Abstract: In one embodiment, a similarity index is calculated from characteristics of a suspected phishing web page to a database of known phishing web pages. The characteristics derive from both HTML tags of the suspected phishing web page and a screenshot of the suspected phishing web page. With machine learning using the similarity index as an input, a probability is estimated that the suspected web page comprises a known phishing web page from the database of known phishing web pages. A known phishing web page is selected from one or more candidates known phishing web pages, based on having a highest probability.

Abstract: Systems and methods for analyzing user behavior patterns to detect compromised computing devices in an enterprise network are provided. According to one embodiment, an enforcement engine running on a network security device, identifies top users of a network exhibiting a suspicious behavior relating to login failures by determining a first set of users having a number of login failure events during a given time duration exceeding a threshold. The enforcement engine identifies from the first set of computers associated with the top users, a second set of computers exhibiting a suspicious behavior relating to new connections exceeding a threshold. The enforcement engine classifies a third set of computers, representing a subset of the second set exhibiting a suspicious behavior relating to consecutive new connections, as compromised source computers when their respective new connections are in a sequence that results in a Shannon entropy measure exceeding a threshold.

Abstract: Systems and methods for automatic VPN establishment are provided.

Abstract: Systems and methods for joint feature extraction and quality prediction using a shared machine learning model backbone and a customized training dataset are provided. According to an embodiment, a computer system receives a training dataset including example images each labeled with a particular category of a set of categories, and trains a deep neural network (DNN) based on the training dataset to jointly perform for an input image (i) facial feature extraction in accordance with the facial feature extraction algorithm and (ii) a quality scoring in accordance with a quality prediction algorithm. In the embodiment, the DNN, once trained with the training dataset labeled using a custom labeling scheme is used for the facial feature extraction and the quality prediction. The facial feature extraction algorithm and the quality prediction algorithm share a common DNN backbone of the DNN.

Abstract: Systems and methods for malware detection using multiple neural networks are provided.

Abstract: A Wi-Fi controller identifies a mismatch between a first prefix of a first IPv6 address for a data packet corresponding to a first VLAN on which the data packet was sent from the station to the access point, and a prefix of a second IPv6 address for a second VLAN from which the data packet was transmitted from the access point to the Wi-Fi controller. Responsive to the VLAN mismatch identification, the Wi-Fi controller transmits a DHCP reconfiguration packet to the station using the first VLAN. The DHCP reconfiguration packet causes the station to transmit a rebind packet to the DHCP server. The rebind packet causes the DHCP server to transmit an ACK frame on the first VLAN setting the valid lifetime for the first IPv6 address to zero.

Abstract: Various approaches for providing network maintenance and health monitoring. In some cases, some approaches include systems, methods, and/or devices that provide for receiving and cataloging network incidents and invoking automated remediation in relation to network incidents.

Abstract: A Compact computing device with peer-to-peer communication through an Ethernet interface is provided. According to one embodiment, a compact computing device includes an Ethernet interface, an Ethernet discovery agent, a memory and a micro-controller. The Ethernet interface is capable of connecting to a host though an Ethernet link. One side wall of the compact shielding case accommodates only the Ethernet interface. The Ethernet discovery agent is capable of discovering the host to which the compact computing device is connected. The memory is capable of storing information that is to be transferred to the host or information that is received from the host. The micro-controller is capable of exchanging information with the host through the Ethernet link.

Abstract: Various embodiments discussed generally relate to securing applications that work across networks, and more particularly to systems and methods for mitigating malicious behavior integrated within an application that directly calls a separate cloud based malicious behavior mitigation system.

Abstract: Various embodiments discussed generally relate to network security, and more particularly to systems and methods for using biometric data to enhance security in network access authorization.

Abstract: Systems, devices, and methods are discussed for proactively addressing low quality access credentials in a network environment.

Abstract: Systems and methods for improving security event classification by leveraging user-behavior analytics are provided. According to an embodiment, a UEBA-based security event classification service of a cloud-based security platform maintains information regarding historical user behavior of various users of an enterprise network. An endpoint protection platform running on an endpoint device that is part of the enterprise network performs an initial classification of the event, based on which the endpoint protection platform blocks activity by the process. The endpoint production platform requests input from the cloud-based security platform which causes the cloud-based security platform performs a reclassification of the event based on contextual information, multiple data feeds and the UEBA-based security event classification service.

Abstract: A transmission type is determined for a specific station on a Wi-Fi network. A transmission type of OFDMA is selected responsive to the mobility value for the specific station meeting a mobility threshold. A transmission type of MU-MIMO is selected responsive to the similarity value for the specific station meeting a similarity threshold. A transmission type of SU-MIMO is selected responsive to the specific station not meeting the similarity threshold. The network interface transmits data packets to stations using OFDMA, SU-MIMO or MU-MIMO as selected.

Abstract: Systems and methods for adjusting the behavior of an endpoint security agent based on a network location are provided. According to an embodiment, an agent of an endpoint device identifies whether a security service of a cloud-based security service is not reachable or is unresponsive. The security service is associated with a particular security function implemented by the agent. When the security service is not reachable or is unresponsive, the agent further determines whether the endpoint device is within a trusted network of multiple trusted networks that have been previously registered with the cloud-based security service by querying a trusted network determination service associated with the cloud-based security service. When the determination is affirmative, the particular security feature is configured for operating inside a trusted network. When the determination is negative, the particular security feature is configured for operating outside a trusted network.

Abstract: Systems, devices, and methods are discussed that provide for developing custom reports.

Abstract: Systems and methods for a machine-learning based approach for dynamically generating incident-specific playbooks for a security orchestration and automated response (SOAR) platform are provided. The SOAR platform captures information regarding execution of a sequence of actions performed by analysts responsive to a first incident of a first type. The captured information is fed into a machine-learning model. When a second incident, observed by the SOAR platform, is similar in nature to the first incident or the first type a recommended sequence of actions is generated based on the machine-learning model for use by an analyst in connection with responding to the second incident. In response to rejection of the recommended sequence by the analyst, revising the recommended sequence based on input provided by the analyst and storing the revised recommendation sequence in a form of a revised playbook for response to subsequent incidents that are similar to the second incident.

Abstract: Systems, devices, and methods are discussed that provide for discovering protected data from a code. Such detection provides an ability to discover potentially malicious code and/or datasets obfuscated within a code prior to full execution of the code.

Abstract: Systems, devices, and methods are discussed that provide for discovering protected data from a code. Such detection provides an ability to discover potentially malicious code and/or datasets obfuscated within a code prior to full execution of the code.

Abstract: Systems, devices, and methods are discussed that provide for discovering protected data from a code. Such detection provides an ability to discover potentially malicious code and/or datasets obfuscated within a code prior to full execution of the code.

Abstract: Systems and methods for adaptively provisioning a distributed event data store of a multi-tenant architecture are provided. According to one embodiment, a managed security service provider (MSSP) maintains a distributed event data store on behalf of each tenant of the MSSP. For each tenant, the MSSP periodically determines a provisioning status for a current active partition of the distributed event data store of the tenant. Further, when the determining indicates an under-provisioning condition exits, the MSSP dynamically increases number of resource provision units (RPUs) to be used for a new partition to be added to the partitions for the tenant by a first adjustment ratio. While, when the determining indicates an over-provisioning condition exists, the MSSP dynamically decreases the number of RPUs to be used for subsequent partitions added to the partitions for the tenant by a second adjustment ratio.