Abstract: Example methods disclosed herein to determine whether a first monitored device is compromised include determining a first entropy value for the first monitored device based on a first number of unique event identifiers included in log entries obtained for the first monitored device, the log entries associated with a first time window. Disclosed example methods also include determining a second entropy value for the first monitored device based on numbers of unique event identifiers included in corresponding groups of log entries obtained for respective ones of a plurality of monitored devices including the first monitored device, the groups of log entries associated with the first time window. Disclosed example methods further include determining whether the first monitored device is compromised based on the first entropy value and the second entropy value, and performing an action in response to a determination that the first monitored device is compromised.

Abstract: Example methods disclosed herein to determine whether a first monitored device is compromised include determining a first entropy value for the first monitored device based on a first number of unique event identifiers included in log entries obtained for the first monitored device, the log entries associated with a first time window. Disclosed example methods also include determining a second entropy value for the first monitored device based on numbers of unique event identifiers included in corresponding groups of log entries obtained for respective ones of a plurality of monitored devices including the first monitored device, the groups of log entries associated with the first time window. Disclosed example methods further include determining whether the first monitored device is compromised based on the first entropy value and the second entropy value, and performing an action in response to a determination that the first monitored device is compromised.

Abstract: Example methods disclosed herein to determine whether a first monitored device is compromised include determining a first entropy value for the first monitored device based on a first number of unique event identifiers included in log entries obtained for the first monitored device, the log entries associated with a first time window. Disclosed example methods also include determining a second entropy value for the first monitored device based on numbers of unique event identifiers included in corresponding groups of log entries obtained for respective ones of a plurality of monitored devices including the first monitored device, the groups of log entries associated with the first time window. Disclosed example methods further include determining whether the first monitored device is compromised based on the first entropy value and the second entropy value, and performing an action in response to a determination that the first monitored device is compromised.

Abstract: A computing system performs adaptive clustering of machines (e.g., computing devices) and/or machine users in an organization for attack surface reduction (ASR) responsively to event feedback including system-based exclusion events and user-based requests for exclusion. The cluster adaptation may be applied to conventional vector-quantization clustering algorithms, for example K-Means, expectation-maximization (EM) clustering, or affinity clustering, to provide adaptable clusters of machines or users. The adaptation enables aggregation or disaggregation of endpoints into clusters to minimize negative business impacts on the organization while maximizing security in view of changes in the organization that occur dynamically such as varying roles for users, new applications and updates being released, and the like.

Abstract: Embodiments provide for a security information and event management (SIEM) system utilizing distributed agents that can intelligently traverse a network to exfiltrate data in an efficient and secure manner. A plurality of agent devices can dynamically learn behavioral patterns and/or service capabilities of other agent devices in the networking environment, and select optimal routes for exfiltrating event data from within the network. The agent devices can independently, selectively, or collectively pre-process event data for purposes of detecting a suspect event from within the network. When a suspect event is detected, agent devices can select a target device based on the learned service capabilities and networking environment, and communicate the pre-processed event data to the target device. The pre-processed event data is thus traversed through the network along an optimal route until it is exfiltrated from the network and stored on a remote server device for storage and further analysis.

Abstract: Embodiments provide for a security information and event management (SIEM) system utilizing distributed agents that can intelligently traverse a network to exfiltrate data in an efficient and secure manner. A plurality of agent devices can dynamically learn behavioral patterns and/or service capabilities of other agent devices in the networking environment, and select optimal routes for exfiltrating event data from within the network. The agent devices can independently, selectively, or collectively pre-process event data for purposes of detecting a suspect event from within the network. When a suspect event is detected, agent devices can select a target device based on the learned service capabilities and networking environment, and communicate the pre-processed event data to the target device. The pre-processed event data is thus traversed through the network along an optimal route until it is exfiltrated from the network and stored on a remote server device for storage and further analysis.

Abstract: A computing system performs adaptive clustering of machines (e.g., computing devices) and/or machine users in an organization for attack surface reduction (ASR) responsively to event feedback including system-based exclusion events and user-based requests for exclusion. The cluster adaptation may be applied to conventional vector-quantization clustering algorithms, for example K-Means, expectation-maximization (EM) clustering, or affinity clustering, to provide adaptable clusters of machines or users. The adaptation enables aggregation or disaggregation of endpoints into clusters to minimize negative business impacts on the organization while maximizing security in view of changes in the organization that occur dynamically such as varying roles for users, new applications and updates being released, and the like.

Abstract: Example methods disclosed herein to determine whether a first monitored device is compromised include determining a first entropy value for the first monitored device based on a first number of unique event identifiers included in log entries obtained for the first monitored device, the log entries associated with a first time window. Disclosed example methods also include determining a second entropy value for the first monitored device based on numbers of unique event identifiers included in corresponding groups of log entries obtained for respective ones of a plurality of monitored devices including the first monitored device, the groups of log entries associated with the first time window. Disclosed example methods further include determining whether the first monitored device is compromised based on the first entropy value and the second entropy value, and performing an action in response to a determination that the first monitored device is compromised.

