Abstract: A set of attributes of a particular asset of a computing environment is identified that are determined from data collected by one or more utilities in the computing environment. A criticality rating is automatically determined for the particular asset based at least in part on the set of attributes. A security activity is caused to be performed relating to the particular asset based on the automatically determined criticality rating of the particular asset.

Abstract: Distributed systems for protecting networked computer assets from compromise are disclosed. The distributed system includes one or more enterprise event sources, such as endpoint(s). The system also includes a server, such as a Big Data Analytics server, and optionally a security management server such as a Security Information and Event Management server. The Big Data Analytics server processes data collected from the enterprise event sources and produces behavioral profile models for each endpoint (or group of similar endpoints). The profiles, models, and ontology analysis are provided to the endpoints. Endpoint analytics use the output from the analytics servers to detect deviations from the endpoint's behavioral profile.

Abstract: Technologies for a distributed Internet of Things (IoT) system are disclosed. Several IoT devices may form a peer-to-peer network without requiring a central server. Information may be stored in a distributed manner in the distributed IoT system, allowing for storing information without transmitting it to a remote server, which may be costly and introduce security or privacy risks. Each IoT device of the distributed IoT system includes a machine learning algorithm that is capable of uncovering patterns in the input of the distributed IoT system, such as a pattern of user inputs in certain situations, and the distributed IoT system may adaptively anticipate a user's intentions.

Abstract: Protecting personally identifiable information data collected and/or stored in physical objects with embedded electronic devices by performing at least the following: obtaining a plurality of personally identifiable information algorithms for a plurality of electronic user devices, determining a relevant personally identifiable information algorithm from the plurality of personally identifiable information algorithms, executing the relevant personally identifiable information algorithm over the relevant personally identifiable information from one of the electronic user devices to construct a personally identifiable information data result, and transmitting the personally identifiable information data result without transmitting the relevant personally identifiable information to a remote computing system.

Abstract: A system, method, and computer program product are provided for conditionally preventing use of hardware virtualization. In use, an attempt to use hardware virtualization is identified. Further, the use of the hardware virtualization is conditionally prevented.

Abstract: There is disclosed in one example a remediation server including: a hardware platform, including a processor, a memory, and a network interface; and instructions encoded within the memory to instruct the processor to: receive an application binary; create an application logic model of the application binary; and create personalization rules for the application binary based on the application logic model.

Abstract: A firewall provides improved network security by allowing the use of dynamic objects in firewall rules, where the dynamic objects evaluate to a variable set of devices. The dynamic objects may be updated from real-time data sources and non-real time inventories of data. Dynamic objects may be used for either or both of source and destination in a firewall rule. Where the dynamic object includes non-real time data, the dynamic object may be synchronized with the non-real time data inventory on a configurable basis. By using dynamic objects, the firewall can provide flexibility in the rules to allow control over user-owned and controlled devices.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identify regions of code to be monitored, probe and lock code pages that include the identified regions of code, and remap the code pages as execute only. The code pages can be remapped as execute only in an alternate extended page table view.

Abstract: A method, apparatus, and system is described for distributing a rule to a distributed capture system and storing the rule in a global configuration database, wherein the rule defines an action for the distributed capture system to perform regarding packets intercepted by the distributed capture system.

Abstract: Managing authentication of a child device includes receiving, by a host device, sensor data from a child device, deriving simplified authentication data from the sensor data based on a capability of the child device, storing the simplified authentication data in an authentication profile for the child device, and transmitting the simplified authentication data to the child device, wherein the simplified authentication data is sufficient to allow the child device to authenticate a user without the host device.

Abstract: Systems and methods are provided in example embodiments for mitigating malicious calls. The system can be configured to determine a series of checksums for a file, compare the series of checksums to a checksum tree, where the checksum tree includes a plurality of nodes that each include a fuzzy checksum of known malware, and assign one or more classifications to the file, where each of the one or more classifications is based on each node of the checksum tree that matches a checksum in the series of checksums and includes whether the file includes malware or benign checksums.

