Abstract: A device, system and method for privacy enhanced proximity detection by secure collaboration between a first party without access to user locations and a second party without access to a target user identifier. The second party may receive from the first party a homomorphic encryption public key and homomorphic encrypted target user identifier or masked target location, and may determine an associated homomorphic encrypted target user location. The second party may search a homomorphically encrypt database of user locations and associated user identifiers for homomorphic encrypted proximate user identifiers associated with homomorphic encrypted user locations proximate to the homomorphic encrypted target user location. The second party may send the first user the search result of homomorphic encrypted proximate user identifiers to be decrypted by the first party with a private key to identify proximate user identifiers without knowing their locations.

Abstract: A device, system and method for privacy enhanced proximity detection by secure collaboration between a first party without access to user locations and a second party without access to a target user identifier. The second party may receive from the first party a homomorphic encryption public key and homomorphic encrypted target user identifier or masked target location, and may determine an associated homomorphic encrypted target user location. The second party may search a homomorphically encrypt database of user locations and associated user identifiers for homomorphic encrypted proximate user identifiers associated with homomorphic encrypted user locations proximate to the homomorphic encrypted target user location. The second party may send the first user the search result of homomorphic encrypted proximate user identifiers to be decrypted by the first party with a private key to identify proximate user identifiers without knowing their locations.

Abstract: A method in one embodiment comprises receiving at least one new authoritative source, accessing a plurality of existing controls and a plurality of existing authoritative sources, converting a data structure of the at least one new authoritative source and data structures of the plurality of existing controls and existing authoritative sources into a plurality of vector representations, using the plurality of vector representations to compute similarities between the at least one new authoritative source and at least a subset of the plurality of existing controls and existing authoritative sources, generating a plurality of candidate controls for mapping to the at least one new authoritative source, and transmitting to a user a recommendation identifying a proposed mapping of one or more of the plurality of candidate controls to the at least one new authoritative source.

Abstract: A method in one embodiment comprises defining a plurality of fields in a plurality of electronic documents, wherein the plurality of fields respectively correspond to governance, risk and compliance system data structures, identifying a plurality of relationships between the electronic documents based on one or more cross-references between fields of two or more different electronic documents of the plurality of electronic documents, and assigning respective ranks to the plurality of electronic documents based on the relationships. In the method, a query is received from a user device, and a listing of candidate documents of the plurality of electronic documents is retrieved in response to the query. Scores for respective ones of the candidate documents are computed based on at least the assigned ranks, and a response to the query is transmitted to the user device, wherein the response comprises the listing of candidate documents sorted according to the computed scores.

Abstract: A method includes obtaining information regarding authentication events for users accessing assets of an enterprise system. The method also includes determining a likelihood of a given asset of the enterprise system becoming compromised responsive to compromise of a given user of the enterprise system. The method further includes determining an importance of the given asset based at least in part on a criticality value associated with the given asset, and generating a risk score for the given asset based at least in part on the determined likelihood of the given asset becoming compromised responsive to compromise of the given user and the determined importance of the given asset. The method further includes identifying remedial actions to reduce the risk score for the given asset and implementing, prior to detecting compromise of the given user, at least one of the remedial actions to modify a configuration of the given asset.

Abstract: A method includes scanning a subset of a plurality of processing nodes in a network for vulnerabilities, selecting a first one of the processing nodes not in the subset, and determining a similarity measure between the first processing node and at least a second one of the processing nodes in the subset identified as having a given vulnerability. Determining the similarity measure comprises determining a first similarity between vulnerabilities previously detected on the first and second processing nodes and determining a second similarity between attributes of the first and second processing nodes, the similarity measure being based at least in part on the first and second similarities. The method also includes identifying that the first processing node has the given vulnerability based at least in part on the similarity measure, and modifying access to the first processing node responsive to identifying that the first processing node has the given vulnerability.

Abstract: A method in one embodiment comprises defining a plurality of fields in a plurality of electronic documents, wherein the plurality of fields respectively correspond to governance, risk and compliance system data structures, identifying a plurality of relationships between the electronic documents based on one or more cross-references between fields of two or more different electronic documents of the plurality of electronic documents, and assigning respective ranks to the plurality of electronic documents based on the relationships. In the method, a query is received from a user device, and a listing of candidate documents of the plurality of electronic documents is retrieved in response to the query. Scores for respective ones of the candidate documents are computed based on at least the assigned ranks, and a response to the query is transmitted to the user device, wherein the response comprises the listing of candidate documents sorted according to the computed scores.

Abstract: A method includes obtaining information regarding authentication events for users accessing assets of an enterprise system. The method also includes determining a likelihood of a given asset of the enterprise system becoming compromised responsive to compromise of a given user of the enterprise system. The method further includes determining an importance of the given asset based at least in part on a criticality value associated with the given asset, and generating a risk score for the given asset based at least in part on the determined likelihood of the given asset becoming compromised responsive to compromise of the given user and the determined importance of the given asset. The method further includes identifying remedial actions to reduce the risk score for the given asset and implementing, prior to detecting compromise of the given user, at least one of the remedial actions to modify a configuration of the given asset.

Abstract: There are disclosed herein a technique for use in security. In at least one embodiment, the technique comprises receiving information relating to users and performing an affinity propagation clustering operation in connection with the information to identify a cluster of similar users. Further, the technique determines a risk in connection with a user in the cluster by comparing the user to one or more other users in the cluster. Still further, based on the risk in connection with the user, the technique controls access by the user to a computerized resource.

