Abstract: A method, system and computer-usable medium for generating session-based security information. Generating the session-based security information includes the steps of monitoring user behavior between an enactor and an entity; detecting user behavior data associated with the user behavior; generating a session using the user behavior data, the session relating to an entity discrete interaction of the enactor; and, associating the session and the session-based security information with the user profile.

Abstract: A method, system and computer-usable medium for performing a risk score volatility reduction operation, comprising: collecting event data associated with user behavior of a user; generating a scoring interval risk score for the user for a current risk scoring interval; and, processing the scoring interval risk score of the current risk scoring interval with a scoring interval risk score from a prior risk scoring window to provide a scoring window risk score, the scoring window risk score reducing volatility of a risk score associated with the user.

Abstract: A method, system and computer-usable medium for adaptively remediating multivariate risk, comprising: detecting a violation of a multivariate security policy, the multivariate security policy comprising a plurality of variables; identifying a variable from the plurality of variables associated with a cause of the violation; associating an entity with the variable associated with the cause of the violation; and, adaptively remediating a risk associated with the entity.

Abstract: A method, system, and computer-usable medium are disclosed for, responsive to establishment of a connection between a first endpoint device and a second endpoint device: maintaining, by a security device interfaced between the first endpoint device and the second endpoint device for inspecting traffic transmitted over the connection, a first communication state to be identical to a communication state of the first endpoint device; and maintaining, by the security device, a second communication state to be identical to a communication state of the second endpoint device; and responsive to transmission of traffic from the first endpoint and intended for the second endpoint: inspecting individual objects of the traffic; modifying stream identifiers of the individual objects prior to retransmission of the traffic to the second endpoint to maintain ordering of stream identifiers as seen by the second endpoint; and maintaining a mapping of the modified stream identifiers such that the mapping is used by the securit

Abstract: A method, system and computer-usable medium for performing a data asset discovery security operation, comprising: capturing a stream of data resulting from interactions between a user and a device; identifying an occurrence of a data asset discovery operation in the stream of data; generating a data asset index corresponding to a data asset associated with the occurrence of the data asset discovery operation; and, determining whether a data asset security policy is applicable to the data asset associated with the occurrence of the data asset discovery operation.

Abstract: A method, system and computer-usable medium for performing a psychological profile operation. The psychological profile operation includes: monitoring user interactions between a user and an information handling system; converting the user interactions into electronic information representing the user interactions; determining when the user interactions are associated with generation of an electronic communication; associating the user interactions with the electronic communication; and, generating a psychological profile of the user based upon the user interactions and the electronic communication, the psychological profile comprising information regarding a psychological state of the user.

Abstract: A method, system, and computer-usable medium are disclosed for managing network communication by, responsive to an attempted connection from a client to a server, receiving information regarding the connection from the client, determining if the information regarding the connection matches an entry of a reputation cache, and responsive to determining that the information regarding the connection matches an entry of the reputation cache, undertaking a remedial action in accordance with a security policy.

Abstract: A method, system, and computer-usable medium are disclosed for, responsive to receipt at a security device of a connection request from a client to a server receiving a message from the client to the server, extracting from a memory associated with the client a secret for performing decryption of application messages communicated from the server to the client, and using the secret to decrypt the application messages to perform at least one of monitoring and inspection of the application messages as decrypted in accordance with a security policy, while allowing the client and the server to maintain an end-to-end connection without intermediate termination at the security device.

Abstract: A method, system, and computer-usable medium are disclosed for, responsive to receipt at an information handling system of a command to transmit an executable file to a second information handling system, scanning the executable file to determine if the executable file includes debug information, and responsive to determining that the executable file includes debug information, taking remedial action with respect to the executable file.

Abstract: A system for image classification is disclosed that includes a central system configured to provide high reliability image data processing and recognition and a plurality of endpoint systems, each configured to provide image data processing and recognition with a lower reliability than the central system and to generate probability data. A decision switch disposed at each of the plurality of endpoint systems is configured to receive the probability data and to determine whether to deny access, grant access or generate a referral message to the central system, wherein the referral message includes at least a set of image data generated at the endpoint system.

