Abstract: A system for optimization of data transmission, comprising a content protection extraction system configured to operate on a remote processor and to extract content protection data associated with a data file and to transmit the content protection data to a central processor and a content protection confirmation system configured to operate on the central processor and to receive the content protection data and to verify whether the content protection data is associated with an authenticated data file.

Abstract: A method, system and computer-usable medium for generating session-based security information. Generating the session-based security information includes the steps of monitoring user behavior between an enactor and an entity; detecting user behavior data associated with the user behavior; generating a session using the user behavior data, the session relating to an entity discrete interaction of the enactor; and, associating the session and the session-based security information with the user profile.

Abstract: Disclosed herein is technology that detects potentially deceptive URI (Uniform Resource Identifier) of a homograph attack (e.g., an Internationalized Domain Name (IDN) homograph attack). In one or more implementations, the detection may be accomplished, at least in part, by assessing the likelihood that all of the characters in the URI (e.g., domain name) were typed on a keyboard using a single keyboard map. This Abstract is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims.

Abstract: A method, system and computer-usable medium for adaptively remediating multivariate risk, comprising: detecting a violation of a multivariate security policy, the multivariate security policy comprising a plurality of variables; identifying a variable from the plurality of variables associated with a cause of the violation; associating an entity with the variable associated with the cause of the violation; and, adaptively remediating a risk associated with the entity.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity, the security related activity being based upon the observable from the electronic data source, the security related activity comprising a concerning behavior, the concerning behavior comprising a security related activity of analytic utility; analyzing the security related activity, the analyzing the security related activity being based upon the concerning behavior; and, performing a security operation in response to the analyzing the security related activity.

Abstract: A method for filtering data packets at a firewall system is disclosed that includes receiving a data packet having a plurality of fields at a processor, and determining whether a precondition exists, where an action is associated the precondition. The action associated with the precondition is performed if it is determined that the precondition exists. The data packet is processed using a plurality of rules if it is determined that the precondition does not exist for the one or more of the plurality of fields. A user associated with the data packet is identified, and it is determined whether one or more rules are stored in a cache for one or more of a plurality of groups associated with the user. The data packet is processed using the one or more rules stored in the cache if present.

Abstract: A method for migrating a data schema comprising combining a first deterministic finite automaton with a second deterministic finite automaton to generate a modified deterministic finite automation. Identifying a state of the modified deterministic finite automaton without computed followers. Computing a new vector of original states for each state of the modified deterministic finite automaton corresponding to the identified state.

Abstract: A system for network configuration, comprising a graphic user interface system operating on a first processor and configured to allow a user to select one or more hardware infrastructure components and one or more software infrastructure components for use with a first infrastructure. A configuration recording system operating on a second processor and configured to receive two or more objects associated with each of the one or more hardware infrastructure components and each of the one or more software infrastructure components and to store the two or more objects in a template.

Abstract: A method, system, and computer-usable medium are disclosed for performing packet processing of network traffic on a master security device of a plurality of security devices, such packet processing including connection tracking for the network traffic, and offloading packet inspection of the network traffic to one or more slave security devices of the plurality of security devices.

Abstract: A data loss prevention mechanism for a cloud-based security analytics system is provided that utilizes a compact repository that improves the ratio of false positives over traditional methods, maintains a small data size, permits distribution of compact repository files to a large number of analyzing nodes, and provides metadata for matched events. A compressed bitmap of information found in a compact repository is used, thereby improving the utilization of storage space for a repository containing information associated with a significant number of data fingerprints. Compression further allows for a larger entry size in the compact repository, thereby providing a lower false positive rate. A mechanism for distributing updates to compact repositories residing on cloud servers is provided by updating a central server and propagating the updates to remote servers.

Abstract: A mechanism for probabilistically determining the contents of an encrypted file is provided, such that a transfer of the encrypted file can be restricted according to rules associated with an unencrypted version of the file. Embodiments generate a file size table of a subset of files, where each entry of the file size table includes a size information regarding the unencrypted file. Embodiments compare the size of the encrypted file against the file sizes and compressed file size ranges to determine whether the encrypted file has a match. If the size of the encrypted file has a single match in the table, then there is a high probability that the file associated with the matching entry is the unencrypted version of the encrypted file. Rules associated with restricting access of the file related to the matching entry can be used to control transfer of the encrypted file.

