Abstract: Disclosed is a computerized system for neutralizing misappropriated electronic files. The system typically includes a processor, a memory, and an electronic file neutralizing module stored in the memory. The system is typically configured for: determining that a first electronic file has been misappropriated; determining one or more identifying characteristics of the first electronic file; creating a second electronic file, wherein the second electronic file has different content than the first electronic file but comprises the one or more identifying characteristics of the first electronic file; and submitting the second electronic file to a third party providing a content inspection system that neutralizes malicious electronic documents.

Abstract: Disclosed is a computerized system for determining the collective effectiveness of information security technologies. The system typically includes a processor, a memory, and an information security analysis module stored in the memory. The system for is typically configured for: determining a security score for each element of a security technology defense matrix, a first dimension of the security technology defense matrix corresponding to a plurality of resource classes, and a second dimension of the security technology defense matrix corresponding to a plurality of security operational functions; determining a defense-in-depth score for each resource class and each security operational function; determining an aggregate security score; and providing the aggregate security score the defense-in-depth scores for each resource class and each security operational function to a user computing device. The system may be configured to provide technology deployment recommendations.

Abstract: Disclosed is a computerized system for dynamically updating a honeypot computer environment. The system typically includes a processor, a memory, and a honeypot management module stored in the memory. The system for is typically configured for: creating a honeypot environment within a computer network, the honeypot environment comprising a software application, wherein the computer network has one or more other environments, the honeypot environment being isolated from the other environments of the computer network; receiving an update to the software application for implementation in at least one of the other environments of the computer network; and, based on receiving the update to the software application for implementation in at least one of the other environments of the computer network, automatically implementing the update to the software application within the honeypot environment.

Abstract: Disclosed is a computerized system for detecting unauthorized code in a software application. The system typically includes a processor, a memory, and a software analysis module stored in the memory. The system for is typically configured for: executing a software application in a development environment and in a production environment; monitoring execution of the software application in the development environment and in the production environment; comparing the execution of the software application in the development environment and the execution of the software application in the production environment; identifying a discrepancy between the execution of the software application in the development environment and the execution of the software application in the production environment; and, based on identifying the discrepancy, transmitting an alert to a user computing device. Unauthorized code associated with the discrepancy may then be removed from the software application.

Abstract: Data specifying a new edge of a graph database may be received. A data store for storing the new edge may be identified from amongst a plurality of data stores utilized to store one or more portions of the graph database. Each of the plurality of data stores may be associated with a set of values corresponding to an aspect of edges of the graph database. The data store for storing the new edge may be identified based on the new edge being associated with a value corresponding to the aspect of edges of the graph database that is within a set of values corresponding to the aspect of edges of the graph database associated with the data store for storing the new edge.

Abstract: Data specifying a new edge of a graph database may be received. A data store for storing the new edge may be identified from amongst a plurality of data stores utilized to store one or more portions of the graph database. Each of the plurality of data stores may be associated with a set of values corresponding to an aspect of edges of the graph database. The data store for storing the new edge may be identified based on the new edge being associated with a value corresponding to the aspect of edges of the graph database that is within a set of values corresponding to the aspect of edges of the graph database associated with the data store for storing the new edge.

Abstract: Aspects of the present disclosure are directed to methods and systems of hypervisor driven embedded endpoint security monitoring. A computer implemented method may include providing one or more computer processors configured to operate a bare-metal hypervisor; launching a user OS virtual machine operatively connected to the hypervisor; launching a security virtual machine operatively connected to the hypervisor and receiving data from the security virtual machine via the hypervisor; and receiving data representative of security information from the computer processor processed by the security virtual machine. The hypervisor may include using a virtual switch for providing communications between the user OS virtual machine and the security virtual machine. The method may include using the security virtual machine to monitor malware on the user OS virtual machine.

Abstract: A method is disclosed, where some embodiments of the method include installing at least one benign malware indicator on one or more computing devices, monitoring the one or more computing devices for the presence of the at least one benign malware indicator, and responsive to determining the benign malware indicator is no longer present, sending a notification indicating the benign malware indicator is no longer detected as present on the one or more computing devices. Other embodiments include performing an antivirus scan or identifying unauthorized software programs. An apparatus and one or more non-transitory computer-readable media storing computer-readable instructions capable of performing similar actions, the latter in conjunction with a computer executing instructions stored on the media, are also disclosed.

Abstract: Systems, methods, computer-readable media, and apparatuses for identifying a source of an unauthorized disclosure of information are provided. For instance, a document may be generated and transmitted to a plurality of users. The document transmitted may be the same document (e.g., no additional documents are created for different users). Upon accessing the document, users in different groups of users may view different data items in a data item field in the document. If a disclosure is made, the data item disclosed may aid in identifying the group of users who viewed that data item and may be the source of the disclosure. That identified group may then be further sorted or divided into two or more subgroups and another document may be transmitted to the plurality of users. The process may continue in this manner until a source of the disclosure is identified.

Abstract: Methods of analyzing malware and other suspicious files are presented, where some embodiments include analyzing the behavior of a first malware sample on both a virtual machine and a physical computing device, the physical device having been booted from a secondary boot source, and determining whether the behavior of the malware sample was different on the virtual machine and the physical computing device. In certain embodiments, a notification indicating that the behavior was different may be generated. In other embodiments, a malware analysis computing device that is configured to receive a base hard drive image may be network booted, and the behavior of the malware sample on the malware analysis computing device may be analyzed. In certain embodiments, a malware-infected hard drive image may then be copied off the malware analysis computing device.