Abstract: A method in one embodiment comprises receiving at least one new authoritative source, accessing a plurality of existing controls and a plurality of existing authoritative sources, converting a data structure of the at least one new authoritative source and data structures of the plurality of existing controls and existing authoritative sources into a plurality of vector representations, using the plurality of vector representations to compute similarities between the at least one new authoritative source and at least a subset of the plurality of existing controls and existing authoritative sources, generating a plurality of candidate controls for mapping to the at least one new authoritative source, and transmitting to a user a recommendation identifying a proposed mapping of one or more of the plurality of candidate controls to the at least one new authoritative source.

Abstract: A method includes generating a tokenized representation of a given software script, the tokenized representation comprising two or more tokens representing two or more commands in the given software script. The method also includes mapping the tokens of the tokenized representation to a vector space providing contextual representation of the tokens utilizing an embedding layer of a deep learning network, detecting sequences of the mapped tokens representing sequences of commands associated with designated types of script behavior utilizing at least one hidden layer of the deep learning network, and classifying the given software script based on the detected sequences of the mapped tokens utilizing one or more classification layers of the deep learning network. The method further includes modifying access by a given client device to the given software script responsive to classifying the given software script as a given software script type.

Abstract: A method includes scanning a subset of a plurality of processing nodes in a network for vulnerabilities, selecting a first one of the processing nodes not in the subset, and determining a similarity measure between the first processing node and at least a second one of the processing nodes in the subset identified as having a given vulnerability. Determining the similarity measure comprises determining a first similarity between vulnerabilities previously detected on the first and second processing nodes and determining a second similarity between attributes of the first and second processing nodes, the similarity measure being based at least in part on the first and second similarities. The method also includes identifying that the first processing node has the given vulnerability based at least in part on the similarity measure, and modifying access to the first processing node responsive to identifying that the first processing node has the given vulnerability.

Abstract: A method includes generating an index representation of characters of code of a given file and mapping the index representation to a vector space providing contextual representation of the characters utilizing an embedding layer of a recurrent neural network (RNN). The method also includes identifying one or more code features in the mapped index representation utilizing at least one hidden layer of the RNN, detecting sequences of the identified code features in the mapped index representation utilizing a plurality of memory units of a recurrent layer of the RNN, and generating a classification result for the given file based on the detected sequences of code features utilizing one or more classification layers of the RNN. The method further comprises utilizing the classification result to determine if the given file contains code of a designated code type, and modifying access by a given client device to the given file responsive to the determination.

Abstract: A method includes preparing a representation of data associated with a plurality of software modules, the representation comprising similarity-based hashing of signatures constructed from a first subset of features of the plurality of software modules. The method also includes performing a similarity-based query utilizing the similarity-based hashing of signatures to identify one or more of the plurality of software modules as candidate software modules matching a received seed software module. The method further includes computing distances between the candidate software modules and the seed software module utilizing a second subset of features of the plurality of software modules, classifying one or more of the candidate software modules as a designated type based on the computed distances, generating a notification comprising a list of the classified candidate software modules, and controlling access by one or more client devices associated with an enterprise to the candidate software modules in the list.

Abstract: Techniques of operating intrusion detection systems provide a recommendation of an intrusion detection rule to an administrator of an intrusion detection system based on the experience of another administrator that has used the rule in another intrusion detection system. For example, suppose that electronic circuitry receives a numerical rating from a first intrusion detection system that indicates whether an intrusion detection rule was effective in identifying malicious activity when used in the first intrusion detection system. Based on the received rating and attributes of the first intrusion detection system, the electronic circuitry generates a predicted numerical rating that indicates whether the intrusion detection rule is likely to be effective in identifying malicious communications when used in a second intrusion detection system.

Abstract: There is disclosed a technique for use in authentication. In one embodiment, the technique comprises receiving behavioral information associated with a user. The technique also comprises performing an analysis based on the behavioral information. The technique further comprises determining whether to authenticate the user based on the analysis.

Abstract: Technology for establishing trustworthiness of devices in the Internet of Things (IoT), and for controlling communications between devices based on the trustworthiness scores of individual devices. A hub computer collects behavioral characteristics from multiple devices, and calculates trustworthiness scores for individual devices by comparing recently collected behavioral characteristics to expected behavioral characteristics. The expected behavioral characteristics may include i) historically collected behavioral characteristics for the device, and/or ii) expected behavioral characteristics for devices in a device group to which the device belongs. The trustworthiness scores are obtained from the hub by individual devices to control communication with other devices. A composite trustworthiness score for a device may also be calculated at the hub computer based on the trustworthiness scores of other devices with which the device has previously communicated.

Abstract: Techniques of performing authentication involve comparing current user authentication factors with previous authentication factors selected from multiple users during a single authentication session. Along these lines, suppose that an authentication server receives current browser characteristics from a user computer during a current authentication session. Based on the current browser characteristics, the authentication server selects previous browser characteristics received from devices used by multiple users during previous authentication sessions. For example, the authentication server may select previous browser characteristics based on the whether any of the results of a modified, locally sensitive hashing (LSH) of the previous browser characteristics match any of the results of a modified LSH of the current browser characteristics.

Abstract: Disclosed herein are techniques for use in user authentication. In one embodiment, the technique comprises collecting information in connection with a plurality of authentication methods. The technique also comprises determining a score for each authentication method based on the collected information. The technique further comprises selecting an authentication method from the plurality of authentication methods based on the determined score.

Abstract: A computer-implemented technique provides rules for use in a malicious activity detection system. The technique involves performing evaluation operations on a plurality of malicious activity detection rules. The technique further involves ranking the plurality of malicious activity detection rules in an order based on results of the evaluation operations (e.g., sorting the rules systematically in an order based on measures such as precision, recall, correlation to other rules already in use, etc.). The technique further involves, based on the order of the plurality of malicious activity detection rules, providing a malicious activity detection rule report which recommends a set of malicious activity detection rules of the plurality of malicious activity detection rules for use in the malicious activity detection system.