Abstract: A method for controlling application enabling includes receiving from a particular user an indication of data for sharing and an indication of one or more recipients with which to share the data. A multidimensional zone is determined based on the indication of the data and the indication of the one or more recipients. A request from the particular user to enable a particular application via a computing device is detected. Data permission requirements of the particular application are accessed, and a multidimensional coordinate is determined based on the data permission requirements of the particular application. The multidimensional zone is compared to the multidimensional coordinate, and the particular user is notified via the computing device of the comparing of the multidimensional zone to the multidimensional coordinate. An affirmation of the request is received from the particular user via the computing device, and the particular application is enabled responsive to the affirmation of the request.

Abstract: A central platform remote from a local network can detect anomalies on the local network. The central platform can assign a unique pair of DNS server IP addresses to the local network. The central platform can receive configuration data from the local network and use the configuration data and the assigned pair of DNS server IP addresses to uniquely identify devices on the local network. In the case that current network flow statistics do not match expected network flow statistics for the local network, a device causing the anomalous behavior can be identified using the assigned pair of DNS server IP addresses and configuration data.

Abstract: A device control method includes monitoring location of a first user device of a first user and receiving an indication of a location of a second user device. The method further includes monitoring use of the second user device and determining a first time of use on the second user device. The first time of use on the second user device is allocated to a use time of a second user based on the location of the first user device relative to the location of the second user device, and a functional component of a third user device of the second user is disabled based at least on the use time of the second user.

Abstract: Minimizing the latency of on-device detection of malicious executable files, without sacrificing accuracy, by applying a machine learning model to an executable file in quantized steps. Allowing a threshold confidence level to be set to different values enables controlling the tradeoff between accuracy and latency in generating a confidence level indicative of whether the executable file includes malware.

Abstract: Systems and methods receive a form having one or more fields for receiving personally identifying information (PII). Input data that includes PII is received for the form. The system and methods model the characteristics of true PII to generate a model associated with the form. Synthetic PII is generated based, at least in part, the true provided to the one or more fields of the form.

Abstract: A method of generating a synthetic user profile to protect the user's privacy includes generating a synthetic profile comprising a plurality of profile elements and selecting a network egress point for use with the synthetic profile. The synthetic profile elements and egress point have a consistent geographic location, or the synthetic profile elements are consistent with other external information.

Abstract: A method of controlling use of network-connectable devices is provided. The method includes monitoring by a first computational process, operating at a first processor utilization level, communication on a user device operated by a particular user and determining based on the monitoring by the first computational process a trigger event. The method further includes monitoring by a second computational process, operating at a second processor utilization level higher than the first processor utilization level, the communication on the user device responsive to determining the trigger event. Use of the user device is restricted based at least on the monitoring by the second computational process of the communication.

Abstract: An electronic messaging method is provided, the method implemented by one or more processors. The method includes launching a textual communication application by a user device including a user interface. In the user interface a data entry interface is enabled including language elements in a particular language determined based on an international calling code of a stored textual communication involving a user of the user device or a language of a stored textual communication involving a user of the user device, the stored textual communication comprising text transmitted by the user of the user device or text received by the user of the user device from a particular party. Textual input is received via the data entry interface including the language elements in the particular language.

Abstract: A method of controlling use of network-connectable devices is provided. First network requests from a first user device executing a first operating system are monitored, and applications operating in the foreground on the first user device during the first network requests are monitored. A model is trained based on the first network requests and based on the applications respectively operating in the foreground on the first user device during the first network requests. Second network requests from a second user device executing a second operating system are monitored, and the model is applied to the second network requests from the second user device to determine a particular application operating in the foreground on the second user device. A function of the second user device is restricted based on the determining of the particular application operating in the foreground on the second user device.

Abstract: A method of selecting devices on a private network for security protection via a network security device comprises classifying devices on the private network into devices that are sometimes protected and devices that are always either protected or not protected. Threats are monitored, the threats comprising at least one of a macro security event and a local security event, the macro security event detected by one or more external systems and the local security event detected by one or more devices local to the private network. When a threat is detected, it is determined whether the detected threat is a threat to one or more devices on the private network classified as devices that are sometimes protected, and if the detected threat is determined to be a threat to the one or more devices that are sometimes protected the one or more devices are protected.