Abstract: A method, system and computer-usable medium are disclosed for generating a cyber behavior profile, comprising: monitoring user interactions between a user and an information handling system; converting the user interactions and the information about the user into electronic information representing the user interactions; generating a unique cyber behavior profile based upon the electronic information representing the user interactions and the information about the user; and, storing information relating to the unique cyber behavior profile in a behavior blockchain.

Abstract: A method, system and computer-usable medium for generating a user behavior profile, comprising: monitoring user interactions between a user and an information handling system; converting the user interactions and the information about the user into electronic information representing the user interactions; generating a unique user behavior profile based upon the electronic information representing the user interactions and the information about the user; storing information relating to the unique user behavior profile within a user behavior profile repository; and, storing information referencing the unique user behavior profile in a user behavior blockchain.

Abstract: A system for identifying network users is provided that includes a domain controller agent having a user map that is configured to receive user data, to save the user data in an updated user map and to replace the user map with the updated user map. A filtering service has the user map and is configured to receive the updated user map and to replace the user map with the updated user map. An event subscription system is configured to generate event subscription data, wherein the domain controller agent is configured to subscribe to the event subscription system and to receive the event subscription data.

Abstract: A method, system, and computer-usable medium are disclosed for receiving a video stream of image frames, determining changes in one or more portions of the video stream, and presenting: (i) the video stream to a video display device, including an overlay indicating the one or more portions of the video stream wherein the changes occur; and/or (ii) a temporal change indicator to the video display device, indicating temporal portions of the video stream in which changes occur within the video stream.

Abstract: A method, system, and computer-usable medium are disclosed for receiving a video stream of image frames in a video format, decoding image frames of the video stream from the video format, for each respective frame of the image frames, upon completion of decoding of the respective frame, asynchronously encoding the respective frame into a lossless compression format, and asynchronously streaming all of the respective frames as encoded into the lossless compression format as a resulting video stream for display to a video display device.

Abstract: A method, system, and computer-usable medium are disclosed for responsive to a connection from a client to a server for establishing communications between the client and the server, store information regarding state of the connection and responsive to receiving a reply from the server to the client, route the reply to the client based on the information regarding the state of the connection.

Abstract: A method, system, and computer-usable medium are disclosed for, responsive to receipt of traffic from a server to a client, parsing content of the traffic, and injecting additional content into original content of the server response to override an action of the original content, such that when the client executes the content of the traffic the client determines whether the content includes additional content that overrides the action of the original content, and in response to determining that the content includes additional content that overrides the action of the original content, communicates parameters associated with execution of the action to an inspection service to determine if the action is malicious.

Abstract: A method, system and computer-usable medium for performing a security analysis operation within a security environment, comprising: monitoring electronically-observable user behavior about a particular entity; maintaining a state about the particular entity, the state representing a context of a particular event; converting the electronically-observable user behavior into electronic information representing the electronically-observable user behavior; generating a user behavior profile based upon the electronic information representing the electronically-observable user behavior; and, analyzing the event using the state of the entity and the user behavior profile.

Abstract: A system, for managing application specific configuration data, that receives, from a local server, a standardized configuration object, at a configuration engine, for a configurable entity, generates at least one configuration object file for the configuration entity, wherein the standardized configuration object is generated based on the application specific configuration data according to a system wide metadata specification. The system can further write each configuration object file to a shared memory structure associated with a configuration file of a configurable entity. The system receives the configuration object, compares the configuration object with another standardized configuration object, and interfaces the configuration object with the configuration engine. The interfaced configuration object can be a piece of configuration. The system permits read access to the configuration engine to the configuration object, permits read and write access to the management server to the configuration object.

Abstract: A method, system, and computer-usable medium are disclosed for providing a multi-access interface for network traffic, comprising: receiving information regarding topology of a virtual private network and storing the topology in the form of a routing table. A method, system, and computer-usable medium are disclosed for providing an interface for network traffic, comprising: in a virtual private network comprising a plurality of tunnels delivering only information associated with Open Systems Interconnect stack Level 3, receiving a network communication and performing multicast forwarding among the plurality of tunnels using multicast forwarding from Open Systems Interconnect stack Level 2.