Abstract: This relates to connecting a network of logical broadcast domains to the Internet. In an embodiment, selected signal packets are transmitted between two logical broadcast domains via a tunnel server. Outbound signal packets are communicated to the Internet via network address translation as to the outbound signal packets which are different than the selected signal packets.

Abstract: Technologies are provided for the monitoring, detection, and notification of emerging, related issues within a system, which may indicate a problem. Within a computing-security system, a sudden increase in the frequency of events associated with unauthorized logon attempts signal a real-time and ongoing security risk. A method monitors system-related events and generates a vector representation for each event based on event features. Clusters of related events are determined, and a state automaton is employed to determine a strength of temporal “bursty” activity for each cluster. Hypothesis testing is performed on each cluster to determine a likelihood that the cluster is a temporally emergent cluster. Clusters with a bursting likelihood above a threshold are determined to be an emergent cluster associated with an anomalous issue. A notification regarding the detected anomaly is provided. A remedial action addressing the anomaly is performed.

Abstract: Embodiments include method, systems and computer program products for a container independent secure file system for security application containers. In some embodiments, a request for a virtualized application container may be received. A passphrase may be obtained from a user. A key may be obtained. A files system of the virtualized application container may be prepared for a specified mount point using the passphrase and key. The file system may be initiated in response to the request.

Abstract: There is provided an encryption device to suppress calculation in the reverse direction in whitebox model encryption. The encryption device includes: having a predetermined relationship that outputs a plurality of output values according to a plurality of input values configured of plain text, with a part of the plurality of output values being inputted to a trapdoor one-way function, the predetermined relationship being defined by the output values that are not inputted to the trapdoor one-way function and one arbitrary input value of the plurality of input values; and having a property of encrypting a part of the plurality of output values according to the trapdoor one-way function, and the trapdoor one-way function not being able to decrypt encrypted data in a state in which a trapdoor is unknown.

Abstract: Apparatuses, methods, and systems are disclosed for transmitting and/or receiving rogue unit detection information. One method includes maintaining rogue unit detection information. The rogue unit detection information includes a public key and a validity time corresponding to the public key. The method includes determining whether the validity time for the public key is within an expiration window. The method includes, in response to determining that the validity time for the public key is within the expiration window, transmitting a request for new rogue unit detection information. In some embodiments, the method includes receiving the new rogue unit detection information.

Abstract: A method of storage system operation, and related computer-readable media and storage system are disclosed. One or more processors or storage system controllers monitor accesses of blocks of storage memory of the storage system. The monitoring is to detect one or more characteristics of the accesses of the blocks. From the characteristic(s), it is determined the one or more accesses of the blocks are indicative of a malicious action. In response to such determining, the storage system performs a reaction action.

Abstract: Example apparatus disclosed herein to perform a cybersecurity investigation include a graph generator to iteratively generate an information graph based on investigative data in response to detection of a threat alert in a monitored network, the investigative data accessed from information sources based on a set of information seeker tools, the information graph generated based on a graph schema specifying possible relationships between the information seeker tools. Example apparatus also include a pattern recognizer to traverse the information graph to identify a path in the information graph matching a pattern from the graph schema associated with a cybersecurity threat. Example apparatus further include a user interface to output the path identified in the information graph and the cybersecurity threat to an output device.

Abstract: An industrial automation system may include an automation device and a control system. The control system may be communicatively coupled to the automation device and may include a first module that may receive a request for information regarding the automation device. The first module may then determine information related to the request for information based on one or more datasets locally available to the first module, alter the information based on a signal configured to obscure the information, and send encrypted information to a second module of the plurality of modules.

Abstract: A method, system and apparatus for providing security to RFID and NFC systems. In some exemplary embodiments, a smart poster may be utilized to provide appropriate or desired communications with an RFID or NFC-enabled device. Such exemplary embodiments may utilize an authorized NFC tag to communicate with an NFC-enabled device, and upon activation of the authorized NFC tag, may trigger activation or appearance of one or more related items, such as visual cues. Additionally, aspects of NFC security systems which can include regions of security, states of activity and actions performed when security violations are detected.

