Abstract: Methods, apparatus, and processor-readable storage media for identifying and determining the criticality of enterprise assets using network traffic information are provided herein. An example computer-implemented method includes capturing network session information from an enterprise network; identifying multiple assets within the enterprise network by processing the captured network session information; determining, for each of the identified assets, one or more predefined features of the asset based at least in part on the processing of the captured network session information; determining, for each of the identified assets, a level of criticality associated with the asset based at least in part on the one or more determined features of the asset; and outputting the level of criticality and an identifier of the asset associated therewith to a security-related system, wherein the level of criticality and the asset identifier are used by the security-related system to take at least one automated action.

Abstract: Methods, apparatus, and processor-readable storage media for identifying and determining the criticality of enterprise assets using network traffic information are provided herein. An example computer-implemented method includes capturing network session information from an enterprise network; identifying multiple assets within the enterprise network by processing the captured network session information; determining, for each of the identified assets, one or more predefined features of the asset based at least in part on the processing of the captured network session information; determining, for each of the identified assets, a level of criticality associated with the asset based at least in part on the one or more determined features of the asset; and outputting the level of criticality and an identifier of the asset associated therewith to a security-related system, wherein the level of criticality and the asset identifier are used by the security-related system to take at least one automated action.

Abstract: A method comprises obtaining a potentially malicious file, decoding the file to identify one or more code streams, processing each of the identified code streams to determine the presence of respective ones of a set of indicators of compromise, determining whether the file is malicious based on the presence of one or more of the indicators of compromise in the code streams, and modifying access by a given client device to the file responsive to determining that the file is malicious.