Abstract: A physical access control system enables acceptable portal entry codes upon receiving each physical access request by operating on the elapsed time from a previous physical access request to generate a temporal credential. The controller receives a plurality of physical access requests from a plurality of mobile application devices. Upon authenticating the first access request, the controller eliminates repetition from the space of acceptable successor requests from each mobile application device. Monotonic nonces advance the range of temporal code matches. Entry code generation is decentralized to distributed application devices and is inherently unknowable until a successor access request is initiated by the same application device.

Abstract: Systems and methods for receiving information on network firewall policy configurations are disclosed. Based on the received firewall configuration information, a configuration of a firewall and/or subnet of network devices is automatically provisioned and/or configured to control network traffic to and from the subnet.

Abstract: At least some embodiments are directed to a computer-based cyber-attack frequency tracking system that determines types and frequencies of cyber-attacks. In at least some embodiments, the method of a cyber-attack frequency tracking system may operate a processor in an enterprise computing environment for automatically conducting a process that comprises receiving, a plurality of data values that represent a plurality of cyber-attacks. Determining cyber-attack types, and then determining the frequency of attempts and contacts with assets. After that determining likelihood values. Aggregating these determinations to produce a quantifiable value of a likelihood values of each of the plurality of cyber-attack types.

Abstract: Systems, methods, and software described herein provide security actions based on the current state of a security threat. In one example, a method of operating an advisement system in a computing environment with a plurality of computing assets includes identifying a security threat within the computing environment. The method further includes, in response to identifying the security threat, obtaining state information for the security threat within the computing environment, and determining a current state for the security threat within the computing environment. The method also provides obtaining enrichment information for the security threat and determining one or more security actions for the security threat based on the enrichment information and the current state for the security threat.

Abstract: Methods and systems for processing interactions with account assertions are disclosed. A method includes receiving, by an assertions model manager, a first request from a resource provider computer for a set of assertions including an account assertion, related to a digital identity of a user. The method then includes responding, by the assertions model manager, to the first request with a response message, comprising a set of assertions, wherein one of the plurality of assertions is an account assertion. Then the method includes receiving, by the assertions model manager, a second request from the resource provider for a value interaction from the user and initiating, by the assertions model manager, the value interaction.

Abstract: According to examples, an apparatus may include a processor that may access a request for access by an application to a resource and may record the request in a data store. The processor may also identify an authorized entity to evaluate the request and output a notification to the authorized entity to evaluate the request, in which the authorized entity is to evaluate the request asynchronously with submission of the request by the application. In addition, the processor may determine whether a response is received from the authorized entity and, based on a determination that the response is received, may reject or grant the request based on the response and clear the record of the request from the data store.

Abstract: Systems and methods for fraud management are provided. A fraud management system can include a data gatherer operable with a plurality of agent computers for collecting agent activity data from the plurality of agent computers. System can include a fraud rules database containing fraud rules and a fraud management computing system. The fraud management computing system can be in communication with the data gatherer and the fraud rules database. The fraud management computing system can also include, processors and memory devices. The memory devices store instructions that when executed by the processors cause the processors to perform operations. The operations include obtaining the agent activity data using the data gatherer pursuant to collection rules, comparing the agent activity data to the fraud rules, determining whether agent fraud event(s) have occurred based on the comparison and providing fraud alert data based upon the agent fraud event(s).

Abstract: A cyber security system includes a plurality of event sensors to detect events, a plurality of inference servers, and a server in communication with the plurality of inference servers. Each inference server of the plurality is in communication with a subset of event sensors of the plurality of event sensors. Each inference server has a portion of an event lattice and is to compare the event detected by the subset of event sensors to the event lattice. Each inference server is to identify an originator having a behavior pattern indicative of an attack and communicating an identifier associated with the originator. The server is to provide an interface indicating the behavior pattern indicative of an attack and the identifier of the originator.

Abstract: A domain security assurance system includes a computing platform having processing hardware and a memory storing software code. The processing hardware is configured to execute the software code to obtain domain inventory data identifying multiple domains, to predict, using the domain inventory data, which of the domains are owned by the same entity to identify commonly owned domains, and to determine, using the domain inventory data and the commonly owned domains, which of the commonly owned domains are controlled by the same administrator to identify one or more group(s) of commonly administered domains. When executed, the software code also removes, using the domain inventory data, duplicate domains included in the group(s) to identify non-duplicate domains, evaluates a susceptibility of each of the non-duplicate domains to a cyber-attack to identify one or more target domain(s) vulnerable to the cyber-attack, and identifies the target domain(s) for a security assessment.

Abstract: Methods, non-transitory computer readable media, protection server apparatuses, and network security systems that improve network security for web applications by mitigating cyberattacks that cause the exfiltration of data are illustrated. With this technology, network request(s) are received from a client that specify domain(s) to which the client has sent data during rendering of a webpage. The webpage includes instrumentation code configured to intercept and post the network requests. A determination is then mage when one of the domain(s) is a malicious domain. Interceptor code is generated based on a type of attack that is associated with the one of the domains, when the determination indicates the one of the domains is a malicious domain. The instrumentation code is then updated to include the interceptor code. The interceptor code is configured to mitigate the attack when the webpage is subsequently rendered by another client.

