Abstract: A method, system and computer-usable medium for performing security analytics comprising receiving a stream of data from a data source; preprocessing the stream of data identify entity information and event information from the stream of data; transforming the entity information into transformed entity data and the event information into transformed event data; the transforming conforming to a genericized data model; storing the transformed entity data and the transformed event data in a security analytics data repository; and, performing a security analytics operation on the transformed entity data and the transformed event data.

Abstract: A system, method, and computer-readable medium are disclosed for generating an adaptive trust profile via an adaptive trust profile operation. In various embodiments the adaptive trust profile operation includes: monitoring a plurality of electronically-observable actions of an entity, the plurality of electronically-observable actions of the entity corresponding to a respective plurality of events enacted by the entity; converting the plurality of electronically-observable actions of the entity to electronic information representing the plurality of actions of the entity; and generating the adaptive trust profile based upon the plurality of actions of the entity, the adaptive trust profile being generated by an adaptive trust profile system.

Abstract: A method, system, and computer-usable medium are disclosed for receiving a video stream of image frames, determining changes in one or more portions of the video stream, and presenting: (i) the video stream to a video display device, including an overlay indicating the one or more portions of the video stream wherein the changes occur; and/or (ii) a temporal change indicator to the video display device, indicating temporal portions of the video stream in which changes occur within the video stream.

Abstract: A method, system, and computer-usable medium are disclosed for, responsive to establishment of a connection between a first endpoint device and a second endpoint device: maintaining, by a security device interfaced between the first endpoint device and the second endpoint device for inspecting traffic transmitted over the connection, a first communication state to be identical to a communication state of the first endpoint device; and maintaining, by the security device, a second communication state to be identical to a communication state of the second endpoint device; and responsive to transmission of traffic from the first endpoint and intended for the second endpoint: inspecting individual objects of the traffic; modifying stream identifiers of the individual objects prior to retransmission of the traffic to the second endpoint to maintain ordering of stream identifiers as seen by the second endpoint; and maintaining a mapping of the modified stream identifiers such that the mapping is used by the securit

Abstract: A relational event history is determined based on a data set, the relational event history including a set of relational events that occurred in time among a set of actors. Data is populated in a probability model based on the relational event history, where the probability model is formulated as a series of conditional probabilities that correspond to a set of sequential decisions by an actor for each relational event, where the probability model includes one or more statistical parameters and corresponding statistics. A baseline communications behavior for the relational event history is determined based on the populated probability model, and departures within the relational event history from the baseline communications behavior are determined.

Abstract: A method, system and computer-usable medium for performing security analytics comprising receiving a stream of data from a data source; preprocessing the stream of data identify entity information and event information from the stream of data; transforming the entity information into transformed entity data and the event information into transformed event data; the transforming conforming to a genericized data model; storing the transformed entity data and the transformed event data in a security analytics data repository; and, performing a security analytics operation on the transformed entity data and the transformed event data.

Abstract: A system for image classification is disclosed that includes a central system configured to provide high reliability image data processing and recognition and a plurality of endpoint systems, each configured to provide image data processing and recognition with a lower reliability than the central system and to generate probability data. A decision switch disposed at each of the plurality of endpoint systems is configured to receive the probability data and to determine whether to deny access, grant access or generate a referral message to the central system, wherein the referral message includes at least a set of image data generated at the endpoint system.

Abstract: A method, system, and computer-usable medium are disclosed for, responsive to receipt at a security device of a webpage request from a client to a server, obtaining a unique user identifier corresponding to a tab of a web browser issuing the webpage request and associating the unique user identifier with network events associated with the tab and the webpage request.

Abstract: A method, system, and computer-usable medium are disclosed for establishing a reference outbound email volume rate for a user account, monitoring the user account to determine a current outbound email volume rate, determining a risk score based on the current outbound email volume rate and the reference outbound email volume rate, buffering outgoing emails of the user account if the risk score exceeds a threshold risk score, analyzing the buffered emails against one or more factors indicative of a probability of the buffered emails comprising spam, and responsive to analysis of the buffered emails against the one or more factors indicating that the user account is potentially compromised, quarantine the user account and prevent outbound mail from being delivered from the user account.

Abstract: A method, system and computer-usable medium are disclosed for performing a privacy operation, comprising: monitoring user behavior via an Input/output collector, the Input/output collector capturing user/device interactions between a user and a device; determining whether the user/device interactions include sensitive personal information; obfuscating the sensitive personal information, the obfuscating preventing viewing of the sensitive personal information; storing obfuscated sensitive personal information within an obfuscated sensitive personal information repository; and, allowing access to the obfuscated sensitive personal information stored within the obfuscated sensitive personal information repository only when an administrator is authorized to access the obfuscated sensitive personal information so as to provide conditional sensitive personal information access.

