Abstract: A method for accessing a network resource including detecting an attempt by a user via a computing device to access a service enabled by a computing system via a network and transmitting via the network to the computing system a first request to access the service in response to detecting the attempt by the user to access the service, the first request including at least one empty personally identifiable data structure. A failure to access the service responsive to the first request is determined. A second request to access the service in response to the first failure to access the service is transmitted via the network to the computing system, the second request including artificial personally identifiable information, and access to the service from the computing system is received for the user.

Abstract: A method for accessing a network resource including detecting an attempt by a user via a computing device to access a service enabled by a computing system via a network and transmitting via the network to the computing system a first request to access the service in response to detecting the attempt by the user to access the service, the first request including at least one empty personally identifiable data structure. A failure to access the service responsive to the first request is determined. A second request to access the service in response to the first failure to access the service is transmitted via the network to the computing system, the second request including artificial personally identifiable information, and access to the service from the computing system is received for the user.

Abstract: Malicious redirects in a redirect chain as a result of loading a web address are detected and blocked. A suspicion score is determined for a subject redirection domain based at least in part on the subject redirection domain's web address, and a rate of occurrence of the subject redirection domain in redirect chains leading to a malicious landing domain is calculated. Loading the subject redirection domain is blocked if the suspicion score exceeds a suspicion threshold or the rate of occurrence of the subject redirection domain exceeds a rate of occurrence threshold.

Abstract: A system, computer-readable storage medium, and method for secure network communication. A first device employs a first secret to establish a stream between the first and a second device. A third key, first ciphertext based on a first key, and hash of the first key are received from the second device by the first. A second key is applied to recover a second secret from the first ciphertext. The third key is encrypted to generate a second ciphertext including a third secret. Fourth and fifth keys are derived based on the first, second, and third secrets. A message authentication code is generated based on the fourth and third keys, first ciphertext, hash of the first key, and second ciphertext. The second ciphertext and message authentication code are transmitted by the first to the second device, and the fifth key is employed by the first device to modify the stream.

Abstract: A data sharing control method. The method includes detecting a plurality of images on one or more devices operated by a first user, the one or more devices comprising a particular device. A plurality of tags are determined for the plurality of images, and a plurality of settings are received based on the plurality of tags from a second user. A particular image is detected on the particular device. One or more particular tags of the particular image on the particular device are determined, and a sharing action of the particular image by the particular device is blocked based on the plurality of settings and the one or more particular tags.

Abstract: A synthetic biometric signature is generated for a user for each of a plurality of third parties, and the synthetic biometric signatures are used to interact with the respective third parties such that each of the third parties sees a different synthetic biometric signature for the user. The synthetic biometric signatures comprise a user's actual biometric data altered by a change vector, an artificial biometric signature, and/or artificial biometric characteristics, or by other artificial components. The synthetic biometric signature can be changed if the synthetic biometric signature is compromised, or the user wishes to reset their user relationship with a particular third-party.

Abstract: A network is secured by managing domain name requests such that client devices are restricted from visiting malicious or undesirable domains. An endpoint Domain Name Server (DNS) agent is installed on client devices on a local network, and the endpoint DNS agents intercept DNS requests from the client devices and process the received DNS request in the endpoint DNS agent based on a security policy set for the client device via the endpoint DNS agent. In a further example, the endpoint DNS agent receives an HTTP message from a client browser including a Server Name Identifier tag, and generates a signed certificate spoofing the domain identified in the Server Name Identifier tag to insert itself as a man-in-the-middle between the identified domain and the client browser.

Abstract: Latency in a cloud security service provided via a network security device is reduced by receiving in the network security device a new network connection request for a connection between a local network device and a remote server. If a locally cached rule is applicable to the new network connection request, the applicable locally cached rule is applied to selectively allow the new network connection based on the rule. If no locally cached rule is applicable to the new network connection request, the new network connection request is forwarded to the remote server and to a cloud security service, and a response from the remote server is selectively forwarded to the local network device only upon receiving a determination by the cloud security device as to whether the new network connection is a security risk.

Abstract: A system, computer-readable storage medium, and method for secure network communication. A first device employs a first secret to establish a stream between the first and a second device. A third key, first ciphertext based on a first key, and hash of the first key are received from the second device by the first. A second key is applied to recover a second secret from the first ciphertext. The third key is encrypted to generate a second ciphertext including a third secret. Fourth and fifth keys are derived based on the first, second, and third secrets. A message authentication code is generated based on the fourth and third keys, first ciphertext, hash of the first key, and second ciphertext. The second ciphertext and message authentication code are transmitted by the first to the second device, and the fifth key is employed by the first device to modify the stream.

Abstract: A method for accessing a network resource including detecting an attempt by a user via a computing device to access a service enabled by a computing system via a network and transmitting via the network to the computing system a first request to access the service in response to detecting the attempt by the user to access the service, the first request including at least one empty personally identifiable data structure. A failure to access the service responsive to the first request is determined. A second request to access the service in response to the first failure to access the service is transmitted via the network to the computing system, the second request including artificial personally identifiable information, and access to the service from the computing system is received for the user.

