Abstract: A method for enabling data classification and or enforcement of Information Rights Management (IRM) capabilities and or encryption in a software application according to which, an agent is installed on each terminal device that runs the application and a central management module which includes the IRM, encryption and classification policy to be enforced, communicates with agents that are installed on each terminal device. The central management module distributes the appropriate IRM and or classification policy to each agent and applies the policy to any application that runs on the terminal device.

Abstract: Abstract system and method for enabling data modification, classification and enforcement of IRM capabilities in standard isolated software applications is disclosed, according to which an add-on code is installed on the terminal device of user that runs the standard application. The add-on code is adapted to interact with the virtual keyboard used by the standard application, to form a custom virtual keyboard to which the features of classifying data items(s) and/or of modifying the content of the data item are added, without changing the natural environment, the user is normally used to. Then a custom virtual keyboard that includes a designed UP interfacing objects is created, for adding inputs that are associated with classification and modification in the data item in the form of a hidden tag tot the content of the data item.

Abstract: System and method for enabling data modification, classification and enforcement of IRM capabilities in standard isolated software applications is disclosed, according to which an add-on code is installed on the terminal device of a user that runs the standard application. The add-on code is adapted to interact with the virtual keyboard used by the standard application, to form a custom virtual keyboard to which the features of classifying data item(s) and/or of modifying the content of the data item are added, without changing the natural environment, the user is normally used to. Then a custom virtual keyboard that includes a designed UI interfacing objects is created, for adding inputs that are associated with classification and modification in the data item in the form of a hidden tag to the content of the data item.

Abstract: A method of protecting data items in an organizational computer network, including, defining multiple information profiles for classifying the data item, defining rules for protecting the data item belonging to a specific information profile, classifying the data item according to the defined information profiles, applying a protection method to the data item responsive to the classification and the defined rules, automatically updating the classification of the data item responsive to a change in the content or location of the data item; and automatically transforming the applied protection method, throughout the lifecycle of the data item, responsive to a change in classification or location of the data item, according to the defined rules.

Abstract: A method and system for modifying network addresses of at least one cloud application. The method comprises receiving a webpage sent to a client device from the at least one cloud application, wherein a webpage designates at least one script loaded to the client device during runtime; injecting a piece of code to the webpage; receiving, by the injected piece of code, an attempt to load each of the at least one script; modifying the at least one script by suffixing each network address designated in the at least one script with a predefined network address; and sending the modified at least one script to the client device, wherein runtime execution of the modified at least one script on the client device causes redirection of future requests from the client device to the cloud application to the suffixed network address.

Abstract: A method and system for protecting cloud-based applications executed in a cloud computing platform are presented. The method includes intercepting traffic flows from a plurality of client devices to the cloud computing platform, wherein each of the plurality of client devices is associated with a user attempting to access a cloud-based application; extracting at least one parameter from the intercepted traffic related to at least each client device and a respective user attempting to access the cloud-based application; determining based on, the at least one parameter and at least a set of parameters combining cloud-based application risk factors for a provider of the cloud computing platform, a risk indicator for the user attempting to access the cloud-based application; and performing an action to mitigate a potential risk to the cloud computing platform based on the determined risk indicator.

Abstract: Techniques for reconstructing application-layer traffic flowing between client devices and a cloud computing platform are provided. In an embodiment, the method allows for non-intrusive reconstructing application-layer traffic including requests and responses even in cases including packet drops, re-transmitted packets, and jittered packets. The method includes saving received packets into a zero-copy queue and analyzing the packets saved in the zero-copy memory to identify their respective sessions. Then, each identified session is reconstructed into a session window having a configurable size. In an embodiment, each reconstructed session includes application-layer requests and responses; The method further includes for, each identified session, matching each application-layer request to a corresponding application-layer response based on a matching identifier and time-interval threshold.

Abstract: System and method for computerized identification and presentation of semantic themes occurring in a set of electronic documents, comprising performing topic modeling on the set of documents thereby to yield a set of topics and for each topic, a topic-modeling output list of words; and using a processor performing a matching algorithm to match only a subset of each topic-modeling output list of words, to the output list's corresponding topic, such that each word appears in no more than a predetermined number of subsets from among said subsets.

Abstract: An electronic document analysis method receiving N electronic documents pertaining to a case encompassing a set of issues including at least one issue and establishing relevance of at least the N documents to at least one individual issue in the set of issues, the method comprising, for at least one individual issue from among the set of issues, receiving an output of a categorization process applied to each document in training and control subsets of the at least N documents, the output including, for each document in the subsets, one of a relevant-to-the-individual issue indication and a non-relevant-to-the-individual issue indication; building a text classifier simulating the categorization process using the output for all documents in the training subset of documents; and running the text classifier on the at least N documents thereby to obtain a ranking of the extent of relevance of each of the at least N documents to the individual issue.

Abstract: A method for computerized batching of huge populations of electronic documents, including computerized assignment of electronic documents into at least one sequence of electronic document batches such that each document is assigned to a batch in the sequence of batches and such that there is no conflict between batching requirements, the following batching requirements being maintained by a suitably programmed processor: a. pre-defined subsets of documents are always kept together in the same batch, b. batches are equal in size, c. the population is partitioned into clusters, and all documents in any given batch belong to a single cluster rather than to two or more clusters.

Abstract: A method, system and computer program for recoupling Kerberos Authentication and Authorization requests, the method including the steps of: (a) extracting authorization information, including a copy of a Ticket Granting Ticket (TGT), from an authorization request; (b) retrieving authentication information including the TGT, the authentication information having been previously extracted from an authentication transaction and stored; (c) cross-referencing the extracted authorization information with the retrieved authentication information, such that a discrepancy between the cross-referenced information invokes a security event alert.

Abstract: An electronic document analysis method receiving N electronic documents pertaining to a case encompassing a set of issues including at least one issue and establishing relevance of at least the N documents to at least one individual issue in the set of issues, the method comprising, for at least one individual issue from among the set of issues, receiving an output of a categorization process applied to each document in training and control subsets of the at least N documents, the output including, for each document in the subsets, one of a relevant-to-the-individual issue indication and a non-relevant-to-the-individual issue indication; building a text classifier simulating the categorization process using the output for all documents in the training subset of documents; and running the text classifier on the at least N documents thereby to obtain a ranking of the extent of relevance of each of the at least N documents to the individual issue.