Abstract: Information is received from a first networked device for a first user and from a second networked device for a second user. The first user and the second user are verified and registered. A first set of data for the first user and a second set of data for the second user that each specify one or more network parameters per network address that communicates with each user are received from a networked collector device. Addresses are selected from each of the first set and the second set where each of the one or more network parameters are above a first activity threshold level for that parameter. A first set and a second set of first level activity addresses are produced. A whitelist is generated for the first user from an intersection of the first set of first level activity addresses and the second set of first level activity addresses.

Abstract: The disclosure is directed towards systems and methods for improving security in a computer network. The system can include a planner and a plurality of controllers. The controllers can be deployed within each zone of the production network. Each controller can be configured to assume the role of an attacker or a target for malicious network traffic. Simulations of malicious behavior can be performed by the controllers within the production network, and can therefore account for the complexities of the production network, such as stateful connections through switches, routers, and other intermediary devices. In some implementations, the planner can analyze data received from the controllers to provide a holistic analysis of the overall security posture of the production network.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for authenticating a first computing device to access a secure account. Receiving a request from a second computing device to be authorized to access the secure account. Providing, to the second computing, first data that represents a first machine-readable code for presentation by the second computing device. Receiving, from the first computing device, second data that represents a second machine-readable code as read by the first computing device. Authorizing the second computing device to access the secure account in response to determining that the second data accurately represents the first machine-readable code as sent to the second computing device.

Abstract: An anomaly detection electronic controller performs anomaly detection processing and is connected to a network, which a plurality of electronic controllers uses for communication. The anomaly detection electronic controller includes an anomaly detection processor that performs anomaly detection processing regarding a data frame. The anomaly detection controller also includes an anomaly detection processing requester that decides an anomaly detection processing timing when receiving the data frame, the anomaly detection processing timing being a reception timing of one or multiple fields in the data frame. The anomaly detection processor further performs the anomaly detection processing regarding the data frame at the anomaly detection processing timing decided by the anomaly detection processing requester.

Abstract: A technological solution for mitigating a cybersecurity risk on a computer that potentially includes a plaintext password. The solution includes searching a computer resource on the computer, analyzing any text, detecting a string of characters in the text that potentially includes a plaintext password, determining a confidence score for the string of characters indicating a likelihood the string of characters includes the plaintext password, and effectuating a remediation action based on the confidence score, wherein the remediation action includes encrypting the string of characters when the confidence score is equal to or greater than a first certainty level.

Abstract: A method for automatically identifying applications that circumvent permissions. The method includes logging network traffic transmitted by one or more computing devices while the one or more computing devices execute one or more applications, identifying, based on analyzing the logged network traffic and permissions granted to the one or more applications, those of the one or more applications that caused permission-protected data to be transmitted without having permission to access that data as circumventing permissions, and generating a report indicating the applications that were identified as circumventing permissions.

Abstract: A computer-implemented method, computer program product and computing system for: obtaining hardware performance information concerning hardware deployed within a computing platform; obtaining platform performance information concerning the operation of the computing platform; obtaining application performance information concerning one or more applications deployed within the computing platform; and generating a holistic platform report concerning the computing platform based, at least in part, upon the hardware performance information, the platform performance information and the application performance information.

Abstract: Techniques for detecting malicious activity on an endpoint based on real-time system events are disclosed. In some embodiments, a system/process/computer program product for detecting malicious activity on an endpoint based on real-time system events includes monitoring an endpoint for malicious activity using an endpoint agent, in which the endpoint comprises a local device; detecting malicious activity associated with an application on the endpoint based on real-time system events using the endpoint agent based on a set of rules; and in response to detecting malicious activity on the endpoint based on real-time system events using the endpoint agent, performing a security response based on a security policy.

Abstract: A network anomaly data detection method includes the following steps: receiving access request data transmitted by a client; searching historical access request data corresponding to a user session identifier in the access request data; acquiring a header character string of the access request data; performing word segmentation processing on the header character string according to a preset step length so as to obtain a word segmentation set; obtaining a word segmentation weight matrix according to the historical access request data and the word segmentation set; inputting the word segmentation weight matrix into an anomaly data detection model so as to obtain a data anomaly probability; and judging whether anomaly data exists in the header character string according to the data anomaly probability.

Abstract: A method and system for analysis of a facility may include providing an emulation host system, first generating a golden circuit model on the emulation host system, first inserting a first hardware trojan model, first emulating operation of the golden circuit model, and second emulating operation of the first hardware trojan model. A facility may include a trojan instrument facility having a trojan detection instrument comparing logic circuit output against a threshold for detecting hardware trojan activity, and outputting alert data, and in relation to opening one of a plurality of scannable access points, a scannable register is inserted into an active scan chain with an associated instrument interface.

