Abstract: There is provided a computing device for identifying unique software installed on network connected devices, comprising: a processor executing a code for: for each unstructured text for the network connected devices, wherein the unstructured texts are extracted by different code sensors from different applications, wherein each unstructured text indicates an identity of software installed on device(s): dividing the unstructured text into token(s), classifying tokens to software parameter(s) using classification dataset(s), matching subsets of permutations of the software parameters and corresponding tokens to unique software identifiers defined by a common structured format, selecting one unique software identifier according to a set of rules, and generating a text satisfying the common structured format, the text indicating unique software installed on each device.

Abstract: A method for producing a consistent dataset describing a computing environment, comprising: accessing at least one set of entity description records, each entity description record describing one of a plurality of entities of a computing environment, each entity description record comprising a plurality of attribute values each of one of a plurality of entity attributes; computing a plurality of reliability scores, each reliability score computed for an attribute value of the plurality of attribute values of an entity description record by: identifying at least one conflict between the attribute value and at least one other attribute value of at least one other entity description record; and computing the reliability score according to identifying the at least one conflict; and providing the plurality of reliability scores to at least one management software object for the purpose of performing at least one management operation pertaining to management of the computing environment.

Abstract: There is provided a computing device for identifying unique software installed on network connected devices, comprising: a processor executing a code for: for each unstructured text for the network connected devices, wherein the unstructured texts are extracted by different code sensors from different applications, wherein each unstructured text indicates an identity of software installed on device(s): dividing the unstructured text into token(s), classifying tokens to software parameter(s) using classification dataset(s), matching subsets of permutations of the software parameters and corresponding tokens to unique software identifiers defined by a common structured format, selecting one unique software identifier according to a set of rules, and generating a text satisfying the common structured format, the text indicating unique software installed on each device.

Abstract: Efficient and effectiveness malware and phishing detection methods select specific objects of a document based on an analysis of associated graphical elements of a document rendering. A received document may include a number of blobs, which can include URLs or code that generates URLs that can present potential risks. The system can score and/or rank each blob and its corresponding URLs based on a size, shape, position, and/or other characteristics of a visual element associated with each blob. The score or rank can be increased for visual elements that are most likely to be selected by a user, such as large visual elements positioned near the center of a document. The system can then test individual URLs selected based a corresponding rank or score. The test can efficiently reveal the presence of malware or phishing tactics by forgoing tests on URLs that are not likely to be selected.

Abstract: A system to detonate malware received from a delegated access link provided to a user is disclosed. An application is received via a delegated access link provided to the user. A verdict is determined on the delegated access link. If the verdict on the delegated access link is unknown the application is opened in a laboratory user based on the user, and activities of the application are monitored. A verdict on the delegated access link is determined based on whether monitored activities include suspicious activities.

Abstract: A target system is verified against one or more security threats. A selection of a threat type for an attack vector for verifying defensive capabilities of a target system is received via a user interface. A selection of one or more selectable parameters for delivery of the threat type to the target system is received via the user interface. In response to selection of the threat type and the selected parameters, a base binary executable and a library comprising functions for generating attack vectors is accessed. One or more functions from the library are added to the base binary executable based on the selected threat type and the selected parameters. A payload is generated that implements the selected threat type and the selected parameters in a delivery format based on the selected parameters.

Abstract: Efficient and effectiveness malware and phishing detection methods select specific objects of a document based on an analysis of associated graphical elements of a document rendering. A received document may include a number of blobs, which can include URLs or code that generates URLs that can present potential risks. The system can score and/or rank each blob and its corresponding URLs based on a size, shape, position, and/or other characteristics of a visual element associated with each blob. The score or rank can be increased for visual elements that are most likely to be selected by a user, such as large visual elements positioned near the center of a document. The system can then test individual URLs selected based a corresponding rank or score. The test can efficiently reveal the presence of malware or phishing tactics by forgoing tests on URLs that are not likely to be selected.