Abstract: Mechanisms for sharing user-provided information from an original equipment manufacturer (OEM) application and a vendor application are provided, the mechanisms including: receiving the user-provided information at the OEM application; determining a system identifier of a system on which the OEM application is executing at the OEM application using a hardware processor; providing the user-provided information and the system identifier to a vendor cloud server from the OEM application; determining the system identifier at vendor application; providing the system identifier from the vendor application to the vendor cloud server; receiving the user-provided information at the vendor application from the vendor cloud server in response to providing the system identifier to the vendor cloud server; and using the user-provided information to configure the vendor application.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to verify application permission safety.

Abstract: Example firewalls disclosed herein populate a first dynamic object of a firewall rule with first information to identify a first updateable set of devices that satisfy a first one of a plurality of conditions associated with the firewall rule, the first information based on first data obtained from an appliance that monitors communication traffic in at least a portion of a network. Disclosed example firewalls also populate a second dynamic object of the firewall rule with second information to identify a second updateable set of devices that satisfy a second one of the conditions associated with the firewall rule, the second information based on second data obtained from a data source different from the appliance. Disclosed example firewalls further apply, based on evaluation of the first dynamic object and the second dynamic object, the firewall rule to first network traffic associated with a first device in communication with the network.

Abstract: Systems, methods, and media for identifying and responding to malicious files having similar features are provided. More particularly, in some embodiments, systems for identifying and responding to malicious files having similar features are provided, the systems comprising: a memory; and a hardware processor coupled to the memory and configured to: receive feature information extracted from a file, wherein the feature information includes at least two of static feature information, environmental feature information, and behavioral feature information; create clusters based on the feature information; determine if a file corresponding to one of the clusters is malicious; and report to a plurality of endpoints that other files corresponding to the one of the clusters is malicious.

Abstract: A first example network security platform disclosed herein is to store a cryptographic session key from a server, the cryptographic session key associated with an encrypted network traffic flow between the server and a client different from the first network security platform. This disclosed first example network security platform is also to access a query from a second network security platform requesting the cryptographic session key, and generate a response including the cryptographic session key to send to the second network security platform.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; and an anomaly detection engine including instructions encoded within the memory to instruct the processor to: periodically collect telemetry for a performance parameter; compute and maintain a local trend line for the performance parameter; receive from a cloud service a global trend line for the performance parameter for a class of devices including the computing apparatus; and perform anomaly detection including analyzing the local trend line and the global trend line to detect an anomaly.

Abstract: There is disclosed in an example a gateway device, including a hardware computing platform, and a secure domain name system (DNS) engine having circuitry and stored instructions to-program the circuitry, the secure DNS engine to communicatively couple to an endpoint via a local network, begin a secure DNS transaction with the endpoint, determine whether the endpoint supports delegated credentials, and after determining that the endpoint supports delegated credentials, establish a secure DNS session with the endpoint using a delegated credential.

Abstract: There is disclosed in one example a ransomware mitigation engine, including: a processor; a convolutional neural network configured to provide file type identification (FTI) services including: identifying an access operation of a file as a write to the file or newly creating the file; computing a byte correlation factor for the file; classifying the file as belonging to a file type; determining with a screening confidence that the file type is correct for the file; determining that the screening confidence is below a screening confidence threshold; and circuitry and logic to provide heuristic analysis including: receiving notification that the confidence is below the confidence threshold; performing a statistical analysis of the file to determine a difference between an expected value and a computed value; determining from the difference, with a detection confidence, that the file has been compromised; and identifying the file as having been compromised by a ransomware attack.

Abstract: There is disclosed herein a computer-implemented system and method of providing wellness detect and response (WDR) security services for an enterprise, including computing, for the enterprise, a quantitative user-centric security posture, wherein computing the quantitative user-centric security posture comprises calculating, for a user, a quantitative user risk profile according to a combination of user role, user privileges, user behavior, and digital assets assigned to a user and owned by the enterprise.

Abstract: There is disclosed in one example a computer apparatus, including: a hardware platform including a central processor unit (CPU) and a memory; and instructions encoded within the memory to instruct the CPU to: enumerate a plurality of running processes, and associate resource demands with the running processes; predict a resource starvation condition for at least one process; rank the plurality of running processes according to a dynamic ranking algorithm, wherein the ranking algorithm includes user engagement as an input for ranking a process; and according to the ranking and a safeguard algorithm, deallocate resources from a process ranked lower than the at least one process and assign the deallocated resources to the at least one process to mitigate the predicted resource starvation condition.

