Abstract: A Time-based One-Time Password (TOTP) validator is interposed between a principal and a network service. The validator interacts with a mobile application (app) on the mobile device associated with the principal to dynamically supply a validator secret. The secret and, perhaps, other information are processed by the app to generate a TOTP when the principal attempts to access a protected resource of the network service. The validator independently generates the TOTP and compares the app generated TOTP, and on a successful match, a principal's access device is redirected for access to the protected resource.

Abstract: A technique includes receiving, by a processor, a security alert that is generated in response to one or more events occurring in a computer system. The technique includes applying, by the processor, machine learning to the security alert to predict a probability that the security alert will be escalated to an incident; and displaying an output on a display to guide processing of the security alert based on the predicted probability.

Abstract: An apparatus may include a processor that may be caused to access a script in a first format, the script comprising a rule element having a condition element that specifies conditional logic and an action element that specifies an action to be taken based on the conditional logic, build a condition object for the condition element, generate, based on the condition object, a condition sentence portion that represents the conditional logic in a natural language format, build an action object for the action element, generate, based on the action object, an action sentence portion that represents the action to be taken in the natural language format, and generate, in the natural language format, a natural language sentence for the rule element based on the condition sentence portion and the action sentence portion.

Abstract: A method includes, by a computer associated with a security reporter, updating a component vulnerability entry blockchain to represent a state of a component vulnerability entry of a software component vulnerability database. The method includes, by the computer, providing the updated component vulnerability entry blockchain to a management authority so that the management authority updates a master blockchain for the software component vulnerability database. The updated master blockchain includes a plurality of component vulnerability entry blockchains, which represent corresponding states of component vulnerability entries of the software component vulnerability database, including the updated component vulnerability entry.

Abstract: A technique includes creating, by a computer, a sandboxed user account on the computer, where creating the sandboxed user account includes generating credentials for the sandboxed user account. The technique includes creating, by the computer, an operating system session and executing a single sign on (SSO) tool in the operating system session in association with the sandboxed user account. In response to a request that is associated with another user account to start up an application, authorizing, by the computer, use of the application by the other user account based on credentials that are associated with the other user account and starting up the application by the computer. Starting up the application includes using the SSO tool to inject SSO credentials for the other user account based on policy authorization into the application such that the application is executed in association with the sandboxed user account.

Abstract: In some examples, in response to detecting addition or update of a program component of a program, a system creates a blockchain entry for addition to a blockchain register, generates a hash based on the program component, and adds in the blockchain entry a signed hash produced by encrypting the generated hash. The system publishes the blockchain entry for the blockchain, the signed hash in a blockchain entry useable to detect tampering with the program component.

Abstract: A technique includes determining, by a computer, entries of a software vulnerability database that is associated with a plurality of components associated with a release of a software product. The technique includes determining, by the computer, a block of a blockchain representing a vulnerability state of the plurality of components; and associating, by the computer, the block of the blockchain with the product release.

Abstract: An apparatus may include a processor that may be caused to access a script in a first format, the script comprising a rule element having a condition element that specifies conditional logic and an action element that specifies an action to be taken based on the conditional logic, build a condition object for the condition element, generate, based on the condition object, a condition sentence portion that represents the conditional logic in a natural language format, build an action object for the action element, generate, based on the action object, an action sentence portion that represents the action to be taken in the natural language format, and generate, in the natural language format, a natural language sentence for the rule element based on the condition sentence portion and the action sentence portion.

Abstract: In one implementation, a non-transitory machine-readable storage medium may store instructions that upon execution cause a processor to: receive a request for a webpage from a client device; in response to the received request, provide the webpage to a browser of the client device, the provided webpage including at least one event listener to detect a user change in the browser; receive a lock request from the at least one event listener on the client device; and in response to the received lock request, lock a session of the webpage on the client device.

