstract: A priority determination system includes: an anomaly obtainer that obtains anomaly data items each indicating anomaly in a corresponding one of moving bodies; a state obtainer that obtains state data items each indicating a state of a corresponding one of the moving bodies; a risk value calculator that calculates, for each of the anomaly data items, a risk value indicating a risk of the anomaly based on a state data item of the corresponding one of the moving bodies; a priority determiner that determines a priority of a task for dealing with the anomaly indicated by each of the anomaly data items, based on the risk value of the anomaly data item; and an outputter that provides output based on a result of the determination.

Abstract: A computer-implemented method for selectively monitoring devices may include (i) identifying a set of characteristics of a device-usage session of a device, (ii) calculating, based on the set of characteristics, a privacy score for the device-usage session, (iii) selecting, for the device, a device monitoring profile that is correlated with the privacy score and that defines an intensity level of monitoring actions to be performed on the device, and (iv) monitoring activity performed on the device during the device-usage session in accordance with the device monitoring profile that is correlated with the privacy score for the device-usage session. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: In association with a communication platform, one or more users can create, share, edit, and/or comment on a document. Some examples of this disclosure are related to providing a list of suggested documents that a user can reference (e.g., add a link to) in a virtual space (e.g., in a message or post to one or more other users). For example, a user can be interacting with a virtual space (e.g., composing a direct message, a channel post, a thread, a workspace, a document, and the like) and invoke a list of suggested documents that can be referenced in the virtual space. In examples of the present disclosure, the list of suggested documents can include documents that are identified (e.g., based on one or more conditions being met) to be relevant to, or otherwise associated with, the virtual space.

Abstract: A computer security system comprises at least one authorized node constructed and arranged to execute a consensus protocol for validating and verifying a blockchain transaction and to extract at least one of a signature or feature of a detected cyberattack for the blockchain transaction and mining the transaction to a blockchain network; at least one unauthorized node prohibited from executing the consensus protocol and from validating and verifying a blockchain transaction but authorized to retrieve the at least one of the signature or feature from the blockchain network; and a special-purpose processor of the blockchain network that facilitates a distribution of the at least one of signature or feature for cooperative intrusion detection between the at least one authorized node and the at least one unauthorized node.

Abstract: Maintaining a database of a plurality of time series data sets, wherein each time series data set is associated to a previously known computer device of a computer network; detecting a connection request from a second computer device of the computer network; collecting one or more new data sets related to the second computer device; comparing the one or more new data sets with one or more time series data sets; calculating one or more value scores related to the plurality of time series data sets based on the comparison; and determining a device association score based on the calculated one or more value scores related to the plurality of time series data sets, wherein the device association score determines an association level between the previously known computer device and the second computer device of the computer network.

Abstract: This specification generally relates to methods and systems for applying network policies to devices based on their current access network. One example method includes identifying a proxy connection request sent from a particular client device to a proxy server over a network, the proxy connection request including a hostname and configured to direct the proxy server to establish communication with the computer identified by the hostname on behalf of the client device; determining an identity of the client device based on the proxy connection request; identifying a domain name system (DNS) response to a DNS request including the hostname from the proxy connection request; and updating DNS usage information for the particular client based on the identified DNS response including the hostname from the proxy connection request.

Abstract: An access analysis system includes: a first analysis unit that analyzes validity of a user based on a characteristic of an operation of a terminal by the user regarding access via a network; a second analysis unit that based on communication regarding the access, analyzes normality of the communication; and a determination unit that determines validity of the access based on an analysis result from the first analysis unit and an analysis result from the second analysis unit, thereby improving the accuracy of determining the validity of access via the network.

Abstract: Hosts in a cluster in a virtualized computing environment bypass a management layer when communicating with an external key management service (KMS). One of the hosts is configured with KMS configuration information (including digital certificate information) that enables the host to directly communicate with the KMS via a secure communication connection, instead of communicating with the KMS via the management layer. This KMS configuration information is replicated in a distributed manner from the host to the other hosts in the cluster, thereby enabling the other hosts in the cluster to also directly and independently communicate with the KMS to obtain encryption keys to perform cryptographic operations.

Abstract: Information is received from a first networked device for a first user and from a second networked device for a second user. The first user and the second user are verified and registered. A first set of data for the first user and a second set of data for the second user that each specify one or more network parameters per network address that communicates with each user are received from a networked collector device. Addresses are selected from each of the first set and the second set where each of the one or more network parameters are above a first activity threshold level for that parameter. A first set and a second set of first level activity addresses are produced. A whitelist is generated for the first user from an intersection of the first set of first level activity addresses and the second set of first level activity addresses.

Abstract: The disclosure is directed towards systems and methods for improving security in a computer network. The system can include a planner and a plurality of controllers. The controllers can be deployed within each zone of the production network. Each controller can be configured to assume the role of an attacker or a target for malicious network traffic. Simulations of malicious behavior can be performed by the controllers within the production network, and can therefore account for the complexities of the production network, such as stateful connections through switches, routers, and other intermediary devices. In some implementations, the planner can analyze data received from the controllers to provide a holistic analysis of the overall security posture of the production network.