Abstract: A method comprising storing a privilege rule, detecting an instruction to execute an application, and determining whether execution of the application requires an elevated privilege. The example method further comprises identifying, responsive to a determination the execution of the application requires the elevated privilege, one or more attributes of the application, and generating a request for the elevated privilege based on the privilege rule and the one or more attributes of the application. The method further comprises receiving the elevated privilege responsive to an approval of the request for the elevated privilege, and causing the execution of the application with the elevated privilege.

Abstract: A method comprising: storing a plurality of device records, at least one device record including a digital device identifier that identifies at least one digital device in non-persistent communication, a current password associated with the digital device identifier, and a policy identifier that identifies at least one policy indicating when an updated password will be generated for the at least one digital device identified by the digital device identifier. The example method further comprises determining whether at least one condition identified by the at least one policy is satisfied, generating an updated password only if the at least one condition is satisfied, receiving a password update request initiated from a security agent executing on the at least one digital device, and providing the updated password to replace at least one password on the at least one digital device only if the at least one condition is satisfied.

Abstract: Systems and methods for detecting vulnerabilities and/or privileged access are disclosed. In some embodiments, a computerized method comprises receiving asset information for each of a plurality of assets, the assets connected to a network; clustering the assets into a plurality of cluster nodes based on the asset information, each of the assets being clustered in one of the cluster nodes, at least a first asset being clustered in a particular one of the cluster nodes; receiving one or more events associated with the first asset; remapping the first asset to a different one of the cluster nodes based on the asset information of the first asset and the one or more events associated with the first asset; calculating a distance between the particular cluster node and the different cluster node; and triggering one or more actions based on the distance between the particular cluster node and the different cluster node.

Abstract: Systems and methods for detecting vulnerabilities and/or privileged access are disclosed. In some embodiments, a computerized method comprises receiving asset state information and asset user behavior information for each of a plurality of assets, each of the assets connected to a network; clustering the assets into a plurality of cluster nodes based on the asset state information and the asset user behavior information, each of the assets being clustered in one of the cluster nodes, at least a first asset being clustered in a particular one of the cluster nodes; calculating a node value of the particular one of the cluster nodes, the node value based on the number of assets clustered in the particular one of the cluster nodes; comparing the node value with a threshold node value; and triggering one or more actions based on the comparison of the node value with the threshold node value.

Abstract: In various embodiments, an agent on a digital device may comprise a monitor module, an application identification module, a vulnerability module, a rules database, and a rule module. The monitor module may be configured to monitor a device for an instruction to execute a legitimate application. The application identification module may be configured to identify one or more attributes of the legitimate application. The vulnerability module may be configured to retrieve risk information based on the one or more attributes of the legitimate application. The risk information may be determined from known vulnerabilities of the legitimate application. The rules database may be for storing a rule associated with the risk information. The rule module may be configured to retrieve the rule from the rule database based on the risk information and to control the legitimate application based on the rule.

Abstract: In various embodiments, an agent on a digital device may comprise a monitor module, an application identification module, a vulnerability module, a rules database, and a rule module. The monitor module may be configured to monitor a device for an instruction to execute a legitimate application. The application identification module may be configured to identify one or more attributes of the legitimate application. The vulnerability module may be configured to retrieve risk information based on the one or more attributes of the legitimate application. The risk information may be determined from known vulnerabilities of the legitimate application. The rules database may be for storing a rule associated with the risk information. The rule module may be configured to retrieve the rule from the rule database based on the risk information and to control the legitimate application based on the rule.

Abstract: In various embodiments, an agent on a digital device may comprise a monitor module, an application identification module, a vulnerability module, a rules database, and a rule module. The monitor module may be configured to monitor a device for an instruction to execute a legitimate application. The application identification module may be configured to identify one or more attributes of the legitimate application. The vulnerability module may be configured to retrieve risk information based on the one or more attributes of the legitimate application. The risk information may be determined from known vulnerabilities of the legitimate application. The rules database may be for storing a rule associated with the risk information. The rule module may be configured to retrieve the rule from the rule database based on the risk information and to control the legitimate application based on the rule.

Abstract: In various embodiments, a method comprises receiving a plurality of records from a first digital device, each of the plurality of records generated during execution or termination of a different executable and containing information related to execution or termination of the different executable, retrieving at least one segment from at least one of the plurality of records, the at least one segment being less than all of the at least one of the plurality of records, the segment including an application or file attribute related to the different executable, comparing the application or file attribute to a vulnerability database, identifying a risk based on the comparison, and generating a report identifying the risk.