Abstract: A method, system, and computer-usable medium for streaming or processing data streams. Raw text data is cleansed to a standard format. A fuzzy matching algorithm is performed on the text data. For data where domain expertise is required, alias matching is performed. End state categorizing or grouping is provided for the cleansed raw text data.

Abstract: A method, system and computer-usable medium are disclosed for operating an endpoint court at an endpoint device. Certain embodiments include a computer-implemented method for operating an endpoint core at an endpoint device, the method including: receiving an event subscription request from an endpoint agent over a message bus; and managing communication of events for processing by the endpoint agent based on the event subscription request so that events to which the endpoint agent has subscribed are selectively processed at the endpoint agent. Certain embodiments may include corresponding stand-alone and/or network computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform one or more of these actions.

Abstract: A system for processing data is disclosed that includes a first processor configured to operate one or more algorithms to identify a user identity as a function of user metadata and to provide access to a predetermined network resource using a cloud-based explicit proxy as a function of the user identity and one or more service requests, the first processor configured to operate one or more algorithms to detect a change in the one or more service requests and wherein access to the predetermined network resources using the cloud-based explicit proxy is modified as a function of the detected change in the one or more service requests.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity of the entity, the security related activity being based upon the observable derived from the electronic data source, the security related activity being of analytic utility; converting the security related activity to entity behavior catalog data, the entity behavior catalog providing an inventory of entity behaviors; and, accessing an entity behavior catalog based upon the entity behavior catalog data; and performing a security operation via a security system, the security operation using the entity behavior catalog data stored within the entity behavior catalog based upon the security related activity.

Abstract: A method, system and computer-usable medium for generating a user behavior profile, comprising: monitoring user interactions between a user and an information handling system; converting the user interactions and the information about the user into electronic information representing the user interactions; generating a unique user behavior profile based upon the electronic information representing the user interactions and the information about the user; storing information relating to the unique user behavior profile within a user behavior profile repository; and, storing information referencing the unique user behavior profile in a user behavior blockchain.

Abstract: A system, method, and computer-readable medium are disclosed for performing an entity behavior cataloging operation. The entity behavior cataloging operation includes: identifying a security related activity, the security related activity being based upon an observable from an electronic data source; analyzing the security related activity, the analyzing identifying an event of analytic utility associated with the security related activity; generating entity behavior catalog data based upon the event of analytic utility associated with the security related activity; and, storing the entity behavior catalog data within an entity behavior catalog, the entity behavior catalog providing an inventory of entity behaviors for use when performing a security operation.

Abstract: A mechanism is provided for using triggered stimuli to enhance contextual information regarding detected risk events in a networked system. Embodiments monitor a system to identify risk-associated behavior, and upon detecting such behavior, can provide stimulus to a user associated with the risk-associated behavior to determine additional context behind the behavior, thereby initiating a two-way communication to acquire more information. If user response to the stimulus indicates a high risk associated with the behavior, then the system can trigger security measures to restrict the behavior. Some embodiments provide stimuli that are directly related to the nature of the risk-associated behavior, in order to better contextualize the behavior. In some embodiments, the stimuli are only applied if the risk-associated behavior presents a measure of risk above a predetermined threshold.

Abstract: A system, method, and computer-readable medium are disclosed for performing an entity behavior cataloging operation. The entity behavior cataloging operation includes: identifying a plurality of security related activities, the plurality of security related activities being based upon observables from an electronic data source; analyzing the plurality of security related activities, the analyzing identifying a set of entity behaviors associated with the plurality of security related activities; and, performing a security operation via a security system, the security operation accessing entity behavior catalog data stored within an entity behavior catalog based upon the set of entity behaviors associated with the plurality of security related activities, the entity behavior catalog providing an inventory of entity behaviors for use when performing the security operation.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring a data entity, the monitoring observing at least one electronically-observable data source, the data entity exhibiting a data entity behavior; deriving an observable based upon the monitoring of the electronically-observable data source, the observable comprising event information corresponding to the data entity behavior; identifying an event of analytic utility, the event of analytic utility being derived from the observable from the electronic data source and the data entity behavior; analyzing the event of analytic utility, the analyzing the event of analytic utility using the data entity behavior; and, performing the security operation in response to the analyzing the event of analytic utility.