Abstract: Systems, method, and non-transitory computer readable storage medium are provided for configuring an information computing machine during execution of a kernel image. The system can create a file system from a base file system image in system memory of the computing system, apply configuration files from a bundle image to the file system in memory, copy files from a persistent file system stored in the storage resource to memory, validate the files from the persistent file system, and apply validated files to the file system in memory. The base file system image and bundle image can be verified by comparing a signed hash of the image with a hash generated by the initial file system and checking the hash signature against a public certificate included in the initial filesystem. The system can further execute /sbin/init and start application services.

Abstract: A system for optimization of data transmission, comprising a content protection extraction system configured to operate on a remote processor and to extract content protection data associated with a data file and to transmit the content protection data to a central processor and a content protection confirmation system configured to operate on the central processor and to receive the content protection data and to verify whether the content protection data is associated with an authenticated data file.

Abstract: A method for routing data packets to a distribution server, comprising generating server load data at the server using a processor. Compiling the server load data into a data update using the processor. Transmitting the data update from the server to one or more routers using a network data transmission system. Modifying a routing algorithm at the one or more routers to utilize the data update using an associated router processor.

Abstract: A method, system, and computer-usable medium are disclosed for, responsive to receipt at an information handling system of a command to transmit an executable file to a second information handling system, scanning the executable file to determine if the executable file includes debug information, and responsive to determining that the executable file includes debug information, taking remedial action with respect to the executable file.

Abstract: A method, system and computer-usable medium for adaptively assessing risk associated with an endpoint, comprising: determining a risk level corresponding to an entity associated with an endpoint; selecting a frequency and a duration of an endpoint monitoring interval; collecting user behavior to collect user behavior associated with the entity for the duration of the endpoint monitoring interval via the endpoint; processing the user behavior to generate a current risk score for the entity; comparing the current risk score of the user to historical risk scores to determine whether a risk score of a user has changed; and changing the risk score of the user to the current risk score when the risk score of the user has changed.

Abstract: A method for filtering data packets at a firewall system is disclosed that includes receiving a data packet having a plurality of fields at a processor, and determining whether a precondition exists, where an action is associated the precondition. The action associated with the precondition is performed if it is determined that the precondition exists. The data packet is processed using a plurality of rules if it is determined that the precondition does not exist for the one or more of the plurality of fields. A user associated with the data packet is identified, and it is determined whether one or more rules are stored in a cache for one or more of a plurality of groups associated with the user. The data packet is processed using the one or more rules stored in the cache if present.

Abstract: A method for filtering data packets at a firewall system is disclosed that includes receiving a data packet having a plurality of fields at a processor. Determining with the processor whether a precondition exists for one or more of the plurality of fields, where an action is associated the precondition. Performing the action associated with the precondition on the data packet with the processor if it is determined that the precondition exists for one or more of the plurality of fields. Processing the data packet using a plurality of rules with the processor if it is determined that the precondition does not exist for the one or more of the plurality of fields. Processing a second data packet by making an incremental change to the plurality of rules.

Abstract: A method for filtering data packets at a firewall system is disclosed that includes receiving a data packet having a plurality of fields at a processor. Determining with the processor whether a precondition exists for one or more of the plurality of fields, where an action is associated the precondition. Performing the action associated with the precondition on the data packet with the processor if it is determined that the precondition exists for one or more of the plurality of fields. Processing the data packet using a plurality of rules with the processor if it is determined that the precondition does not exist for the one or more of the plurality of fields.

Abstract: A method, system and computer-usable medium for adaptively assessing risk associated with an endpoint, comprising: determining a risk level corresponding to an entity associated with an endpoint; selecting a frequency and a duration of an endpoint monitoring interval; collecting user behavior to collect user behavior associated with the entity for the duration of the endpoint monitoring interval via the endpoint; processing the user behavior to generate a current risk score for the entity; comparing the current risk score of the user to historical risk scores to determine whether a risk score of a user has changed; and changing the risk score of the user to the current risk score when the risk score of the user has changed.

Abstract: A system, method, and computer-readable medium are disclosed for monitoring user behavior elements, comprising: monitoring electronically-observable user behavior, the electronically-observable user behavior comprising interactions between a user and a user device, interactions between a user and a network and interactions between a user and a resource; converting the electronically-observable user behavior into electronic information representing the electronically-observable user behavior; generating a user behavior profile based upon the electronic information representing the electronically-observable user behavior; providing the user behavior profile to a user behavior monitoring system; and, generating a notification based upon the user behavior profile via the user behavior monitoring system.