Abstract: Systems, methods, and related technologies for device software monitoring and device software updating are described. In certain aspects, a device is selected based on being a smart device and a software version of associated with the software of the device is determined. The device software may then be automatically updated if newer software is available.

Abstract: Systems, methods, and related technologies for device scanning are described. In certain aspects, a device is selected based on being a NAT device and information is accessed therefrom to determine a device communicatively coupled to the NAT device. The device communicatively coupled to the NAT device may then be scanned and the results stored.

Abstract: Systems, methods, and related technologies for profiling an entity and classifying an entity based on a profile are described. In certain aspects, accessing data associated with one or more communications of an entity is accessed and one or more behaviors based on the data associated with the one or more communications of the entity are determined. One or more sequences of the one or more behaviors of the entity are determined and a profile is determined based on the one or more sequences of the one or more behaviors, wherein the profile comprises a classification of the entity. The profile may then be stored.

Abstract: Systems, methods, and related technologies for device classification are described. In certain aspects, traffic data associated with a device and data from an external system can be accessed. The data can be processed to determine a device classification for the device. An action can be initiated based on the classification.

Abstract: Systems, methods, and related technologies for device software monitoring and device software updating are described. In certain aspects, a device is selected based on being a smart device and a software version of associated with the software of the device is determined. The device software may then be automatically updated if newer software is available.

Abstract: Systems, methods, and related technologies for device classification are described. In certain aspects, traffic data associated with a device and data from an external system can be accessed. The data can be processed to determine a device classification for the device. An action can be initiated based on the classification.

Abstract: Systems, methods, and related technologies for self-training classification are described. In certain aspects, a plurality of device classification methods with associated models are accessed. Each of the classification methods have an associated reliability level. The models of classification methods with a higher reliability level than other classifications methods are used to train the models associated with lower reliability level. The trained models and associated classification methods are thus improved.

Abstract: In an embodiment, a computer system is configured to receive, from a client computer, a request with one or more values; determine, based on the one or more values, whether the request is from a platform-specific application compiled for a first computer platform; determine, based on the one or more values, whether the platform-specific application is being executed within an emulator being executed by a second computer platform, wherein the second computer platform is different than the first computer platform.

Abstract: This document generally relates to systems, method, and other techniques for identifying and interfering with the operation of computer malware, as a mechanism for improving system security. Some implementations include a computer-implemented method by which a computer security server system performs actions including receiving a request for content directed to a particular content server system; forwarding the request to the particular content server system; receiving executable code from the particular content server system; inserting executable injection code into at least one file of the executable code; applying a security countermeasure to the combined executable code and executable injection code to create transformed code; and providing the transformed code to a client computing device.

Abstract: Techniques are provided for evaluating and modifying countermeasures based on aggregate transaction status. A first expression pattern is determined that occurs in each of first response messages served by the web server system in response to successful transactions of the transaction type. A second expression pattern is determined that occurs in each of second response messages served by the web server system in response to non-successful transactions of the transaction type requested. Aa status is determined for each of a plurality of transactions of the transaction type based on matching the first expression pattern or the second expression pattern to response messages served by the web server system. Aggregate status information for the transaction type based on the status for the set of operations is updated. Based on a change in the aggregate status information, a set of one or more security countermeasures is updated.

Abstract: In an embodiment, a computer system is configured to receive, from a client computer, a request with one or more values; determine, based on the one or more values, whether the request is from a platform-specific application compiled for a first computer platform; determine, based on the one or more values, whether the platform-specific application is being executed within an emulator being executed by a second computer platform, wherein the second computer platform is different than the first computer platform.

Abstract: Techniques for authenticated bypass of default security countermeasures are described. A request for an electronic resource, generated at a client computing device, is received. A security token generated at the client computing device, generated using a shared secret comprising a token recipe, is received. The security token received from the client computing device is validated. Validating the security token includes verifying an identity of the client computing device. Based on validating the security token, a level of trust for the client computing device is determined. Based on the level of trust for the client computing device, a modified set of security countermeasures is selected based on a default set of one or more security countermeasures that interfere with an ability of malware to interact with the electronic resource on the client computing device. The modified set of countermeasures is applied to the request for the electronic resource.

Abstract: Systems, methods, and related technologies for device classification are described. In certain aspects, one or more properties are selected based on associated respective ranks. The selected one or more properties are used with information associated with the device to determine a classification. The classification may then be stored.

Abstract: Systems, methods, and related technologies for device scanning are described. In certain aspects, a device is selected based on being a NAT device and information is accessed therefrom to determine a device communicatively coupled to the NAT device. The device communicatively coupled to the NAT device may then be scanned and the results stored.

Abstract: Systems, methods, and related technologies for device software monitoring and device software updating are described. In certain aspects, a device is selected based on being a smart device and a software version of associated with the software of the device is determined. The device software may then be automatically updated if newer software is available.

Abstract: This document generally relates to systems, method, and other techniques for identifying and interfering with the operation of computer malware, as a mechanism for improving system security. Some implementations include a computer-implemented method by which a computer security server system performs actions including receiving a request for content directed to a particular content server system; forwarding the request to the particular content server system; receiving executable code from the particular content server system; inserting executable injection code into at least one file of the executable code; applying a security countermeasure to the combined executable code and executable injection code to create transformed code; and providing the transformed code to a client computing device.

Abstract: A computer implemented method for improving security of a server computer that is configured to deliver computer program instructions to a remote client computer, and comprising, using an intermediary computer that is topologically interposed between the server computer and the remote client computer is provided. The intermediary computer is configured to intercept a first set of source code instructions from the server computer. The intermediary computer identifies first party operations that include operations on objects and the objects themselves. The intermediary computer identifies a first set of operations within the first party operations that are configured to define values for one or more objects based on one or more constants. The intermediary computer then generates a second set of operations, where the second set of operations are configured to define same values for the one or more objects, when executed by a web browser on the client computer.

Abstract: Systems, methods, and other techniques for improving the operation of computing systems are described. Some implementations include a computer-implemented method. The method can include intercepting, at an intermediary computing system, messages communicated between a web server system and one or more client computing devices. A subset of the intercepted messages can be selected that are determined to commonly relate to a particular web transaction. The method can identify an expression pattern that occurs in the subset of the intercepted messages, and can determine that the identified expression pattern matches a first pre-defined expression pattern from among a plurality of different pre-defined expression patterns. A status of the particular web transaction can be determined based on the first pre-defined expression pattern that matches the identified expression pattern occurring in the subset of the intercepted messages.

Abstract: Techniques are provided for a security policy for browser extensions. Second detection code, when executed at a second client computing device, gathers and transmits information relating to browser extensions operating on the second client computing device. second browser extension data generated by the second detection code is received. It is determined, based the second browser extension data, that a second browser extension operating on the second client computing device is associated with a second request from the second client computing device to the first web server system. It is determined that the second browser extension is not whitelisted with respect to the first web server system. In response to determining that the second browser extension is not whitelisted with respect to the first web server system, performing a second automated response that causes the first web server system to not process the second request.

Abstract: Systems, methods, and related technologies for account access monitoring are described. In certain aspects, a login request associated with a device can be analyzed and a score determined. The score and a threshold can be used to determine whether to initiate an action.