Abstract: One disclosed method involves a computing system determining a keyword of interest for an online meeting being presented via a user interface, determining that content of the online meeting corresponds to the keyword of interest, and causing, in response to the content of the online meeting corresponding to the keyword of interest, the user interface to output an indication that the content of the online meeting being presented is potentially of interest. Another disclosed method involves a computing system determining data indicative of a number of client devices, from a plurality of client devices participating in an online meeting, for which a user interface for the online meeting is presented in an active window, and causing, based at least in part on the data, a first client device, from the plurality of client devices, to output an indication that content of the online meeting being presented is potentially of interest.

Abstract: Embodiments described include systems and methods for adding watermarks using an embedded browser. To provide protection to sensitive information from a network application rendered via an embedded browser of a client application, the client application can generate an overlay with a digital watermark, and apply the overlay over the embedded browser. The client application can selectively generate such overlays, and can customize the format of the digital watermark according to the information rendered on the embedded browser. The watermark can remain with any information that is imaged from the embedded browser, and provides a deterrent against misuse of the information via image capture from a computer screen for instance. By adjusting properties (e.g., contrast) of such an image, the watermark can be made visible and detectable, thus allowing such imaging activities and information to be tracked.

Abstract: Systems and methods of handling sessions between client devices and one or more server based on session classifications are provided. A device identifies a time series of security metrics corresponding to requests received during a session established by a client device to access a resource provided by one or more servers. The device generates security features from the time series of security metrics based on one or more time windows. The device classifies the session as one of anomalous or genuine using the security features generated from the time series of security metrics based on the one or more time windows. The device handles subsequent requests received during the session based on the classification of the session as the one of anomalous or genuine.

Abstract: A system and method that detects malicious account creation in a web-based platform. A method includes detecting suspicious events associated with an account creation process using a username classifier that evaluates a username used to create a new account, an IP address classifier that evaluates an IP address used to create the new account, and a domain classifier that evaluates a domain from an email address used to create the new account; analyzing each detected suspicious event with a density analysis classifier to determine if each detected suspicious event comprises a malicious event based on a density of detected suspicious events from a collections of account creation processes; and determining an alert condition based on at least one malicious event detection.

Abstract: In one disclosed embodiment, a computing system may receive, at a first application programming interface (API) endpoint, a first request for a first operation. The computing system may send, to a second API endpoint, a first API call requesting the first operation. In response to sending the first API call, the computing system may receive a first response to the first API call. The computing system may determine that at least one characteristic of the first request or the first response satisfies a criterion. The computing system may detect a first event based on the first request or the first response satisfying the criterion. The computing system may generate a first indication of the first event.

Abstract: A system and method for dynamically transforming email signatures. A method includes: receiving an email from an email client prior to delivery to an intended recipient, the email including an original signature; analyzing the email to obtain information associated with the intended recipient of the email; predicting a preferred language of the intended recipient based on the information; converting the original signature to a revised signature, wherein the revised signature utilizes the preferred language; and forwarding the email with the revised signature to the intended recipient.

Abstract: Embodiments described include systems and methods of an encrypted cache. An embedded browser of a client application executing on a client device may provide access to a network application accessed via the client application. The embedded browser may detect an event at the client device that causes the network application to send or request application data. The embedded browser may access a copy of the application data from encrypted cache of the embedded browser. The encrypted cache may be maintained for the user and store application data for network application(s) accessed by the user. The embedded browser may use the cached application data for establishing or updating a user interface of the network application for display at the client device.

Abstract: Systems and methods for detecting attacks using a handshake request are provided. A plurality of devices can receive a plurality of handshake requests to establish TLS connections that include a respective application request. At least one of the plurality of handshake requests can include a first application request. The plurality of devices can record each of the respective application requests to a registry of application requests. A first device of the plurality of devices can receive a subsequent handshake request to establish a subsequent TLS connection that includes the first application request. The first device can query, prior to accepting the first application request, the registry for the first application request. The first device can determine whether to accept or reject the first application request responsive to identifying from the query that the first application request has not been or has been recorded in the registry.

Abstract: A system and method for implementing a plugin control mechanism. A disclosed method includes: launching an application; injecting additional functionality into the application; and utilizing the additional functionality to: detect a file processing call; evaluate the file processing call against to a set of rules to determine whether the file processing call involves execution of an extension file; and call an operating system (OS) application control function in response to determining the file processing call involves execution of the extension file, wherein the OS application control function is configured to conditionally prevent execution of the extension file.

Abstract: A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory and configured to provide phishing attack protection based on identity provider verification. The at least one processor is further configured to capture an image of a browser web page to which the user has navigated and identify the domain name associated with the browser web page. The at least one processor is further configured to determine that the captured image matches an image of a known identity provider web page. The at least one processor is further configured to detect a phishing attempt in response to the determination that the images match and that the domain name associated with the browser web page differs from the domain name associated with the identity provider web page.