Abstract: By way of example, a method includes, responsive to a user request to download, from the internet, a downloadable file with executable content, downloading a portion of the downloadable file, wherein the downloadable file is not executable with the portion; after download the portion of the downloadable file, scanning the portion of the downloadable file for malware characteristics to classify the downloadable file; and completing downloading the downloadable file only after determining, based on the scanning of the portion of the downloadable file, that the downloadable file is not malware.

Abstract: Examples are disclosed herein to implement remote authentication and passwordless password reset. An example server includes: at least one processor to forward executable instructions to a client device, the executable instructions, when executed at the client device, to cause the client device to: authenticate a user of an account based on a biometric authentication factor; obtain a local storage key by decrypting an encrypted local storage key with a cloud key obtained from a remote authentication server, the cloud key associated with the client device; decrypt a key bag with the local storage key, the key bag including a content encryption key and an encrypted credential encrypted with the content encryption key, the encrypted credential associated with the user; and decrypt the encrypted credential with the content encryption key to obtain a credential without the user supplying a master password associated with the account.

Abstract: A computer-implemented method provides security services to an enterprise. The method computes, for a plurality of enterprise users, a plurality of user health scores based on respective protection statuses for a plurality of enterprise assets owned by respective users; computes, for the enterprise, an overall enterprise security status score based on the plurality of user health scores; graphically displays to an enterprise administrator the overall enterprise security status score; and presents to the enterprise administrator a plurality of action recommendations to improve the overall enterprise security status score.

Abstract: Example methods, apparatus, systems and articles of manufacture (e.g., physical storage media) to implement contextual key management for data encryption are disclosed. Example apparatus disclosed are to determine whether a key mapping is associated with a combination of two or more context rules defined for a set of context values associated with input data to be encrypted. Disclosed example apparatus are also to, in response to a determination that no key mapping is associated with the combination of two or more context rules, map a key identifier to the combination of two or more context rules and generate a key corresponding to the key identifier. Disclosed example apparatus are further to encrypt the input data based on the key to obtain encrypted data.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to allow for the mitigation of ransomware. For example, the system can determine that an application begins to execute, determine that the application attempts to modify a file, determine a file type for the file, and create a security event if the application is not authorized to modify the file type. In another example, the system determines an entropy value between the file and the attempted modification of the file, and create a security event if the entropy value satisfies a threshold or determine a system entropy value that includes a rate at which other files on the system are being modified by the application, and create a security event if the system entropy value satisfies a threshold.

Abstract: Disclosed examples include receiving an indication that a file is designated as a favorite file from a user device; retrieving the file from a remote location; storing the file as a first favorite file on a favorites storage device; re-retrieving the file from the remote location; and updating the first favorite file with the re-retrieved file.

Abstract: Mechanisms (which can include systems, methods, and media) for securing WiFi routers and devices connected to them are provided. In some embodiments, mechanisms for securing a WiFi router comprise: receiving a first request to form a first connection between a first device and the WiFi router; determining whether a first portal can be presented in connection with the first device; and in response to determining that the first portal cannot be presented in connection with the first device: creating a first temporary virtual access point using the WiFi router; and connecting the first device to the WiFi router using the first temporary virtual access point.

Abstract: A system, method, and computer program product are provided for managing a connection between a device and a network. In use, a first device coupled between a second device and a network is identified. Further, the first device is controlled based on predefined criteria utilizing the second device, for managing a connection between the second device and the network.

Abstract: There is disclosed in an example, a gateway apparatus, including a hardware platform having a processor and a memory; a wireless network interface; and instructions encoded within the memory to instruct the processor to: provide a first virtual access point (VAP) secured by an IEEE 802.1x extensible authentication protocol (EAP) enterprise security method; provide a second VAP secured by a WiFi protected access pre-shared key (WPA-PSK) method; onboard a device, comprising determining whether the device supports the EAP method, and enrolling the device with the EAP method if the device supports the EAP method; and if the device does not support the EAP method, enrolling the device with the WPA-PSK method.

Abstract: Mechanisms for authorizing requests to access a resource are provided, the methods comprising: receiving a request to access the resource at a hardware processor from an Internet Protocol (IP) address; determining whether a rule applies to the request to access the resource; in response to determining that a rule does not apply to the request to access the resource, sending a request for authorization; receiving a response to the request for authorization; and in response to the response to the request for authorization indicating that access is authorized, providing a connection to the resource.