Abstract: Disclosed are systems, methods, and non-transitory computer-readable storage media for identifying accounts having shared credentials. In some implementations, a content management system can collect user login context data when a user logs in to or accesses a user account of the content management system. For example, the content management system can collect client device data, client application data, internet protocol (IP) address data, and/or other data from the user's device when the user logs in to the user account. The content management system can analyze the login context data to determine patterns that indicate that the user account login credentials are being shared among multiple users.

Abstract: According to one embodiment, a computerized method operates by configuring a virtual machine operating within an electronic device with a first instrumentation for processing of a suspicious object. In response to detecting a type of event during processing of the suspicious object within the virtual machine, the virtual machine is automatically reconfigured with a second instrumentation that is different from the first instrumentation in efforts to achieve reduced configuration time and/or increased effectiveness in exploit detection.

Abstract: A system and a method for secure operator onboarding and creating an ingest job agent for secure multitenant operations of a distributed computing cluster are provided. Embodiments automate multitenant operations for distributed computing clusters. These operations include automation of operator onboarding, creation of logically segregated distributed data stores within the distributed computing clusters for the on-boarded operator, and creation of ingest agents with security isolation for transfer of large quantities of files into the distributed computing clusters. Embodiments provide multitenant security, in which the same Hadoop cluster serves multiple operators with each operator's data and processes in effective isolation. In this manner, multitenant security keeps each user's data storage and operations on the Hadoop cluster separated from other operators.

Abstract: This invention relates to a Diffie-Hellmann type method of exchanging keys between peers, authenticated by means of a blockchain and capable of storing smart contracts in the distributed ledger. The key exchange is then made by means of such a contract in which the peers are declared. Each of the peers calls the contract and the contract saves their wallet addresses. When called by the addressee peer, and after verifying the address of the addressee peer, the contract delivers the public key generated by the sending peer to the addressee peer.

Abstract: Techniques are provided for detecting compromised credentials in a credential stuffing attack. A set model is trained based on a first set of spilled credentials. The set model does not comprise any credential of the first set of spilled credentials. A first request is received from a client computer with a first candidate credential to login to a server computer. The first candidate credential is tested for membership in the first set of spilled credentials using the set model. In response to determining the first set of spilled credentials includes the first candidate credential using the set model, one or more negative actions is performed.

Abstract: An exemplary monitoring system receives log data associated with an operation of a hardware component, applies the log data as an input to an unsupervised machine learning model, and identifies, based on an output of the unsupervised machine learning model, an anomaly in the log data.

Abstract: A method includes obtaining information regarding authentication events for users accessing assets of an enterprise system. The method also includes determining a likelihood of a given asset of the enterprise system becoming compromised responsive to compromise of a given user of the enterprise system. The method further includes determining an importance of the given asset based at least in part on a criticality value associated with the given asset, and generating a risk score for the given asset based at least in part on the determined likelihood of the given asset becoming compromised responsive to compromise of the given user and the determined importance of the given asset. The method further includes identifying remedial actions to reduce the risk score for the given asset and implementing, prior to detecting compromise of the given user, at least one of the remedial actions to modify a configuration of the given asset.

Abstract: There is provided a safe data signer device and methods to organize a safe data signer device so that certificate located there is completely isolated from unwanted access. The user certificate cannot be copied from this device to any other computer device. The certificate can only be written on the safe data signer once, although in at a future point, this certificate can be rewritten by a new certificate. The method and device assures that the certificate cannot be used even if malicious parties get physical access to the device.

Abstract: A system for providing an internet-based search mechanism to enable an anonymous user to search for a resource provider. The system comprises a user device adapted to host an internet-based portal such that a user can submit an anonymous request for information relating directly to a resource. A secure server adapted to host a database containing resource provider information, to communicate with the user device via a communications network and to alert at least a first resource provider is also provided. The secure server is also adapted to initiate an anonymous communication channel between at least the first resource provider and the user via the internet-based portal and the communications network. A method for carrying out such a search is also disclosed.

Abstract: A file system extension for an endpoint controls access to files by selectively decrypting files under certain conditions. Where a pattern of access to the files suggests malicious and/or automated file access activity, the file system extension may limit the rate of file access by regulating the rate at which decryption is provided to requesting processes.

Abstract: An exemplary security threat monitoring system receives performance metric data representative of a performance metric for a storage system, applies the performance metric data as an input to an unsupervised machine learning model, and identifies, based on an output of the unsupervised machine learning model, an anomaly in the performance metric data.