Abstract: A method includes monitoring user behavior in an enterprise system, identifying a given user of the enterprise system associated with a given portion of the monitored user behavior, determining a predicted impact of compromise of the given user on the enterprise system, generating a risk score for the given user based on the predicted impact of compromise and the given portion of the monitored user behavior, and identifying one or more remedial actions to reduce the risk score for the given user. The method also includes implementing, prior to detecting compromise of the given user, at least one of the remedial actions to modify a configuration of at least one asset in the enterprise system, the at least one asset comprising at least one of a physical computing resource and a virtual computing resource in the enterprise system.

Abstract: Techniques are provided for multiset encoding and evaluation. One method comprises encoding a multi set comprised of entities as a product of a prime number assigned to each entity in the multiset to obtain an integer representation of the multiset; adding a first entity to the multiset by multiplying the integer representation of the multiset by the prime number assigned to the first entity; removing a second entity from the multiset by dividing the integer representation of the multiset by the prime number assigned to the second entity; and identifying the entities in the multi set by decomposing the integer representation into a product of the prime numbers assigned to each of the entities in the multiset. The entities in the multiset can be, for example, devices that a given user was connected to at the given time; and/or the users connected to a given device at the given time.

Abstract: A method includes monitoring an enterprise system to identify cryptographic techniques utilized by one or more components of the enterprise system, the one or more components comprising at least one of physical and virtual computing resources. The method also includes generating one or more profiles characterizing usage of at least a given one of the identified cryptographic techniques by at least a given one of the one or more components of the enterprise system and determining an effect of cryptographic obsolescence of the given identified cryptographic technique on the enterprise system utilizing the generated one or more profiles. The method further includes identifying one or more remedial actions for mitigating the effect of cryptographic obsolescence of the given identified cryptographic technique on the enterprise system and initiating one or more of the identified remedial actions to modify a configuration of one or more components of the enterprise system.

Abstract: An apparatus includes at least one linear feedback shift register and at least one processing device comprising a processor coupled to a memory. The at least one processing device is configured to obtain a given value from the at least one linear feedback shift register, the given value comprising a set of bits representing a current state of the linear feedback shift register. The at least one processing device is also configured to generate authentication information by applying the given value obtained from the at least one linear feedback shift register as input to a pseudorandom function, and to provide the generated authentication information to a validating application.

Abstract: Techniques are provided for communication-efficient device delegation. One method comprises, in response to a request for a new signing key of a given device, determining a number of new signing key requests received for the user of the given device; determining a new public verification key of the given device for an identity-based signature scheme by traversing a cryptographic hash chain backwards from a position of an initial selected value of the cryptographic hash chain; computing a new signing key based on public parameters and secret parameters of a backup component and the initial selected value; and providing the new public verification key and the new signing key to the given device. The given device authenticates to an authentication service using an identity-based signature computed using the new signing key. The request for the new signing key is submitted, for example, when the given device is lost, damaged, unavailable or stolen.

Abstract: Techniques are provided for user authentication using a location assurance based on a location indicator modified by a shared secret. One method comprises obtaining a shared secret; initiating a challenge in connection with an authentication request by a client from a given location to access a protected resource, wherein the challenge comprises a location indicator selected for the given location; processing a response submitted by the client in response to the challenge, wherein the response comprises the location indicator for the given location modified by the client with the shared secret, and wherein the processing comprises evaluating the response submitted by the client relative to the location indicator selected by the authentication server; and resolving the authentication request based on the evaluating. The client modification of the selected location indicator with the shared secret comprises, for example, decrypting, filtering and/or altering the location indicator based on the shared secret.

Abstract: A method includes obtaining messages associated with assets in an enterprise system, splitting each of the messages into a set of tokens, determining a count of a number of occurrences of each of the tokens, and assigning weights to the tokens based at least in part on the counts of the number of occurrences of the tokens. The method also includes determining a score for each of the messages based at least in part on a combined sum of the weights for the set of tokens of that message, generating a summary of the messages by selecting a subset of the messages for based at least in part on the scores. The method further includes identifying remedial actions to be applied to assets in the enterprise system based at least in part on the summary of the messages, and implementing at least one of the identified remedial actions.

