Abstract: Optimizing ingestion of security structured data into a graph database for security analytics is provided. A plurality of streams of information is received from a plurality of security information sources. Respective subsets of information are ingested from each of the plurality of security information sources to generate small subgraphs of security information. Each of the small subgraphs comply to a schema used by a master knowledge graph. A batch process is performed to ingest a plurality of small subgraphs into the master knowledge graph.

Abstract: Mechanisms are provided for facilitating recertification of a user access entitlement. These mechanisms collect, from a system resource of the data processing system, access information representative of accesses of the system resource by a user access entitlement. These mechanisms determine that recertification of the user access entitlement, with regard to the system resource, is to be performed and a pattern of access is determined based on the access information for the user access entitlement. A recertification request graphical user interface is output to a user based on the pattern of access. The graphical user interface includes the pattern of access and one or more graphical user interface elements for receiving a user input specifying acceptance or denial of the recertification of the user access entitlement.

Abstract: Prioritizing security incidents for analysis is provided. A set of security information and event management data corresponding to each of a set of security incidents is retrieved. A source weight of a security incident and a magnitude of the security incident are used to determine a priority of the security incident within the set of security incidents. A local analysis of the security incident is performed based on the retrieved set of security information and event management data corresponding to the security incident and the determined priority of the security incident.

Abstract: A method, apparatus and computer program product for managing a plurality of VPN tunnels between a first cloud and a second cloud in a hybrid cloud environment is described. In a first virtual private network (VPN) manager a request is received from a first cloud application resident in the first cloud. The request includes a first set of requirements for a first VPN tunnel in the plurality of VPN tunnels. The VPN manager sends a first VPN manager request to a first system in a first cloud, wherein the first system creates the first VPN tunnel according to the first set of requirements. The VPN manager receives a request from a second cloud application resident in the first cloud. The request includes a second set of requirements for a VPN tunnel in the plurality of VPN tunnels. The VPN manager sends a second VPN manager request to the system in a first cloud, wherein the second VPN manager request contains the second set of requirements.

Abstract: In response to an attempt to install an instance of a container in a production environment, a set of security criteria associated with the container and features of the production environment are compared. Based on the comparison, a determination is made as to whether the features of the production environment satisfy the set of security criteria.

Abstract: Prioritizing security incidents for analysis is provided. A set of security information and event management data corresponding to each of a set of security incidents is retrieved. A source weight of a security incident and a magnitude of the security incident are used to determine a priority of the security incident within the set of security incidents. A local analysis of the security incident is performed based on the retrieved set of security information and event management data corresponding to the security incident and the determined priority of the security incident.

Abstract: A method, apparatus and computer program product for managing a plurality of VPN tunnels between a first cloud and a second cloud in a hybrid cloud environment is described. In a first virtual private network (VPN) manager a request is received from a first cloud application resident in the first cloud. The request includes a first set of requirements for a first VPN tunnel in the plurality of VPN tunnels. The VPN manager sends a first VPN manager request to a first system in a first cloud, wherein the first system creates the first VPN tunnel according to the first set of requirements. The VPN manager receives a request from a second cloud application resident in the first cloud. The request includes a second set of requirements for a VPN tunnel in the plurality of VPN tunnels. The VPN manager sends a second VPN manager request to the system in a first cloud, wherein the second VPN manager request contains the second set of requirements.

Abstract: Optimizing ingestion of security structured data into a graph database for security analytics is provided. A plurality of streams of information is received from a plurality of security information sources. Respective subsets of information are ingested from each of the plurality of security information sources to generate small subgraphs of security information. Each of the small subgraphs comply to a schema used by a master knowledge graph. A batch process is performed to ingest a plurality of small subgraphs into the master knowledge graph.

Abstract: A method, apparatus and computer program product manage a plurality of VPN tunnels between a first cloud and a second cloud in a hybrid cloud environment is described. A first virtual private network (VPN) agent manages a first VPN tunnel in a plurality of VPN tunnels. The first VPN tunnel provides communication for traffic between a first node in a first cloud and a second node in a second cloud in a hybrid cloud environment. The agent receives a request from a VPN manager which includes a first set of requirements for a first cloud application for the first VPN tunnel in the plurality of VPN tunnels. The agent creates the first VPN tunnel according to the first set of requirements. Next, the agent receives a modification request from the VPN manager containing a second set of requirements for a second cloud application.