Abstract: A method of filtering a URL against a blacklist includes receiving at least a portion of a Uniform Resource Locator (URL), and determining which of a plurality of XOR filters is applicable to the received at least a portion of a URL, where each of the plurality of XOR filters represents a different portion of a URL blacklist. At least a portion of a URL is forwarded to the applicable one of the plurality of XOR filters, and the at least a portion of the URL is processed in the applicable one of the plurality of XOR filters to produce an output indicating whether the URL is likely on the blacklist.

Abstract: A data managing method. Metadata including a sharing policy is applied to a data file on a computing device. A sharing of the data file from the computing device via a network to a platform hosted by a computing system is detected. It is determined whether the platform is in compliance with the sharing policy, and it is reported whether the platform is in compliance with the sharing policy.

Abstract: A data processing method in the form of a data compression method is provided in which a plurality of integers are accessed. Each of the plurality of integers is split to generate a first plurality of numbers respectively paired with a second plurality of numbers. A first tuple is generated based on the first plurality of numbers. A second tuple is generated based on the second plurality of numbers and the first plurality of numbers. The first tuple and the second tuple are stored. A system and computer readable medium enabling the data processing method are further provided.

Abstract: A method for enabling secure communication. The method includes providing a first virtual network function (“VNF”) at a first network location and providing a second VNF at a second network location. A first Layer 3 virtual private network (“L3 VPN”) tunnel is constructed by the first VNF and the second VNF between the first network location and the second network location, and a first local area network (“LAN”) at the first network location and a second LAN at the second network location are connected by the first L3 VPN tunnel. Further provided is a method for establishing a secure communication environment.

Abstract: A network is secured by managing domain name requests such that client devices are restricted from visiting malicious or undesirable domains. An endpoint Domain Name Server (DNS) agent is installed on client devices on a local network, and the endpoint DNS agents intercept DNS requests from the client devices and process the received DNS request in the endpoint DNS agent based on a security policy set for the client device via the endpoint DNS agent. In a further example processing the received DNS request comprises identifying the client device, end user, and the DNS request to a cloud-based DNS server, and processing a response received from the cloud-based DNS server received in response to the DNS request. The endpoint DNS agent is further operable to distinguish between DNS requests for local domains and remote domains, and to redirect DNS requests for local domains to a local network DNS server.

Abstract: A system persistently presents consistent properties of devices on a local network based on observed values for the network devices, and values derived from the observed values. The observed values may be received from an agent based on scans of the local network. Even though some scans may be faulty resulting in missing or incorrect data, a user can be consistently presented with properties of the device, even when the missing or incorrect data would otherwise cause a change to the property. For instance, the system may replace a data value that is either missing or determined to be incorrect with a value that is determined, based on historical or lab observations, to be the likely correct value based on the assumed state or likely state of the observed device.

Abstract: A data sharing control method. The method includes detecting a plurality of images on one or more devices operated by a first user, the one or more devices comprising a particular device. A plurality of tags are determined for the plurality of images, and a plurality of settings are received based on the plurality of tags from a second user. A particular image is detected on the particular device. One or more particular tags of the particular image on the particular device are determined, and a sharing action of the particular image by the particular device is blocked based on the plurality of settings and the one or more particular tags.

Abstract: A method includes accessing a first intelligence feed including a plurality of cybersecurity incidents. A second intelligence feed is generated including a plurality of technical indicators defined on one or more virtual private network internet point of presence (“VPN internet PoP”) that connects a plurality of VPN tunnels to an internet. The first and second intelligence feeds are compared, a particular incident is determined, and a time frame of the particular incident is determined. Use of a particular VPN internet PoP by a plurality of sources including a plurality of clients is monitored to determine a plurality of time-based behaviors. The plurality of time-based behaviors are compared to the particular incident and to the time frame to determine a match. A particular source is blocked at the particular VPN internet PoP based on the determination of the match.

Abstract: A method and system for updating and applying a ruleset used for determining and mitigating malware threats. Communications of computing devices are monitored and first data file extracted. A first and second set of features are extracted. A first rule is applied to the first set of features of the first data file to determine a non-match. A second rule is applied to the second set of features to determine a match. A third rule is generated based on the first set of features, non-match, and match. Communications of a particular computing device are monitored and second data file extracted. A first set of features of the second data file are extracted. The third rule is applied to the first set of features of the second data file to determine a match. The second data file is disabled, blocked, or deleted based the match determination by the third rule.

Abstract: A malware classification system includes a first machine-learning model trained based on malware from a first plurality of prior time periods to predict malware in a first subsequent time period subsequent to the first plurality of prior time periods, and a second machine-learning model is trained based on malware from a second plurality of prior time periods offset by at least some time from the plurality of time periods used to train the first machine-learning model to predict malware in a second subsequent time period subsequent to the second plurality of prior time periods. The trained first and second machine-learning models are used to predict malware in a future time period, and a classifier is trained using the malware from a plurality of the prior time periods and predicted malware from a future time period to train the classifier to identify and/or classify malware.