Abstract: A system for processing data, comprising a first processor configured to operate one or more algorithms to provide an explicit proxy that directs network communications over a public network to a proxy server. The first processor configured to operate one or more algorithms to provide a firewall agent that verifies the presence of a firewall key prior to allowing data communications over the public network using the explicit proxy. Wherein the explicit proxy is installed using a proxy auto configuration file that is associated with the firewall agent.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation.

Abstract: A method, system and computer-usable medium for using pseudonyms to identify entities and their corresponding security risk factors is disclosed. In certain embodiments, a computer-implemented method for identifying security risks associated with a plurality of different entities is disclosed, wherein the method comprises: receiving a stream of events, the stream of events comprising a plurality of events associated with the plurality of different entities; pseudonymizing events of the plurality of events by replacing entity names in the plurality of events with corresponding entity pseudonyms to thereby provide a plurality of pseudonymized events; executing security analytics operations on the plurality of pseudonymized events to identify user behaviors presenting security risks; and using the entity pseudonyms to anonymously identify entities engaging in security risk related behaviors.

Abstract: A system, method, and computer-usable medium are disclosed for generating a cyber behavior profile comprising monitoring user interactions between a user and an information handling system; converting the user interactions into electronic information representing the user interactions, the electronic information representing the user interactions comprising temporal detail corresponding to the user interaction; and generating a user behavior profile based upon the electronic information representing the user interactions, the generating the user profile including a layer of detail corresponding to the temporal detail corresponding to the user interaction.

Abstract: A system, method, and computer-readable medium are disclosed for performing a lexicon construction operation. The lexicon construction operation includes: identifying a corpus, the corpus comprising a plurality of training events, each of the plurality of training events comprising a term; grouping terms from the plurality of training events into topic clusters; analyzing the plurality of topic clusters, the analyzing providing a plurality of classified clusters; and, deriving a plurality of learned lexicons from the plurality of classified clusters.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security risk modeling operation. The security risk modeling operation includes: monitoring an entity, the monitoring observing an electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity, the security related activity being based upon the observable from the electronic data source; analyzing the security related activity, the analyzing the security related activity using a human-centric risk modeling framework; and, performing a security operation in response to the analyzing the security related activity.

Abstract: A system for image classification is disclosed that includes a central system configured to provide high reliability image data processing and recognition and a plurality of endpoint systems, each configured to provide image data processing and recognition with a lower reliability than the central system and to generate probability data. A decision switch disposed at each of the plurality of endpoint systems is configured to receive the probability data and to determine whether to deny access, grant access or generate a referral message to the central system, wherein the referral message includes at least a set of image data generated at the endpoint system.

Abstract: A method, system, and computer-readable storage medium are disclosed for identifying binary signatures in a selected set of files and assigning at least one of the binary signatures to a file format name or file format type for use in a security policy generator. In certain embodiments, the method for generating an electronic security policy for a file format type, includes: identification of a plurality of files stored in electronic memory, where the plurality of files include files having the same file format type; providing a file format name that is to be associated with the file format type; accessing the plurality of files from the electronic memory; identifying a common binary signature for the file format type included in the plurality of files; correlating the file format type with the common binary signature; and generating the security policy for the file format type using the file format name.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity to identify a behavior enacted by the entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the behavior enacted by the entity, the observable comprising event information corresponding to a behavior enacted by the entity; identifying an indicator of behavior from the event information corresponding to the behavior enacted by the entity, the indicator of behavior providing an abstracted description of an inferred intent associated with the behavior enacted by the entity; associating a security persona with the entity based upon the indicator of behavior, the security persona comprising a group of entity behaviors associated with a particular security risk use case; and, performing the security operation, the security operation using the security persona associated with the entity.

Abstract: A mechanism for probabilistically determining the contents of an encrypted file is provided, such that a transfer of the encrypted file can be restricted according to rules associated with an unencrypted version of the file. Embodiments generate a file size table of a subset of files, where each entry of the file size table includes a size information regarding the unencrypted file. Embodiments compare the size of the encrypted file against the file sizes and compressed file size ranges to determine whether the encrypted file has a match. If the size of the encrypted file has a single match in the table, then there is a high probability that the file associated with the matching entry is the unencrypted version of the encrypted file. Rules associated with restricting access of the file related to the matching entry can be used to control transfer of the encrypted file.