Abstract: Techniques are disclosed for mitigating against malicious login attempts. In some examples, a computer system receives a plurality of login attempts to the system, the plurality of login attempts being originated from an Internet Protocol (IP) subnet. The computer system determines a ratio of successful login attempts to unsuccessful login attempts of the plurality of login attempts. Then, in response to determining that the ratio of a number of successful login attempts to total login attempts is below a predetermined threshold, the computer system denies a future login attempt to the system that is associated with the IP subnet for a first time period.

Abstract: Adding an internet location to a greylist includes receiving a login pairing that includes login credentials and an internet location that the login credentials are received from. A successful login number of prior successful logins associated with the login pairing is determined and the internet location may be added to the greylist based at least in part on the successful login number.

Abstract: This disclosure describes techniques for defining security measures of a secure data corridor that enables data feeds to transmit from an ingress point to an egress point, while maintaining a desired security protection. This disclosure further describes techniques to quantify the desired security protection by determining and further associating a data sensitivity rating with individual data feeds in transmit through the secure data corridor. In some examples, the data sensitivity rating of the secure data corridor may be locked at a default rating that is commensurate with access permissions of a subject or a data sensitivity rating of an adjoining secure data container. Alternatively, the data sensitivity rating may be dynamically set based on data feeds transmitting through the secure data corridor or set based on the data sensitivity rating of data feeds at an ingress point or egress point of the secure data corridor.

Abstract: A similarity search may be performed on a digraph to identify additional attack vectors that are potentially under attack in response to an initial attack vector being under attack. Security event data that includes attack histories of assets and threat actor data on threat actors are received. A digraph that maps threat actors to attack vectors of the assets is generated based on the attack histories. A risk probability of attack may be calculated for an attack vector of an asset based on the digraph, such that the attack vector may be determined to be under attack in response to the risk probability exceeding a predetermined probability threshold. Subsequently, a similarity search on the digraph may be performed in view of the attack vector that is determined to be under attack to identify additional attack vectors of the asset or another other asset that are potentially under attack.

Abstract: Techniques are disclosed for mitigating against malicious login attempts. In some examples, a computer system receives a plurality of login attempts to the system, the plurality of login attempts being originated from an Internet Protocol (IP) subnet. The computer system determines a ratio of successful login attempts to unsuccessful login attempts of the plurality of login attempts. Then, in response to determining that the ratio of a number of successful login attempts to total login attempts is below a predetermined threshold, the computer system denies a future login attempt to the system that is associated with the IP subnet for a first time period.

Abstract: Adding an internet location to a greylist includes receiving a login pairing that includes login credentials and an internet location that the login credentials are received from. A successful login number of prior successful logins associated with the login pairing is determined and the internet location may be added to the greylist based at least in part on the successful login number.

Abstract: A similarity search may be performed on a digraph to identify additional attack vectors that are potentially under attack in response to an initial attack vector being under attack. Security event data that includes attack histories of assets and threat actor data on threat actors are received. A digraph that maps threat actors to attack vectors of the assets is generated based on the attack histories. A risk probability of attack may be calculated for an attack vector of an asset based on the digraph, such that the attack vector may be determined to be under attack in response to the risk probability exceeding a predetermined probability threshold. Subsequently, a similarity search on the digraph may be performed in view of the attack vector that is determined to be under attack to identify additional attack vectors of the asset or another other asset that are potentially under attack.

Abstract: This disclosure describes techniques for defining security measures of a secure data corridor that enables data feeds to transmit from an ingress point to an egress point, while maintaining a desired security protection. This disclosure further describes techniques to quantify the desired security protection by determining and further associating a data sensitivity rating with individual data feeds in transmit through the secure data corridor. In some examples, the data sensitivity rating of the secure data corridor may be locked at a default rating that is commensurate with access permissions of a subject or a data sensitivity rating of an adjoining secure data container. Alternatively, the data sensitivity rating may be dynamically set based on data feeds transmitting through the secure data corridor or set based on the data sensitivity rating of data feeds at an ingress point or egress point of the secure data corridor.