Abstract: A Time-based One-Time Password (TOTP) validator is interposed between a principal and a network service. The validator interacts with a mobile application (app) on the mobile device associated with the principal to dynamically supply a validator secret. The secret and, perhaps, other information are processed by the app to generate a TOTP when the principal attempts to access a protected resource of the network service. The validator independently generates the TOTP and compares the app generated TOTP, and on a successful match, a principal's access device is redirected for access to the protected resource.

Abstract: Response to incorrect passwords being entered for usernames in attempts to access a computing system, each incorrect password is one-way hashed. The hashed incorrect passwords are stored within a database. High-frequency hashed incorrect passwords are determined from the stored hashed incorrect passwords. Each high-frequency hashed incorrect password corresponds to an incorrect password that was entered more than a threshold number of the attempts, regardless of the username for which the incorrect password was entered in any attempt. That the computing system is being subjected to a cyber attack is detected based on the determined high-frequency hashed incorrect passwords.

Abstract: In some examples, a computer receives event data relating to events of a system, and builds a graph comprising nodes representing respective values of attributes of the events, and edges between the nodes, each respective edge of the edges representing co-occurrence of values of attributes represented by nodes connected by the respective edge. The computer computes edge weights of corresponding edges of the edges, and identifies paths in the graph, where each path of the paths comprises two or more nodes and a corresponding edge or edges. The computer determines an affinity among the values of the attributes based on a shortest path determining process that uses the edge weights for distances of the identified paths, and resolves an anomaly in the system based on the determined affinity.

Abstract: A pool of files are analyzed for relationships between the files. At least some of the files in the pool are encrypted files. The relationships are represented by distances between the files plotted on a graph in two or more dimensions. A point on the graph representing a particular file. The graph includes an interactive interface, such that points or clusters of points can be selected for re-analyzing and re-plotting on a refreshed graph for just those selected points or clusters.

Abstract: A secure server detects a login from a user originating from a first device. A second user-registered device is sent a message. The second device: translates the message into light-based communication that is captured by a camera of the first device, translates the message back into the original message, and sends the translated message to the secure server. The secure server authenticates the message and sends an indication to the first device that the second device is permitted to access the first device. In an embodiment, information passed between the first and second devices continue using light-based communications.

Abstract: A late-binding token (LBT) is securely generated and provided to a device application. When the LBT is presented and validated, a resource associated with the presentation is bound to the LBT and authenticated for access to a service and provided valid credentials for accessing that service.

Abstract: A technique includes receiving, by a processor, a security alert that is generated in response to one or more events occurring in a computer system. The technique includes applying, by the processor, machine learning to the security alert to predict a probability that the security alert will be escalated to an incident; and displaying an output on a display to guide processing of the security alert based on the predicted probability.

Abstract: Techniques for secure data extraction in a virtual or cloud environment are presented. Desired data from a Virtual Machine (VM) or an entire VM is extracted and encrypted with a key. This key is sealed to a machine or a group of machines. The encrypted data is then migrated and successfully used on startup for instances of the VM by having the ability to access the sealed key (and unsealing it) to decrypt the encrypted data.

Abstract: An app of a mobile device registers the mobile device for a remote credential server (RCS) and receives a device token. When a credential for a remote asset is supplied on the mobile device it is routed to the RCS and stored external to the mobile device but referenced on the mobile device via an asset token. When the credential is needed, the device token and the asset token permit the RCS to authenticate and return the credential to or on behalf of the mobile device so that the mobile device can authenticate to and access the remote asset.

Abstract: Multi-touch groupings of characters are detected for device authentication and access. In an embodiment, one or more non-character based factors are used in combination with an inputted authentication code (character based) for device authentication and access.

Abstract: Techniques for device independent session migration are presented. A secure mechanism is presented for a target device to receive a current authenticated communication session from an original device with minimal user interaction while automated security is enforced during session migration. In an embodiment, the target device is a mobile device and the original device is a desktop; the target device captures a data glyph that is visually presented on a display of the original device and the data glyph is then seamlessly communicated to a server manager for authentication and session migration.