Abstract: A method in one example implementation includes extracting a plurality of data elements from a record of a data file, tokenizing the data elements into tokens, and storing the tokens in a first tuple of a registration list. The method further includes selecting one of the tokens as a token key for the first tuple, where the token is selected because it occurs less frequently in the registration list than each of the other tokens in the first tuple. In specific embodiments, at least one data element is an expression element having a character pattern matching a predefined expression pattern that represents at least two words and a separator between the words. In other embodiments, at least one data element is a word defined by a character pattern of one or more consecutive essential characters. Other specific embodiments include determining an end of the record by recognizing a predefined delimiter.

Abstract: A method is described to maintain (including generate) an inventory of a system of a plurality of containers accessible by a computer system. At least one container is considered to determine whether the container is executable in at least one of a plurality of execution environments characterizing the computer system. Each execution environment is in the group comprising a native binary execution environment configured to execute native machine language instructions and a non-native execution environment configured to execute at least one program to process non-native machine language instructions to yield native machine language instructions. The inventory is maintained based on a result of the considering step. The inventory may be used to exercise control over what executables are allowed to execute on the computer system.

Abstract: A request is received from a security tool, the request relating to an event involving data records in a storage device. An application programming interface (API) is used to interface with secure storage functionality of the storage device, the secure storage functionality enabling a set of secure storage operations. A security operation is caused to be performed at the storage device involving the data records based at least in part on the request. In one aspect, the set of secure storage operations can include a direct read operation, a direct write operation, a copy-on-write operation, and a save-attempted-write operation.

Abstract: A technique allows for transparently managing, suspending, restoring, sharing, limiting and migrating user sessions on a device without having access to user credentials. A user may automatically log in and out of each or all their online accounts instantaneously and, in doing so, the user may share sessions without sharing passwords across client devices as well as with other authenticated and authorized users. Sharing may be done in a secure manner with the initiating-user being able to restrict shared session rights, as well as being able to remove access to each of the shared sessions.

Abstract: Systems and methods for detection of malicious exploitations in a multimedia file are disclosed. In one embodiment, such an approach includes parsing the compiled bytecode of a multimedia file to detect identified key instructions and determine if such key instructions are repeated in specific patterns that signify the presence of malicious exploitation. The approach may also include examining the contents of the constant pool table in a compiled multimedia file to detect specific shellcode strings that are indicative of presence of malicious exploitation. When the bytecode or the constant pool table indicates that malicious exploitation is present, an approach may be utilized to reduce instances of false positive identification of malicious exploitation.

Abstract: Disclosed is a method and system for managing contacts for a communication system by storing contact information in a centralized storage system and permitting receiving users to access the centralized contact information storage system using a token passed with communications from a sending user. The communications system may be a trusted network with trusted sending and receiving members. Each communications system member provides contact information the member may wish to make available to other parties. The member may also create a policy defining which contact information may be made available to different classes of users. A member of the communications system generates a message to send to a receiving user. A token that identifies the sending user to the communications system is embedded into the message to be sent to the receiving user.

Abstract: Dynamically identifying and utilizing an opportunistic device by performing at least the following within a discovery offloading module: receive an offloading alert message from a service device, wherein the offloading alert message indicates the service device is unable to provide one or more services to the client device, receive a discovery message from a candidate device, wherein the discovery message indicates the candidate device is capable of performing the services provided to the client device, select, using the dedicated execution environment, an opportunistic service device based on the discovery message from the candidate device; and trigger the restart of host execution instruction within the client device by obtaining the one or more services from the opportunistic service device, wherein the discovery offloading module operates independently from the host execution instructions within the client device.

Abstract: Embodiments of this disclosure are directed to an execution profiling handler configured for intercepting an invocation of memory allocation library and observing memory allocation for an executable application process. The observed memory allocation can be used to update memory allocation meta-data for tracking purposes. The execution profiling handler can also intercept indirect branch calls to prevent heap allocation from converting to execution and intercept exploitation of heap memory to block execution.

Abstract: A system, method, and computer program product are provided for automatically identifying potentially unwanted data as unwanted. In use, data determined to be potentially unwanted (e.g. potentially malicious) is received. Additionally, the data is automatically identified as unwanted (e.g. malicious). Furthermore, the data is stored for use in detecting unwanted data (e.g. malicious data).