Abstract: Systems and methods for rapidly and reliably determining an arch width of a patient's dental arch. A three-dimensional (3D) model of a patient's teeth, including a target tooth, can be received. Dental features from the 3D model may be extracted. The dental features may include a point of intersection between an occlusal surface of a tooth and a long axis of the tooth. An arch width between the target tooth and an opposing tooth may be determined based on the extracted dental features.

Abstract: The disclosed computer-implemented methods for automatically recovering from malware attacks may include (1) saving, in response to determining that a reputation of a process is unknown, a backup copy of a file on a remote storage device prior to allowing the process to modify the file; (2) determining, after the process has modified the file, that the process is potentially malicious; and (3) restoring, in response to determining that the process is potentially malicious, the backup copy of the file from the remote storage device. The provided methods may automatically recover computers from ransomware attacks and other malware attacks which encrypt file systems. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for crowd-storing encryption keys may include (i) sending, from a client computing device and to a server, a recovery request, (ii) creating a first public-private key pair, (iii) receiving a plurality of encrypted shares of an encryption key from the server in response to the recovery request, where the encrypted shares are encrypted with a first public key of the first public-private key pair, and (iv) performing a security action including (A) decrypting the plurality of encrypted shares of the encryption key with a first private key of the first public-private key pair and (B) recovering the encryption key from the decrypted plurality of shares of the encryption key. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for providing single sign-on capability may include intercepting, during an authentication session with a network resource, a single sign-on request generated by an application executing on a computing device, redirecting the single sign-on request to a separate computing device for execution, receiving, in response to authentication of at least one user credential from the separate computing device, an authentication decision that the separate computing device obtained from an identity provider (IDP) by executing the single sign-on request and injecting the authentication decision received from the separate computing device into the application where the single sign-on request was originally generated to complete the authentication session.

Abstract: The disclosed computer-implemented method for providing secure access to vulnerable networked devices may include identifying a vulnerable network device connected to a local network, identifying local network traffic destined for the vulnerable network device and that has been tagged as safe, passing the local network traffic tagged as safe to the vulnerable network device, and performing a security action on local network traffic destined for the vulnerable network device that has not been tagged as safe. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for protecting passwords may include (i) intercepting network traffic indicating an attempted login procedure at a workload device to login to a protected resource, (ii) prompting a user, in response to intercepting the network traffic, and at an authentication device that has been registered to the user, to indicate whether to approve the attempted login procedure, (iii) collecting, at the authentication device, a credential for the attempted login procedure that was stored in a protected vault of the authentication device, (iv) providing, by the authentication device to the workload device, an authentication decision based on the collected credential, and (v) injecting, at the workload device, the authentication decision into a browser session to enable the user to complete the attempted login procedure to login to the protected resource. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Purchasing related activity that is executed on computing devices on a LAN is monitored. Information is identified concerning purchases of IoT devices on the LAN, based on the monitoring of the purchasing related activity. For example, a specific purchase of a specific device (or specific device type) can be identified, or identifying information concerning a purchased device can be inferred, based on monitored purchasing related activity. IoT devices are discovered on the LAN and identified. Identifying a discovered device can further comprise interrogating the discovered device, monitoring activities of the discovered device, and/or analyzing information concerning purchases of IoT devices on the LAN. Gleaned identifying information concerning a discovered device can be used to determine or disambiguate the device's identity.

Abstract: The disclosed computer-implemented method for classifying electronic files may include (i) identifying an electronic file that is being evaluated for importance by a file-categorization system, (ii) collecting, via at least one user-state monitoring device, information about a physical state of at least one user while the user is interacting with the electronic file, (iii) determining, based on the information about the physical state of the user while the user was interacting with the electronic file, whether the user considers the electronic file to be important, and (iv) classifying, by the file-categorization system and based at least in part on determining whether the user considers the electronic file to be important, the electronic file as an important file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for identifying potentially risky traffic destined for network-connected devices may include (1) receiving, at a cloud-based server, characteristics of a network-connected device being adding to a network, (2) creating a digital virtual image of the network-connected device on the cloud-based server, (3) receiving a request sent to a port on the network-connected device and (4) performing a security action including (A) sending the request to the digital virtual image of the network-connected device, (B) identifying the request as a potentially risky request by monitoring a runtime reaction of the digital virtual image of the network-connected device to the request, and (C) sending, to a network monitoring device, a message indicating the request is a potentially risky request. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for virtual boundary enforcement using network filters may include (i) applying a network filter to network traffic associated with a target computing device, (ii) analyzing data generated by the network filter, (iii) identifying, based on an analysis of the data, a potential violation of a virtual boundary associated with the target computing device, and (iv) in response to identifying the potential violation, performing a security action to enforce the virtual boundary associated with the target computing device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for dynamically adjusting a backup policy may include dynamically adjusting a backup policy may include accessing a media file, evaluating an objective criterion of a difficulty to reproduce the media file to generate a difficulty rating, comparing the difficulty rating of the media file to an existing difficulty rating for at least one previous media file, and adjusting a backup policy for the media file based on the comparison of the difficulty rating. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems of the present disclosure can detect user activities on endpoint devices based on the interference patterns those actions produce in wireless transmissions between those endpoint devices and another device (e.g., an edge device operating as a web security gateway). A web security gateway sends time-series data describing interference on wireless transmissions sent from, or received by, an agentless endpoint device to a network security service. In response, the network security service uses a machine-learning model to infer a type of an action that occurred on the agentless endpoint device concurrently with the wireless transmissions. The network security service sends an indication of the action type to the web security gateway. The web security gateway applies a network security policy to the action or a network communication associated therewith.