Abstract: A method of controlling use of network-connectable devices is provided. The method includes monitoring by a first computational process, operating at a first processor utilization level, communication on a user device operated by a particular user and determining based on the monitoring by the first computational process a trigger event. The method further includes monitoring by a second computational process, operating at a second processor utilization level higher than the first processor utilization level, the communication on the user device responsive to determining the trigger event. Use of the user device is restricted based at least on the monitoring by the second computational process of the communication.

Abstract: A device identification module identifies devices on a remote network, where the remote network may use Network Address Translation techniques. The device identification module can receive a list of devices on the remote network. The devices in the remote network can be identified by the device classification module based, at least in part, on the device classification and one or more of Dynamic Host Configuration Protocol (DHCP) information for the remote network, port sequences used in Network Address Translation on the remote network, and a live Uniform Resource Locator (URL) check performed on the remote network.

Abstract: A content filter setting method includes enabling a user to choose a setting of a filter for a particular application in a user interface of a user device. The setting of the filter is received from the user via the user interface, and a model is applied to determine a plurality of default settings of a plurality of filters of the particular application based on the setting of the filter and the identifying information of the user. The plurality of default settings is displayed in the user interface, and modified settings of the default settings are received via the user interface.

Abstract: Systems and methods are disclosed for automating customer service for a monitored device (MD). A method for an Internet of Everything management device to automate customer service for a monitored device comprises collecting sensor data from a plurality of sensors, wherein the plurality of sensors comprises a first sensor that is not included in the MD, determining whether the MD is exhibiting abnormal behavior based on an analysis of the collected sensor data, and transmitting a report to a customer service entity associated with the MD in response to a determination that the MD is exhibiting abnormal behavior.

Abstract: A method includes monitoring data security events on mobile computing devices and positions of the mobile computing devices when the plurality of data security events occurred. A plurality of demographic information of the plurality of geographic positions are determined and a classifier is trained based on the data security events and demographic information. A particular mobile computing device is determined to be located at a particular geographic location and particular demographic information of the particular geographic location is determined. The classifier is applied to the particular demographic information and a particular security risk prediction of the particular geographic location is generated. A particular security measure is activated on the particular mobile computing device based on the particular security risk prediction.

Abstract: Systems and methods for device type classification system include a rules engine and a machine learning engine. The machine learning engine can be trained using device type data from multiple networks. The machine learning engine and the rules engine can receive data for devices on a network at a first point in time. The data can be submitted to a rules engine and the machine learning engine, which each produce device type probabilities for devices on the network. The device type probabilities from the rules engine and the machine learning engine can be processed to determine device types for one or more devices on the network. As more data becomes available at later points in time, the additional data can be provided to the rules engine and the machine learning engine to update the device type determinations for the network.

Abstract: A device control method includes monitoring location of a first user device of a first user and receiving an indication of a location of a second user device. The method further includes monitoring use of the second user device and determining a first time of use on the second user device. The first time of use on the second user device is allocated to a use time of a second user based on the location of the first user device relative to the location of the second user device, and a functional component of a third user device of the second user is disabled based at least on the use time of the second user.

Abstract: A content filter setting method includes enabling a user to choose a setting of a filter for a particular application in a user interface of a user device. The setting of the filter is received from the user via the user interface, and a model is applied to determine a plurality of default settings of a plurality of filters of the particular application based on the setting of the filter and the identifying information of the user. The plurality of default settings is displayed in the user interface, and modified settings of the default settings are received via the user interface.

Abstract: Systems, methods, and devices of the various aspects enable detecting a malfunction caused by radio frequency (RF) interference. A computing device processor may identify a location of the computing device based on a plurality of real-time data inputs received by the computing device. The processor may characterize an RF environment of the computing device based on the identified location and the plurality of real-time data inputs. The processor may determine at least one RF emissions threshold based on the characterization of the RF environment. The processor may compare the characterization of the RF environment to the at least one RF emissions threshold, and may perform an action in response to determining that the characterization of the RF environment exceeds the at least one RF emissions threshold.

Abstract: A method of identifying malicious activity in a sequence of computer instructions includes monitoring data flows from a public network to one or more networked devices on a private network and to one or more honeypots that appear to the public network to be devices on the private network, representing each such data flow as a word, and the sequence of data flows as comprising an n-gram of two or more words. The data flows are characterized with a likelihood of being malicious based on their statistical association with the one or more honeypots relative to their statistical association with one or more networked devices. Identified malicious activity is used to train a network device to identify malicious data flows and prevent them from reaching devices on the private network.