Abstract: Embodiments of the present invention use a limited-use public/private key pair to encrypt and decrypt messages sent through an intermediary. The messages may contain sensitive information and may be transmitted between entities over one or more networks. In some embodiments, the entities and/or the networks may be untrusted. Nevertheless, the content of the messages may remain protected by virtue of the limited-use key pair infrastructure.

Abstract: The disclosure provides an approach for detecting and preventing attacks in a network. Embodiments include determining a plurality of network behaviors of a process by monitoring the process. Embodiments include generating a plurality of intended states for the process based on subsets of the plurality of network behaviors. Embodiments include determining a plurality of intended state clusters by applying a clustering technique to the plurality of intended states. Embodiments include determining a state of the process. Embodiments include identifying a given cluster of the plurality of intended state clusters that corresponds to the state of the process. Embodiments include selecting a novelty detection technique based on a size of the given cluster. Embodiments include using the novelty detection technique to determine, based on the given cluster and the state of the process, whether to generate a security alert for the process.

Abstract: Embodiments for securing fine timing measurement (FTM) communications are described. FTM communications include FTM frames sent and received from an initiating station (ISTA) and a responding station (RSTA). The RSTA records a plurality of parameters associated with the FTM frames and uses the plurality of parameters to learn and identify a device profile for the ISTA. The device profile is used to determine a behavior filter for the FTM from the ISTA and the RSTA filters FTM traffic according to the behavior filter to prevent malicious attacks in the FTM communications.

Abstract: In an example aspect, a method includes receiving a plurality of login attempts from a network address over a length of time, querying log data to determine, for the network address, an average number of login failures of the plurality of login attempts over the length of time, calculating a failure rate metric based on the average number of login failures, determining that the failure rate metric exceeds a reference number of login failures for the length of time, the reference number of login failures based on a historical average number of login failures for the length of time, and based in part on the determining, adding the network address to a system deny list.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to securely audit communications. An example apparatus includes a participant list generator to, responsive to a command to provision a secured group of devices in a network to prevent malicious activity, generate a participant device list including one or more endpoint devices and a control plane server; a privilege controller to, based on a policy indicated in the command, set read and write privileges for the one or more endpoint devices and the control plane server; a command controller to, based on the command, determine whether to generate a shared communication key using a shared system key; and a communication processor to encrypt communications between the one or more endpoint devices and the control plane server using the shared communication key.

Abstract: A system and method for determining a point in time compliance status of a computing system with a security guideline standard (SGS) wherein the computing system has a command line shell available through a native operating system, the method comprising inputting into a host computer of the computing system a SGS package that represents a scripted SGS that is a non-text file and is encrypted that provides instructions for an evaluation of a computing system's compliance with the SGS under consideration wherein the SGS package performs at least a portion of an automated evaluation of a compliance status at the point in time of the computing system under consideration when the SGS package is decrypted by the computing system; sending a command query from the decrypted SGS package to the selected device of the computer system; compiling in a locally hosted database of the host computer compliance results sent from the selected device of the computing system in response to the command query from the decrypted SGS

Abstract: A method of generating a trusted chain code (“TCC”) message, comprising: receiving a smart contract whose execution causes a transfer of value in response to at least one of an occurrence of an event or a fulfillment of a condition, wherein the smart contract is digitally signed by a first entity private key and a second entity private key; generating a chain code comprising a hash of a chain code of the smart contract, the chain code corresponding to at least one of an occurrence of an event or a fulfillment of a condition of the smart contract; and posting the TCC message to a distributed ledger, wherein an execution of a portion of the chain code in response to at least one of the occurrence of the event or the fulfillment of the condition is validated against corresponding chain code in the chain code manifest.

Abstract: Aspects described herein may allow for the generation of a message to be sent to an intended recipient of a request for a communication session prior the initiation of the communication session. The system may monitor applications and associated devices to determine the initiation of the communication session. Based on such a determination, the system may generate a message to be presented to a communication initiating user and to be sent to an intended recipient of the communication session. The system may determine data for the message based on an analysis of the data associated with the communication initiating user, and the system may apply a machine learning model to generate draft messages for the user. Messages may be generated to authenticate a user with an intended recipient of the communication session.

Abstract: Systems and methods include obtaining telemetry from a plurality of security agents each operating on a device in a network, wherein the telemetry is collected locally related to datagram protocol packets; analyzing the telemetry to determine applications associated with the datagram protocol packets flowing in the network and virtual circuits between each of the applications; determining enforcement policies for each application that communicates with other applications over a datagram protocol; and providing the enforcement policies to the plurality of security agents for allowing and blocking communications associated with the datagram protocol.

Abstract: A method, computing device and system are disclosed for evaluating security of virtual infrastructures of tenants in a cloud environment. At least one security metric may be calculated for virtual infrastructures of a tenant based on information associated with at least one virtual resource of the first tenant and at least one interaction of the at least one virtual resource of the first tenant with at least one virtual resource of at least one other tenant in a multi-tenant virtualized infrastructure. At least one security parameter may be evaluated for the first tenant based at least in part on at least one of the at least one calculated security metric for monitoring a security level of the first tenant relative to the at least one other tenant in the multi-tenant virtualized infrastructure.