Abstract: Features of the present disclosure solve the above-identified problem by implementing user and entity behavior analytics (UEBA) system to group one or more computer machines into different clusters based on monitored behavior of the one or more computer machines. Specifically, a network device (e.g., administrator computer system) may monitor the activity of the one or more computer machines for a predetermined time period in order to identify the applications that the computer machines utilize. Based on the clustering and the identifying, the network device may automatically apply different access control policies for different clusters of machines and review those access control policies against future behavior periodically. By clustering machines based on usage behavior patterns and automatically recommending a rule set for deployment, the UEBA system may reduce potential points of failure for cybersecurity breaches.

Abstract: Detecting a malware attack includes monitoring an event log of a first device, wherein the event log identifies events indicating that the first device is likely compromised, determining an expected rate of log entries during a time window, identifying that an actual rate of log entries during the time window satisfies a threshold, determining, in response to the identifying, that the first device is a compromised device, and performing an action in response to determining that the first device is a compromised device.

Abstract: Detecting a malware attack includes monitoring an event log of a first device, wherein the event log identifies events indicating that the first device is likely compromised, determining an expected rate of log entries during a time window, identifying that an actual rate of log entries during the time window satisfies a threshold, determining, in response to the identifying, that the first device is a compromised device, and performing an action in response to determining that the first device is a compromised device.

Abstract: A portable data storage module comprises a control module, a wireless communication module, a rewriteable memory and a data transfer button. When the data transfer button is actuated, the portable data storage module wakes from a sleep mode and the control module initiates a data transfer via the wireless communication module with a device. After the data transfer, the portable data storage module reenters the sleep mode. The portable data storage module may be configured to transfer data, such as a trip plan, between a network host and an in-cab driver communication module. The portable data storage module may also store and maintain additional data, such as a driver log.

Abstract: In an embodiment, the invention is directed to a device including an environmental condition sensor, a light sensor; and a control module. The control module associates a light intensity above a defined threshold with an open-door status of a container. In another embodiment, a device includes an environmental condition sensor, a rewriteable memory that stores environmental condition data from the environmental condition sensor, and a wireless communication module that transmits stored environmental condition data. Embodiments of the invention may be useful to provide techniques for monitoring environmental conditions within a container, such as a refrigerated trailer.

Abstract: A portable data storage module comprises a control module, a wireless communication module, a rewriteable memory and a data transfer button. When the data transfer button is actuated, the portable data storage module wakes from a sleep mode and the control module initiates a data transfer via the wireless communication module with a device. After the data transfer, the portable data storage module reenters the sleep mode. The portable data storage module may be configured to transfer data, such as a trip plan, between a network host and an in-cab driver communication module. The portable data storage module may also store and maintain additional data, such as a driver log.

Abstract: A portable data storage module comprises a control module, a wireless communication module, a rewriteable memory and a data transfer button. When the data transfer button is actuated, the portable data storage module wakes from a sleep mode and the control module initiates a data transfer via the wireless communication module with a device. After the data transfer, the portable data storage module reenters the sleep mode. The portable data storage module may be configured to transfer data, such as a trip plan, between a network host and an in-cab driver communication module. The portable data storage module may also store and maintain additional data, such as a driver log.

Abstract: In an embodiment, the invention is directed to a device comprising an environmental condition sensor, a light sensor; and a control module, wherein the control module associates a light intensity above a defined threshold with an open-door status of a container. In another embodiment, a device comprises an environmental condition sensor, a rewriteable memory that stores environmental condition data from the environmental condition sensor, and a wireless communication module that transmits stored environmental condition data. Embodiments of the invention may be useful to provide techniques for monitoring environmental conditions within a container, such as a refrigerated trailer.

Abstract: A portable data storage module comprises a control module, a wireless communication module, a rewriteable memory and a data transfer button. When the data transfer button is actuated, the portable data storage module wakes from a sleep mode and the control module initiates a data transfer via the wireless communication module with a device. After the data transfer, the portable data storage module reenters the sleep mode. The portable data storage module may be configured to transfer data, such as a trip plan, between a network host and an in-cab driver communication module. The portable data storage module may also store and maintain additional data, such as a driver log.

Abstract: A system and method for managing wireless vehicular communications include a system and method for vehicle protocol conversion. The system and method for vehicle protocol conversion have the ability to receive messages through a vehicle bus connector according to a vehicle bus protocol, analyze the messages to determine whether they should be transmitted, and transmit the messages over a wireless link if they should be transmitted.

Abstract: A system and method for sending high fidelity sound between wireless units include the capability to receive audible sounds at a wireless unit and generate signals that represent the audible sounds. The system and method also include the capability to encode a first portion of the signals and encode a second portion of the signals. The system and method further include the capability to transmit the first encoded portion over a first synchronous channel and transmit the second encoded portion over a second synchronous channel.

Abstract: A system and method for managing wireless vehicular communications include a system and method for vehicle protocol conversion. The system and method for vehicle protocol conversion have the ability to receive messages through a vehicle bus connector according to a vehicle bus protocol, analyze the messages to determine whether they should be transmitted, and transmit the messages over a wireless link if they should be transmitted.