Abstract: Embodiments of the present invention provide systems and methods for performing a security analysis on a set of observables by inferring malicious relationships. The method includes receiving a set of observables and structured and unstructured threat data. The method further includes analyzing the observables and the structured and unstructured threat data using cognitive computing, and creating and transferring a subgraph.

Abstract: In response to an attempt to install an instance of a container in a production environment, a set of security criteria associated with the container and features of the production environment are compared. Based on the comparison, a determination is made as to whether the features of the production environment satisfy the set of security criteria.

Abstract: In response to an attempt to install an instance of a container in a production environment, a set of security criteria associated with the container and features of the production environment are compared. Based on the comparison, a determination is made as to whether the features of the production environment satisfy the set of security criteria.

Abstract: A method, apparatus and computer program product manage a plurality of VPN tunnels between a first cloud and a second cloud in a hybrid cloud environment is described. A first virtual private network (VPN) agent manages a first VPN tunnel in a plurality of VPN tunnels. The first VPN tunnel provides communication for traffic between a first node in a first cloud and a second node in a second cloud in a hybrid cloud environment. The agent receives a request from a VPN manager which includes a first set of requirements for a first cloud application for the first VPN tunnel in the plurality of VPN tunnels. The agent creates the first VPN tunnel according to the first set of requirements. Next, the agent receives a modification request from the VPN manager containing a second set of requirements for a second cloud application.

Abstract: Embodiments of the present invention provide systems and methods for performing a security analysis on a set of observables by inferring malicious relationships. The method includes receiving a set of observables and structured and unstructured threat data. The method further includes analyzing the observables and the structured and unstructured threat data using cognitive computing, and creating and transferring a subgraph.

Abstract: Embodiments of the present invention provide systems and methods for performing a security analysis on a set of observables by inferring malicious relationships. The method includes receiving a set of observables and structured and unstructured threat data. The method further includes analyzing the observables and the structured and unstructured threat data using cognitive computing, and creating and transferring a subgraph.

Abstract: Embodiments of the present invention provide systems and methods for performing a security analysis on a set of observables by inferring malicious relationships. The method includes receiving a set of observables and structured and unstructured threat data. The method further includes analyzing the observables and the structured and unstructured threat data using cognitive computing, and creating and transferring a subgraph.

Abstract: In response to an attempt to install an instance of a container in a production environment, a set of security criteria associated with the container and features of the production environment are compared. Based on the comparison, a determination is made as to whether the features of the production environment satisfy the set of security criteria.

Abstract: Mechanisms are provided for facilitating recertification of a user access entitlement. These mechanisms collect, from a system resource of the data processing system, access information representative of accesses of the system resource by a user access entitlement. These mechanisms determine that recertification of the user access entitlement, with regard to the system resource, is to be performed and a pattern of access is determined based on the access information for the user access entitlement. A recertification request graphical user interface is output to a user based on the pattern of access. The graphical user interface includes the pattern of access and one or more graphical user interface elements for receiving a user input specifying acceptance or denial of the recertification of the user access entitlement.

Abstract: In an approach to user authorization by mobile-optimized CAPTCHA, a computing device detects information suggesting a risk level. The computing device displays one or more prompts based on the risk level. The computing device receives a user response in the form of touchless, gesture-based input. The computing device makes a CAPTCHA determination based on the user response.

Abstract: Mechanisms are provided for facilitating recertification of a user access entitlement. These mechanisms collect, from a system resource of the data processing system, access information representative of accesses of the system resource by a user access entitlement. These mechanisms determine that recertification of the user access entitlement, with regard to the system resource, is to be performed and a pattern of access is determined based on the access information for the user access entitlement. A recertification request graphical user interface is output to a user based on the pattern of access. The graphical user interface includes the pattern of access and one or more graphical user interface elements for receiving a user input specifying acceptance or denial of the recertification of the user access entitlement.