Abstract: A method, system, and computer-usable medium for protecting against contagion-based risk events are disclosed for monitoring behavior of users to construct a contagion network relationship map of connection and influence relationships between different users and then analyzing a received stream of events from the users to identify a critical event performed by a first user having a first risk score so that one or more propagated risk scores can be generated from the first risk score for at least a first connected user based on connection and influence relationships between the first user and the first connected user that are extracted from the contagion network relationship so that an adaptive response may be automatically generated to protect and control against actions by at least the first connected user based on the one or more propagated risk scores.

Abstract: A processor-implemented method for providing a continuous deployment pipeline for services, comprising generating in response to a first algorithmic instruction a service identifier and parameter input process for a plurality of parameters associated with a first service, receiving a first set of parameters for the first service at the processor in response to a second algorithmic instruction, generating a third algorithmic instruction for use in providing a continuous deployment pipeline for the first service, generating in response to the first algorithmic instruction the service identifier and parameter input process for a plurality of parameters associated with a second service, receiving a second set of parameters for the second service in response to the second algorithmic instruction and modifying the third algorithmic instruction for use in providing a continuous deployment pipeline for the second service using at least a portion of the continuous deployment pipeline for the first service.

Abstract: A system for firewall data log processing, comprising a firewall logging system operating on a first processor and configured to cause the first processor to receive firewall log data and to process the firewall log data on a periodic basis to reduce the size of the firewall log data and a firewall reporting system operating on a second processor and configured to process the reduced size firewall log data to generate a report on a user interface that includes one or more analytics from the reduced size firewall data.

Abstract: A system, method, and computer-readable medium are disclosed for generating an adaptive trust profile, comprising: monitoring an electronically-observable action of an entity, the electronically-observable action of the entity corresponding to an event enacted by the entity; converting the electronically-observable action of the entity to electronic information representing the action of the entity; and generating the adaptive trust profile based upon the action of the entity, the adaptive trust profile being privacy enhanced.

Abstract: A method, system and computer-usable medium for automating the assessment of security vulnerabilities associated with a user module via a user module assessment operation. The user assessment operation includes receiving a request from a user module via an edge device; determining whether the request includes a persistent session cookie; determining whether the user module should be assessed to detect security vulnerabilities; resetting information contained in the persistent session cookie when the user module should be accessed to detect security vulnerabilities; redirecting the user module for assessment; and, performing an assessment of the user module to detect possible security vulnerabilities.

Abstract: A method, system and computer-usable medium for mitigating security breaches associated with dissemination of protected data. In certain embodiments, the method includes receiving information communicated to a secured network from a source external to the secured network and determining whether the received information includes protected data. If the received information includes protected data, a determination is made as to whether the receipt of the protected data is anomalous. If the receipt of the protected data is anomalous, one or more sources of egress of the protected data from the secured network are identified. By identifying the sources of egress, actions may be taken to prevent future egress of the protected data.

Abstract: A method, system and computer-usable medium are disclosed for capturing an image rendered by a target application. One general aspect includes a computer-implemented method for capturing an image, the method including: intercepting API calls made by a target application to a graphics display driver, where the API calls made to the graphics display driver by the target application are made using a graphics rendering API library; and using the intercepted API calls to construct a copy of a frame buffer of the image, where the copy of the frame buffer is constructed independent of the graphics display driver. Certain embodiments may include corresponding stand-alone and/or network computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform one or more of these actions.

Abstract: A method, system and computer-usable medium for revising a security policy. Revising the security policy includes detecting an event associated with an entity; providing information relating to the event to a security policy; determining whether the security policy is violated by the event; generating a response when the security policy is violated by the event; and, remediating the security policy to reduce false positive responses generated by the security policy.

Abstract: A method for filtering data packets at a firewall system is disclosed that includes receiving a data packet having a plurality of fields at a processor, and determining whether a precondition exists, where an action is associated the precondition. The action associated with the precondition is performed if it is determined that the precondition exists. The data packet is processed using a plurality of rules if it is determined that the precondition does not exist for the one or more of the plurality of fields. A user associated with the data packet is identified, and it is determined whether one or more rules are stored in a cache for one or more of a plurality of groups associated with the user. The data packet is processed using the one or more rules stored in the cache if present.