Abstract: An apparatus, related devices and methods, having a memory element operable to store instructions; and a processor operable to execute the instructions, such that the apparatus is configured to monitor software and hardware parameters on an electronic device that includes an application designated as a preferred application; determine whether the preferred application is running; detect a change in software or hardware parameters that indicates to reallocate resources to the preferred application; and apply, based on detecting the change in software or hardware parameters, an optimization policy that reallocates resources to a process associated with the preferred application.

Abstract: There is disclosed, by way of example, a computing apparatus having a hardware platform having a processor and a memory; and instructions encoded within the memory to: identify an online transaction involving a user; according to a plurality of contextual factors, determine a sensitivity level for the online transaction; and according to the sensitivity level, contextually increase security for the online transaction without altering at least one other online transaction.

Abstract: Methods, apparatus, systems, and articles of manufacture for orchestrating personal protection across digital assets are disclosed. An example apparatus includes at least one memory, instructions in the apparatus, and processor circuitry to execute the instructions to monitor digital assets associated with a protection threat surface to detect a protection event, determine one or more protection vectors associated with the digital assets in response to detecting the protection event, the one or more protection vectors including one or more values corresponding to an impact of the protection event on an overall protection posture associated with the protection threat surface, and determine protection remediation action for the digital assets based on the one or more protection vectors.

Abstract: Methods, apparatus, systems, and articles of manufacture for comprehensive user-centric protection of digital assets are disclosed. An example apparatus includes at least one memory, instructions in the apparatus, and processor circuitry to execute the instructions to identify digital assets associated with a protection threat surface, detect protection events corresponding to threats associated with the digital assets, and determine protection vectors associated with the digital assets based on the protection events, the protection vectors corresponding to protection capabilities associated with the digital assets.

Abstract: The present disclosure relates to a system and method for performing anti-malware scanning of data files that is data-centric rather than device-centric. In the example, a plurality of computing devices are connected via a network. An originating device creates or first receives data, and scans the data for malware. After scanning the data, the originating device creates and attaches to the data a metadata record including the results of the malware scan. The originating device may also scan the data for malware contextually-relevant to a second device.

Abstract: A system for controlling accesses to network enabled devices includes a network interface over which a hub communicates with network enabled devices, a processor, and a multilayer access control layer. The access control layer includes instructions that, when executed by the processor, cause the processor to detect, at the hub, a request representing an attempt by an application executing on a remote host device to access a network enabled device communicatively coupled to the hub, characterize the request according to a user of the remote host device, the application making the attempt, and the network enabled device, and determine whether to allow or deny the request based upon the characterization and a plurality of rules. The rules may include definitions of access rights, with respect to the network enabled device, for users, applications, commands or queries made by applications, remote host devices, and network domains.

Abstract: Methods, systems, and media for dynamically separating Internet of Things (IoT) devices in a network are provided. In accordance with some embodiments of the disclosed subject matter, a method for dynamically separating IoT devices in a network is provided, the method comprising: detecting a first IoT device in the network; monitoring network communication of the first IoT device; determining device information of the first IoT device based on the monitored network communication; and causing the first IoT device to communicate on a first subnet of a plurality of subnets in the network based on the device information.

Abstract: There is disclosed, by way of example, a computing apparatus, including a hardware platform having a processor and a memory; and instructions encoded within the memory to instruct the processor to provide access to a web conference; determine that an object has been shared via the web conference; determine a reputation for the object; and according to the reputation, modify a conference experience for at least one participant of the web conference

Abstract: There is disclosed in one example a computing endpoint, including: a hardware platform including a processor and a memory; an operating system to run on the hardware platform; a web browser to run on the operating system, and including an extension framework; and a management extension to run in the extension framework, and to contextually manage availability of other extensions according to a URL reputation and extension reputation.

Abstract: A technique for collecting and using signal reputation data, comprising obtaining a plurality of signal reputation data corresponding to a plurality of locations, categorizing the signal reputation data into groups, calculating signal circles for at least some of the groups based on a representative signal value for the corresponding group, calculating a signal reputation score for each signal circle, determining a best signal circle for a user mobile device within a predetermined distance of dead zones, and sending the best signal circle to the user mobile device based at least in part on the signal reputation score and a location of the user mobile device. In some embodiments, the technique may include some but not all of these actions and additional actions, such as suspending obtaining signal reputation data based on battery status.