Abstract: The disclosed computer-implemented method for managing location-based access control lists may include (i) identifying a collection of devices that are located within a physical space, (ii) determining, based on user activity data received from the collection of devices, that an authorized user is attempting to modify, on a location-based access control list for a wireless network, the access rights of a target computing device near a location indicated by the authorized user in the physical space, (iii) detecting, based on the user activity data, the target computing device near the location indicated by the authorized user, and (iv) in response to detecting the target computing device indicated by the authorized user, modifying, on the location-based access control list, the access rights of the target computing device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present disclosure includes a method for maintaining a dynamic geofence. The method receives a set of digital IDs and data pairs from a monitored user credential. Each digital ID was received by the monitored user credential as part of a wireless transmission from a node device, and each digital ID includes one or more attributes. The method retrieves a user policy that includes a required attribute and a threshold distance. The method determines whether at least one of the digital IDs includes an attribute matching the required attribute, and verifies any digital id containing the attribute matching the required attribute. The method determines the distance between the monitored user credential and the node device using the data paired with the digital ID, and determines whether the distance between the monitored user credential and the node device is less than the threshold distance.

Abstract: The disclosed computer-implemented method for identifying users may include (i) detecting that a user at an endpoint computing device is connecting to an identity provider, (ii) detecting, after detecting that the user at the endpoint computing device is connecting to the identity provider, that a mobile device has received a second-factor authentication message, (iii) discovering, by a security service, that the user at the endpoint computing device matches a known user profile registered to the mobile device by correlating the user at the endpoint computing device connecting to the identity provider with the mobile device receiving the second-factor authentication message, and (iv) applying a security policy to the user at the endpoint computing device based on the known user profile matched to the user by the security service. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for protecting a cloud storage against suspected malware may include (1) receiving a backup of one or more encrypted files over a network, (2) determining that the one or more encrypted files match one or more criteria associated with suspected malware, and (3) performing a security action that protects a computing device against the suspected malware. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques are disclosed to predict whether a current location of a mobile device corresponds to a user of that mobile device. To do so, the mobile device may evaluate information from sensors that indicate a current state of the device or device surroundings. Based on the probability, the mobile device may send the current location and the probability to a user of the mobile device, an application on the device, or another party.

Abstract: The disclosed computer-implemented method for validating a user's physical location may include (i) identifying a plurality of sensor-equipped devices that are connected to a local network, wherein the local network is associated with a physical location, (ii) receiving a request to validate that a user is present at the physical location that is associated with the local network, (iii) instructing, in response to receiving the request, the user to interact with at least one sensor-equipped device in the plurality of sensor-equipped devices, (iv) confirming, based on observing a response of the sensor-equipped device, that the user has interacted with the at least one sensor-equipped device, and (v) validating, in response to confirming that the user has interacted with the at least one sensor-equipped device, that the user is present at the physical location. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system and method of dynamic backup policy generation based upon a user's behavior is provided. The method may include detecting a user's usage pattern of files within a computing system based upon the user's backup or restore activities. In some embodiments, the backup system may identify the files that have been modified and calculate the percentage of modification away from a predetermined baseline or another previously stored version. The system may generate a list of the identified files along with these percentages to form the user's usage pattern. The method may further include generating a user's profile including files having high access rates in accordance with this usage pattern and adjusting a backup policy based upon the user's profile such that these files are backed-up more frequently. The backup policy may also be adjusted based upon a detected level of risk associated with the user.

Abstract: Backup metrics are received from multiple endpoints. Backup baselines are established, based on backup metrics received over a period of time. Each established backup baseline specifies an empirically determined baseline level of backup activity according to specific criteria. Changes in backup behavior are detected, as measured against established backup baselines, based on analyzing received backup metrics. Such changes can be detected by applying a non-supervised machine learning technique to backup metrics. Detected backup behavior changes that meet a corresponding threshold are further analyzed to determine whether to alter corresponding backup activity in response. Backup activity on endpoints can be modified, in response to the analysis. This can take the form of omitting specific files or folders from corresponding backups, or changing default backup configuration(s). For example, a new or modified default backup configuration can be transmitted to one or more endpoints.