Abstract: A method, a system, and a computer program product for managing multimedia streams of user devices. A reproduction of one or more multimedia streams on a first computing device is determined. A location of a second computing device being positioned in an area enclosed by one or more boundaries in a plurality of boundaries is detected. Each boundary in the plurality of boundaries is associated with a predetermined type of a multimedia stream in one or more multimedia streams. At least one of a pausing and an unpausing of the reproduction of one or more multimedia streams on the first computing device based on the detected location of the second computing device is executed.

Abstract: Methods and systems for rotating elements displayed by computing devices are described herein. At least one image of a user of a computing device may be captured by a camera of the computing device. An angle of the eyes of the user with respect to the computing device may be determined. Based on that determined angle, at least one element of content displayed by the computing device may be rotated so as to allow for display of that element in an orientation consumable by the user. For example, the element might be rotated at an angle corresponding to the angle of the eyes of the user with respect to the orientation of the computing device.

Abstract: Described embodiments provide deployment of updates to multiple clients. A device may provide, to each client of a first plurality of clients, a software update to be executed at the client. The device can transmit, subsequent to providing the software update, to each of the first plurality of clients, a request to check a status of the client. The device can receive from at least one of the first plurality of clients, a response to the request indicative of operational health of the client subsequent to providing the software update to the client. The device determines an operational health statistic of the first plurality of clients subsequent to providing the software update to the first plurality of clients and provides, to each client of a second plurality of clients, the software update to be executed at each client responsive to determining that the operational health statistic satisfies a predetermined threshold.

Abstract: Described embodiments provide systems and methods for morphing or regenerating validation information. A client can receive, via a device, an authentication cookie for access to a server. The device may maintain a sequence number and a cryptographic secret. The client may use the cryptographic secret and a cookie engine to generate validation cookie information with an updated sequence number. The client may send the authentication cookie to the device via a hypertext transfer protocol (HTTP) message to validate the authentication cookie. The client may send the validation cookie information with the updated sequence number to the device via a HTTP message to validate the authentication cookie.

Abstract: Methods and systems for providing secure file sharing are described herein. A computing device may receive data from a resource provider in response to a request received by the resource provider. The data may include information about a user of a client device that made the request for a file and information about the file, and the request may be for access to the file and made by the user with an owner of the requested file being unknown to the user. The computing device may parse the received data to identify a subset of data. The subset of data may be configured to enable the owner to determine whether to permit the user to access to the file. Further, the computing device may provide a notification, which includes at least some of the subset of data, to an endpoint device of the owner.

Abstract: Described embodiments provide systems and methods for performing actions based on data of devices. A controller executing on at least one server may receive a first dataset from a first agent of a first device intermediary between a first plurality of client devices and a first plurality of servers. The first dataset may comprise a subset of data tracked at the first device and available to the first agent. The controller may receive a second dataset from a second agent of a second device intermediary between a second plurality of client devices and a second plurality of servers. The second dataset may comprise a subset of data tracked at the second device and available to the second agent. According to the first dataset and the second dataset, the controller may send an instruction to at least one of the first device, the second device or a third device.

Abstract: Systems and methods for selecting tunnels for transmitting application traffic by an SD-WAN application include a software-defined wide area network (SD-WAN) application executing on a client device establishing a connection between the SD-WAN application and one or more applications. The SD-WAN application maintains a plurality of tunnels between the SD-WAN application and respective tunnel destinations. The SD-WAN application receives application traffic from an application of the one or more applications. The SD-WAN application selects, based on the application traffic, a respective tunnel of the plurality of tunnels via which to transmit the application traffic of the application. The SD-WAN application transmits the application traffic via the selected tunnel.

Abstract: A method for video frame analysis includes determining a first dissimilarity metric and a second dissimilarity metric. The first dissimilarity metric may correspond to a first difference between a first foreground of a first key frame in a video and a second foreground of a second key frame following the first key frame in the video. The second dissimilarity metric may correspond to a second difference between the second foreground of the second key frame and a third foreground of a third key frame following the second key frame in the video. A playback of the video may be generated based on the first dissimilarity metric and the second dissimilarity metric. Related systems and computer program products are also provided.

Abstract: Aspects of the disclosure relate to various systems and techniques that provide methods and systems for identifying log event for computing systems. For example, a computing device may receive a log event of an application, and determine a value representative of an inverse relationship between a frequency of the log event and a criticality of the log event. The computing device may initiate an action to address the event indicated by the log event based on a comparison between the determined value and a threshold.

Abstract: A method may include receiving, by a computing system and from a first device, first data. The first data may be based at least in part on a first output from a first instance of a model processed by the first device. The method may further include receiving, by the computing system and from the first device, second data that was processed by the first instance of the model to produce the first output. The method may also include processing, by the computing system, the second data with at least a portion of a second instance of the model to produce a second output. The method may additionally include determining, by the computing system, third data based at least in part on the second output. Further, the method may include determining, by the computing system, that the third data is consistent with the first data.