Abstract: Techniques are provided for adaptive usage of storage resources using data source models and data source representations generated using the data source models. One method comprises sampling data from a data source; fitting a data model to the sampled data to obtain a representation of the sampled data from the data source; obtaining a classification of data from the data source into one of multiple predefined retention models; and adapting a usage of one or more storage resources that store the data from the data source based at least in part on the representation and the classification. The data model may comprise, for example, a parametric model, a non-parametric model, a descriptive statistics model, a time series model, decision trees and an ensemble of decision trees. The adaptive storage resource usage may comprise, for example: (i) varying a data retention model based on data age; (ii) evicting cache data based on the representation; (iii) storage tier movements; and (iv) data retention timing.

Abstract: Techniques are provided for multiset encoding and evaluation. One method comprises encoding a multi set comprised of entities as a product of a prime number assigned to each entity in the multiset to obtain an integer representation of the multiset; adding a first entity to the multiset by multiplying the integer representation of the multiset by the prime number assigned to the first entity; removing a second entity from the multiset by dividing the integer representation of the multiset by the prime number assigned to the second entity; and identifying the entities in the multi set by decomposing the integer representation into a product of the prime numbers assigned to each of the entities in the multiset. The entities in the multiset can be, for example, devices that a given user was connected to at the given time; and/or the users connected to a given device at the given time.

Abstract: A method includes obtaining information regarding authentication events for users accessing assets of an enterprise system. The method also includes determining a likelihood of a given asset of the enterprise system becoming compromised responsive to compromise of a given user of the enterprise system. The method further includes determining an importance of the given asset based at least in part on a criticality value associated with the given asset, and generating a risk score for the given asset based at least in part on the determined likelihood of the given asset becoming compromised responsive to compromise of the given user and the determined importance of the given asset. The method further includes identifying remedial actions to reduce the risk score for the given asset and implementing, prior to detecting compromise of the given user, at least one of the remedial actions to modify a configuration of the given asset.

Abstract: A method includes obtaining usage metrics for assets of an enterprise system and extracting sets of features from the obtained usage metrics, the sets of features characterizing relative importance of each of the assets for each of two or more designated time windows. The method also includes determining, utilizing the extracted features, an importance of each of the assets. The method further includes establishing a baseline behavior of the assets based on the extracted features, monitoring behavior of the assets during at least one additional time window, and modifying a configuration of a given asset responsive to detecting that the monitored behavior of the given asset during the at least one additional time window exhibits a threshold difference from the established baseline behavior of the given asset, wherein the modification is based at least in part on the importance of the given asset relative to one or more other assets.

Abstract: A method includes initializing an addressable array indexing data structure comprising addresses for respective strings having a first length, the addressable array indexing data structure comprising two or more levels of character arrays with each level being associated with a corresponding character position in the strings having the first length. The method also includes extracting variable length strings from one or more records in a data set, and populating entries in the addressable array indexing data structure for extracted strings having the first length with addresses for indexes corresponding to those strings, wherein addresses for strings having the first length are generated by selecting a character value from a character array at each of the levels in the addressable array indexing data structure. The method further includes receiving, from client devices, queries to the records in the data set, and processing the queries utilizing the addressable array indexing data structure.

Abstract: A method includes obtaining messages associated with assets in an enterprise system, splitting each of the messages into a set of tokens, determining a count of a number of occurrences of each of the tokens, and assigning weights to the tokens based at least in part on the counts of the number of occurrences of the tokens. The method also includes determining a score for each of the messages based at least in part on a combined sum of the weights for the set of tokens of that message, generating a summary of the messages by selecting a subset of the messages for based at least in part on the scores. The method further includes identifying remedial actions to be applied to assets in the enterprise system based at least in part on the summary of the messages, and implementing at least one of the identified remedial actions.