Abstract: Methods and apparatus for managing online transactions involving personal data are disclosed. An example non-transitory computer readable medium comprises instructions that, when executed, cause a machine to at least encrypt user personal information for storage in a user information database, identify a request for personal information from a service provider, determine a reputation score of the service provider using a service reputation database, compare the reputation score against a threshold for reputability, cause presentation of a request for approval to provide user information to the service provider, in response to user approval, provide the user information to the service provider, and add the service provider to a list of service providers that have been given access to user information.

Abstract: The present disclosure relates to a system and method for performing anti-malware scanning of data files that is data-centric rather than device-centric. In the example, a plurality of computing devices are connected via a network. An originating device creates or first receives data, and scans the data for malware. After scanning the data, the originating device creates and attaches to the data a metadata record including the results of the malware scan. The originating device may also scan the data for malware contextually-relevant to a second device.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to verify encrypted handshakes. An example apparatus includes a message copier to clone a client introductory message, the client introductory message is included in a first handshake for network communication between a client and a server, a connection establisher to initiate a second handshake between the apparatus and the server based on the cloned client introductory message, and a decrypter to, in response to the second handshake, decrypt a certificate sent by the server.

Abstract: Methods and apparatus to detect adversarial malware are disclosed. An example adversarial malware detector includes a machine learning engine to classify a first feature representation representing features of a program as benign or malware, a feature perturber to, when the first feature representation is classified as benign, remove a first one of the features to form a second feature representation, and a decider to classify the program as adversarial malware when the machine learning engine classifies the second feature representation as malware.

Abstract: A technique includes providing real-time collective and collaborative navigation for one or more users to navigate to a destination. Each computing device associated with a member includes navigation objects that is pooled in a server and updated on each client device of users as one or more users navigate to a destination. A set of navigation objects may be created and distributed to the members within the group for the session, whereby the navigation objects are data structures that may be managed by a server. Based on a contextual trigger, the navigation object may be created or modified and used to provide a context to the navigation session. Navigation objects may continuously analyze user context and user situations to detect anomalies for one or more members in the group.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; a network interface; an operating system including a native internet protocol (IP) stack; and a security agent, including instructions encoded within the memory to instruct the processor to: establish a split virtual private network (VPN) tunnel with a remote VPN service; receive outgoing network traffic; direct a first portion of the outgoing traffic to the VPN tunnel, including determining that the first portion includes an outgoing domain name service (DNS) request; and direct a second portion of the outgoing traffic to the native IP stack.

Abstract: A technique for collecting and using signal reputation data, comprising obtaining a plurality of signal reputation data corresponding to a plurality of locations, categorizing the signal reputation data into groups, calculating signal circles for at least some of the groups based on a representative signal value for the corresponding group, calculating a signal reputation score for each signal circle, determining a best signal circle for a user mobile device within a predetermined distance of dead zones, and sending the best signal circle to the user mobile device based at least in part on the signal reputation score and a location of the user mobile device. In some embodiments, the technique may include some but not all of these actions and additional actions, such as suspending obtaining signal reputation data based on battery status.

Abstract: Code of a particular application is analyzed against a semantic model of a software development kit of a particular platform. The semantic model associates a plurality of application behaviors with respective application programming interface (API) calls of the particular platform. A set of behaviors of the particular application is identified based on the analysis of the code and a particular one of the set of behaviors is identified as an undesired behavior. The particular application can be automatically modified to remediate the undesired behavior. The particular application can be assigned to one of a plurality of device modes, and access to the particular application on a user device can be based on which of the plurality of device modes is active on the user device.

Abstract: Example methods, apparatus, systems and articles of manufacture to implement cooperative mitigation of distributed denial of service attacks originating in local networks are disclosed. An example network element disclosed herein is to detect a first distributed denial of service attack associated with first network traffic received by an Internet service provider network, the first network traffic originating from a first device connected to a local network. The disclosed example network element is also to implement a threat signaling client to transmit first information describing the first distributed denial of service attack to a threat signaling server implemented by a local network router of the local network, and receive second information from the threat signaling server of the local network, the second information to provide a notification when the first network traffic associated with the first distributed denial of service attack has been mitigated.

Abstract: Mechanisms for authorizing requests to access a resource are provided, the methods comprising: receiving a request to access the resource at a hardware processor from an Internet Protocol (IP) address; determining whether a rule applies to the request to access the resource; in response to determining that a rule does not apply to the request to access the resource, sending a request for authorization; receiving a response to the request for authorization; and in response to the response to the request for authorization indicating that access is authorized, providing a connection to the resource.