Abstract: A process identifier transition monitor captures and assesses activities associated with a microprocessor or a microcontroller. Monitoring and assessment is performed by detection of process identifier transitions, which may be driven by an occurrence of one or more activities, such as execution of application software, system hardware mechanisms, or processor-internal mechanisms. Process identifier transitions are assessed to determine whether such transitions were expected. If a detected process identifier transition was not expected, then a system alert may be transmitted or some other appropriate response taken within the system.

Abstract: The data management device includes a determination unit that determines whether the secondary data generated from the source data to be processed complies with the data handling rules that use statistical information and a data processing unit that performs the processing a determination result by the determination unit. The determination unit estimates the statistical information from the source data to be processed, and determines whether the data handling rule is complied with, prior to the generation of the secondary data, based on whether the secondary data generated based on the estimated statistical information satisfies the statistical values of the statistical information. The data processing unit executes processing when it is determined that the data handling rules are complied with to generate secondary data and does not perform the processing process when it is determined that the data handling rules are not complied with.

Abstract: Disclosed are an Internet access management service sever and an operating method thereof. The present invention presents an Internet access management service server capable of providing an Internet access management service based on terminal grouping and an operating method thereof to support a manager to more conveniently and efficiently perform Internet access management for grouped terminals.

Abstract: A system configured for implementing continuous authentication for a software application is disclosed. The system receives a request from a user to login to an account of the user on the software application. The software application uses open authentication to allow the user to login to the account of the user. Once the user is logged in, the system activates continuous authentication based on monitored user behavior information associated with the user received from one or more organizations. The system monitors accessing the account of the user by monitoring behaviors of a person accessing the account of the user. The system determines whether the behaviors of that person correspond to the monitored user behavior information of the user. If the behaviors of that person correspond to the monitored user behavior information of the user, the system grants the first person to the account of the first user.

Abstract: A method described herein involves various operations directed toward network security. The operations include accessing transaction data describing network traffic associated with a web server during an interval. Based on a count of new transactions involving an online entity during the interval according to the transaction data, a short-term trend is determined for the online entity. The operations further include applying exponential smoothing to a history of transactions of the online entity to compute a long-term trend for the online entity. Based on a comparison between the short-term trend and the long-term trend for the online entity, an anomaly is detected with respect to the online entity in the network traffic associated with the web server. Responsive to detecting the anomaly, an access control is implemented between the online entity and the web server.

Abstract: The invention relates to the technical field of network security, in particular to a network resource access system and method, a user portal, and a resource portal to isolate users from network resources to reduce unnecessary information disclosure, thus reducing security risks. According to the technical solution, the resource portal acquires resource information associated with the resource portal according to a configuration from an administrator or from a third party, as well as a list of user portals capable of communicating with the resource portal, receives a second access request sent from a user portal in the list of user portals, generates a third access request according to the second access request, and then sends the third access request to a target network resource server.

Abstract: Technologies for protecting systems and data of an organization from malware include a data integrity server configured to receive a data file from an external source. The data integrity server analyzes the received data file with an anti-malware engine to determine whether the data file includes malware. The data integrity server discards the data file in response to a determination that the data file includes malware. Additionally, the data integrity server verifies the file type of the received data file. The data integrity server sanitizes the received data file in response to verification of the file type. Other embodiments are described and claimed.

Abstract: Methods, computer-readable media, software, and apparatuses may assist a consumer in keeping track of a consumer's accounts in order to prevent unauthorized access or use of the consumer's identified accounts. To discover the various accounts, the methods, computer-readable media, software, and apparatuses can monitor at least a consumer's email accounts, web browser history, and web cache. The discovered accounts may be displayed to the consumer along with recommendations and assistance for closing unused or unwanted accounts to prevent unauthorized access or use.

Abstract: Systems and methods are provided for intelligently accessing media content based on rights. This may be accomplished by a media guidance application that generates a DRM score associated with a first copy of the media asset. The media guidance application determines that plurality of alternative copies of a media asset are available from other sources and determines DRM scores for the alternative copies. The media guidance application determines that one of the alternative copies has a lower digital rights management score as compared to the first copy of the media asset and stores the alternative copy instead of the first copy of the media asset.

Abstract: Described processes include: determining portions of instances of a cryptographic token to be allocated to record providers, like providers of an asset indicated by a record, wherein: the portions are determined based on network effects associated with the records the record provider supplied on performance of a computer-implemented network in which both record providers and record consumers participate, patterns indicative of inorganic consumption may be determined from one or more of interactions of individual consumers, interactions of collections of consumers, or consumer interactions in the aggregate for a given provider or record; and the effects on network performance are adjusted responsive to designation of one or more entities as exhibiting inauthentic behavior; and appending to a distributed ledger, records indicating the respective portions, and adjustments, are allocated to record providers.