Abstract: A system, method, and computer-readable medium are disclosed for providing auditability of a distributed ledger technology (DLT) of de-identified data of entities, stored in the DLT. In certain embodiments, data related to an entity is de-identified. The de-identified data is stored in the DLT. Access to the de-identified data is determined. Instances of access to the de-identified data is recorded to the DLT. In certain embodiments, information used to re-identify the de-identified data is store on the DLT. Access to the information can also be determined and recorded to the DLT.

Abstract: A system, method, and computer-readable medium for performing a security operation.

Abstract: A method, system, and computer-readable medium are disclosed for: receiving traffic from a client device, wherein the client device is physically located in a particular region, wherein the traffic is internet protocol (IP) traffic, and wherein the traffic has a destination associated therewith; augmenting the traffic with metadata, wherein the metadata is indicative of the particular region; and transmitting the augmented traffic to an egress gateway, wherein the egress gateway is configured to perform source network address translation (NAT) on the traffic by setting a source address associated with the traffic to an IP address that is associated with the particular region.

Abstract: A method, system and computer-usable medium are disclosed for operating an endpoint agent at an endpoint device. Certain embodiments include a computer-implemented method for operating an endpoint agent at an endpoint device, including: operating the endpoint agent to selectively subscribe to events corresponding to activities occurring at an endpoint platform; processing events received from a message bus by the endpoint agent, where the events processed by the endpoint agent are events to which the endpoint agent has subscribed; and communicating, to a service, information corresponding to the events processed by the endpoint agent. Other embodiments of this aspect of the invention may include corresponding stand-alone and/or network computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform one or more of these actions.

Abstract: A system, method, and computer-readable medium are disclosed for detecting malicious entity behavior and providing accurate indicator of behaviors indicating occurrence of malicious behavior. Data input as to the entity behavior is received and monitored from different sources. The entity behavior is monitored over time at time periods. Detection probability is determined at each time period, where the detection probability relates to malicious behavior and increases over time. A trigger indicator of behavior is provided if the detection probability reaches a threshold value.

Abstract: A system for processing data that includes a first processor configured to operate one or more algorithms to provide a proxy for each of a plurality of external network communications segments and internal network communications segments associated with a specific use, the first processor configured to operate one or more algorithms to provide a firewall agent that performs firewall processing for each of the plurality of external network communications segments and the internal network communications segments and wherein the explicit proxy is installed using a proxy auto configuration file that is associated with the firewall agent.

Abstract: A system, method, and computer-readable medium are disclosed for performing an entity behavior cataloging operation. The entity behavior cataloging operation includes: identifying a security related activity, the security related activity being based upon an observable from an electronic data source; analyzing the security related activity, the analyzing identifying an event of analytic utility associated with the security related activity; generating entity behavior catalog data based upon the event of analytic utility associated with the security related activity; and, storing the entity behavior catalog data within an entity behavior catalog, the entity behavior catalog providing an inventory of entity behaviors for use when performing a security operation.

Abstract: A system, method, and computer-readable medium are disclosed for performing a human factors risk operation. The human factors risk operation includes: monitoring an entity, the monitoring observing an electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity, the security related activity being based upon the observable from the electronic data source; analyzing the security related activity, the analyzing the security related activity using a human factors framework; and, performing a human factors risk operation in response to the analyzing the security related activity.

Abstract: A system, method, and computer-readable medium are disclosed for performing an entity behavior cataloging operation. The entity behavior cataloging operation includes: identifying a security related activity, the security related activity being based upon an observable from an electronic data source; analyzing the security related activity, the analyzing identifying an event of analytic utility associated with the security related activity; generating entity behavior catalog data based upon the event of analytic utility associated with the security related activity; and, storing the entity behavior catalog data within an entity behavior catalog, the entity behavior catalog providing an inventory of entity behaviors for use when performing a security operation.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation.

Abstract: An email phishing detection mechanism is provided that utilizes machine learning algorithms. The machine learning algorithms are trained on phishing and non-phishing features extracted from a variety of data sets. Embodiments extract embedded URL-based and email body text-based feature sets for training and testing the machine learning algorithms. Embodiments determine the presence of a phishing message through a combination of examining an embedded URL and the body text of the message for the learned feature sets.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; identifying a security related activity of the entity, the security related activity being of analytic utility; accessing an entity behavior catalog based upon the security related activity, the entity behavior catalog providing an inventory of entity behaviors; and performing a security operation via a distributed security analytics environment, the security operation using entity behavior catalog data stored within the entity behavior catalog based upon the security related activity.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; associating a human factor with the entity; identifying an event of analytic utility, the event of analytic utility being derived from the observable from the electronic data source; analyzing the event of analytic utility, the analyzing the event of analytic utility taking into account the human factor associated with the entity enacting the event of analytic utility; generating a risk score in response to the analyzing, the risk score taking into account the human factor associated with the entity; and, performing the security operation when the risk score meets a security risk parameter.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation.

Abstract: A system, method, and computer-readable medium are disclosed for implementing a cybersecurity system having security policy visualization. At least one embodiment is directed to a computer-implemented method for implementing security policies in a secured network, including: retrieving a set of rules of a security policy; analyzing the set of rules of the security policy using one or more Satisfiability Modulo Theory (SMT) operations to reduce a dimensionality of the security policy; and generating a visual presentation on a user interface using results of the SMT operations, where the visual presentation includes visual indicia representing one or more targeted policy dimensions with respect to one or more fixed policy dimensions. In at least one embodiment, two or more security policies are presented with visual indicia representing differences between the security policies, including representations of one or more targeted policy dimensions with respect to one or more fixed policy dimensions.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity, the security related activity being based upon the observable from the electronic data source; the security related activity comprising a concerning behavior, the security related activity being enacted during an activity session; associating the security related activity enacted during an activity session with a security risk persona; analyzing the security related activity, the analyzing the security related activity using the security risk persona; and, performing a security operation in response to the analyzing the security related activity.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring a plurality of actions of an entity, the plurality of actions of the entity corresponding to a plurality of events enacted by the entity; maintaining information relating to the monitoring within a user edge component; identifying an event of analytic utility; analyzing the event of analytic utility at the user edge component, the analyzing generating a security risk assessment; and, providing the security risk assessment to a network edge component.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security analytics mapping operation.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; identifying a security related activity of the entity, the security related activity being of analytic utility; accessing an entity behavior catalog based upon the security related activity, the entity behavior catalog providing an inventory of entity behaviors; and performing a security operation via a human-centric risk modeling framework, the security operation using entity behavior catalog data stored within the entity behavior catalog based upon the security related activity.