Abstract: Systems, methods and apparatuses for ensuring that a computing device is attempting to connect to a network, such as a wireless network, provided by an expected or trusted entity. For instance, a certificate may be generated for a network and/or associated with the network. The certificate may then be transmitted to one or more computing devices that may be authorized to access the network. Accordingly, when the computing device selects the network for connection, the system may determine whether the certificate associated with the network is paired with the certificate provided on the computing device. If so, the computing device may be permitted to transmit data over the network. Alternatively, if the network certificate is not paired with the certificate provided on the computing device, the computing device may be prevented from transmitting data over the network.

Abstract: Prioritizing software updates in the context of runtime application self-protection (RASP) security. A software update is received for an application software that is running under the control of RASP security, which monitors the application software and works to prohibit one or more runtime operations of the application software. The software update is analyzed to determine whether any runtime operations of the application software that will be affected by the software update are any of the runtime operations prohibited by the RASP security. If the software update affects only runtime operation(s) of the application software that is prohibited, then the priority status of the software update can be downgraded.

Abstract: Methods, apparatuses, and computer readable media for malicious request attribution are presented. For example, according to one aspect, requests for one or more records may be received from a requesting computing device. A determination may be made that the requests are of a malicious nature. Responsive to determining that the requests are of a malicious nature, one or more requests for obtaining information about the requesting computing device may be generated, and communicated to the requesting computing device. In some embodiments, at least one of the one or more requests for obtaining information about the requesting computing device may be configured to cause the requesting computing device to fail to properly render at least a portion of a web page comprising at least one of the one or more records.

Abstract: Systems, methods and apparatuses for identifying and/or displaying an availability or virtual position of a user are provided. In some examples, a virtual position display may be provided and may include a plurality of user indicators. The user indicators may include an availability of the user. In some examples, a user may adjust a position of a user indicator. Adjustment of the user indicator closer to another user indicator may indicate an increased availability status of the user, while adjustment of the indicator away from another user indicator may indicate a decreased availability of the user. In some examples, the user indicator may include a level of activity indication received from one or more sensing devices associated with the user.

Abstract: Data specifying a new edge of a graph database may be received. A data store for storing the new edge may be identified from amongst a plurality of data stores utilized to store one or more portions of the graph database. Each of the plurality of data stores may be associated with a set of values corresponding to an aspect of edges of the graph database. The data store for storing the new edge may be identified based on the new edge being associated with a value corresponding to the aspect of edges of the graph database that is within a set of values corresponding to the aspect of edges of the graph database associated with the data store for storing the new edge.

Abstract: Data specifying a new edge of a graph database may be received. A data store for storing the new edge may be identified from amongst a plurality of data stores utilized to store one or more portions of the graph database. Each of the plurality of data stores may be associated with a set of values corresponding to an aspect of edges of the graph database. The data store for storing the new edge may be identified based on the new edge being associated with a value corresponding to the aspect of edges of the graph database that is within a set of values corresponding to the aspect of edges of the graph database associated with the data store for storing the new edge.

Abstract: Systems, methods and apparatuses for ensuring that a computing device is attempting to connect to a network, such as a wireless network, provided by an expected or trusted entity. For instance, a certificate may be generated for a network and/or associated with the network. The certificate may then be transmitted to one or more computing devices that may be authorized to access the network. Accordingly, when the computing device selects the network for connection, the system may determine whether the certificate associated with the network is paired with the certificate provided on the computing device. If so, the computing device may be permitted to transmit data over the network. Alternatively, if the network certificate is not paired with the certificate provided on the computing device, the computing device may be prevented from transmitting data over the network.

Abstract: Methods of analyzing malware and other suspicious files are presented, where some embodiments include analyzing the behavior of a first malware sample on both a virtual machine and a physical computing device, the physical device having been booted from a secondary boot source, and determining whether the behavior of the malware sample was different on the virtual machine and the physical computing device. In certain embodiments, a notification indicating that the behavior was different may be generated. In other embodiments, a malware analysis computing device that is configured to receive a base hard drive image may be network booted, and the behavior of the malware sample on the malware analysis computing device may be analyzed. In certain embodiments, a malware-infected hard drive image may then be copied off the malware analysis computing device.

Abstract: Data specifying a new edge of a graph database may be received. A data store for storing the new edge may be identified from amongst a plurality of data stores utilized to store one or more portions of the graph database. Each of the plurality of data stores may be associated with a set of values corresponding to an aspect of edges of the graph database. The data store for storing the new edge may be identified based on the new edge being associated with a value corresponding to the aspect of edges of the graph database that is within a set of values corresponding to the aspect of edges of the graph database associated with the data store for storing the new edge.

Abstract: Methods of analyzing malware and other suspicious files are presented, where some embodiments include analyzing the behavior of a first malware sample on both a virtual machine and a physical computing device, the physical device having been booted from a secondary boot source, and determining whether the behavior of the malware sample was different on the virtual machine and the physical computing device. In certain embodiments, a notification indicating that the behavior was different may be generated. In other embodiments, a malware analysis computing device that is configured to receive a base hard drive image may be networked booted, and the behavior of the malware sample on the malware analysis computing device may be analyzed. In certain embodiments, a malware-infected hard drive image may then be copied off the malware analysis computing device for further forensic analysis.