Abstract: A method includes obtaining information regarding authentication events for users accessing assets of an enterprise system. The method also includes determining a likelihood of a given asset of the enterprise system becoming compromised responsive to compromise of a given user of the enterprise system. The method further includes determining an importance of the given asset based at least in part on a criticality value associated with the given asset, and generating a risk score for the given asset based at least in part on the determined likelihood of the given asset becoming compromised responsive to compromise of the given user and the determined importance of the given asset. The method further includes identifying remedial actions to reduce the risk score for the given asset and implementing, prior to detecting compromise of the given user, at least one of the remedial actions to modify a configuration of the given asset.

Abstract: A method includes monitoring an enterprise system to identify cryptographic techniques utilized by one or more components of the enterprise system, the one or more components comprising at least one of physical and virtual computing resources. The method also includes generating one or more profiles characterizing usage of at least a given one of the identified cryptographic techniques by at least a given one of the one or more components of the enterprise system and determining an effect of cryptographic obsolescence of the given identified cryptographic technique on the enterprise system utilizing the generated one or more profiles. The method further includes identifying one or more remedial actions for mitigating the effect of cryptographic obsolescence of the given identified cryptographic technique on the enterprise system and initiating one or more of the identified remedial actions to modify a configuration of one or more components of the enterprise system.

Abstract: Techniques are provided for user authentication using a location assurance based on a location indicator modified by a shared secret. One method comprises obtaining a shared secret; initiating a challenge in connection with an authentication request by a client from a given location to access a protected resource, wherein the challenge comprises a location indicator selected for the given location; processing a response submitted by the client in response to the challenge, wherein the response comprises the location indicator for the given location modified by the client with the shared secret, and wherein the processing comprises evaluating the response submitted by the client relative to the location indicator selected by the authentication server; and resolving the authentication request based on the evaluating. The client modification of the selected location indicator with the shared secret comprises, for example, decrypting, filtering and/or altering the location indicator based on the shared secret.

Abstract: Techniques are provided for communication-efficient device delegation. One method comprises, in response to a request for a new signing key of a given device, determining a number of new signing key requests received for the user of the given device; determining a new public verification key of the given device for an identity-based signature scheme by traversing a cryptographic hash chain backwards from a position of an initial selected value of the cryptographic hash chain; computing a new signing key based on public parameters and secret parameters of a backup component and the initial selected value; and providing the new public verification key and the new signing key to the given device. The given device authenticates to an authentication service using an identity-based signature computed using the new signing key. The request for the new signing key is submitted, for example, when the given device is lost, damaged, unavailable or stolen.

Abstract: A method includes monitoring user behavior in an enterprise system, identifying a given user of the enterprise system associated with a given portion of the monitored user behavior, determining a predicted impact of compromise of the given user on the enterprise system, generating a risk score for the given user based on the predicted impact of compromise and the given portion of the monitored user behavior, and identifying one or more remedial actions to reduce the risk score for the given user. The method also includes implementing, prior to detecting compromise of the given user, at least one of the remedial actions to modify a configuration of at least one asset in the enterprise system, the at least one asset comprising at least one of a physical computing resource and a virtual computing resource in the enterprise system.

Abstract: An apparatus includes at least one linear feedback shift register and at least one processing device comprising a processor coupled to a memory. The at least one processing device is configured to obtain a given value from the at least one linear feedback shift register, the given value comprising a set of bits representing a current state of the linear feedback shift register. The at least one processing device is also configured to generate authentication information by applying the given value obtained from the at least one linear feedback shift register as input to a pseudorandom function, and to provide the generated authentication information to a validating application.

Abstract: A method includes obtaining usage metrics for assets of an enterprise system and extracting sets of features from the obtained usage metrics, the sets of features characterizing relative importance of each of the assets for each of two or more designated time windows. The method also includes determining, utilizing the extracted features, an importance of each of the assets. The method further includes establishing a baseline behavior of the assets based on the extracted features, monitoring behavior of the assets during at least one additional time window, and modifying a configuration of a given asset responsive to detecting that the monitored behavior of the given asset during the at least one additional time window exhibits a threshold difference from the established baseline behavior of the given asset, wherein the modification is based at least in part on the importance of the given asset relative to one or more other assets.