Abstract: The disclosed computer-implemented method for dynamically adjusting a backup policy may include dynamically adjusting a backup policy may include accessing a media file, evaluating an objective criterion of a difficulty to reproduce the media file to generate a difficulty rating, comparing the difficulty rating of the media file to an existing difficulty rating for at least one previous media file, and adjusting a backup policy for the media file based on the comparison of the difficulty rating. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Disclosed computer-implemented methods for identifying malicious domain names from a passive domain name system server log (DNS log) may include, in some examples, (1) creating a pool of domain names from the DNS log, (2) identifying respective features of each name in the pool, (3) preparing a list of known benign names and respective features of each known benign name, (4) preparing a list of known malicious names and features of each known malicious name, (5) computing a classification model based on (A) the features of each benign name on the list of benign names and (B) the features of each malicious name on the list of malicious names, (6) identifying respective features of an unclassified domain name, and (7) classifying, using the classification model, the unclassified domain name as malicious, based on the respective features of the unclassified domain name. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for protecting users may include (i) intercepting an attempt to login to a user account of an application using a login credential, (ii) preventing a user corresponding to the user account from revealing personally identifiable information by populating a field for the login credential with a value for an identity-masking persona as a substitute for the personally identifiable information, and (iii) enabling a completion of the attempt to login to the user account of the application using the value for the identity-masking persona, rather than the personally identifiable information, to provide the user with access to an online resource through the application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Thwarting potentially malicious online activity. In one embodiment, a method may include logging legitimate online user activities performed at a browser. The method may also include receiving a suspicious online activity that was performed at a website. The method may further include comparing the suspicious online activity to the logged legitimate online user activities to determine whether the suspicious online activity matches any of the logged legitimate online user activities. The method may also include, in response to determining that the suspicious online activity does not match any of the logged legitimate online user activities, determining that the suspicious online activity is a potentially malicious online activity, and thwarting the potentially malicious online activity by performing a remedial action at the website to protect the website from the potentially malicious online activity.

Abstract: Uniform Resource Locator (URL) transformation and redirection with access control. A method may include registering for an account with a secure redirection application; requesting, from the secure redirection application, a unique site identifier for an online entity; receiving, from the secure redirection application, the unique site identifier; submitting user data and the received unique site identifier to the online entity; receiving, from the online entity, a unique URL generated by the secure redirection application, in response to submitting the user data and the received unique site identifier to the online entity; and actuating the unique URL to be directed to the online entity.

Abstract: The disclosed computer-implemented method for managing location-based access control lists may include (i) identifying a collection of devices that are located within a physical space, (ii) determining, based on user activity data received from the collection of devices, that an authorized user is attempting to modify, on a location-based access control list for a wireless network, the access rights of a target computing device near a location indicated by the authorized user in the physical space, (iii) detecting, based on the user activity data, the target computing device near the location indicated by the authorized user, and (iv) in response to detecting the target computing device indicated by the authorized user, modifying, on the location-based access control list, the access rights of the target computing device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems of the present disclosure can detect user activities on endpoint devices based on the interference patterns those actions produce in wireless transmissions between those endpoint devices and another device (e.g., an edge device operating as a web security gateway). A web security gateway sends time-series data describing interference on wireless transmissions sent from, or received by, an agentless endpoint device to a network security service. In response, the network security service uses a machine-learning model to infer a type of an action that occurred on the agentless endpoint device concurrently with the wireless transmissions. The network security service sends an indication of the action type to the web security gateway. The web security gateway applies a network security policy to the action or a network communication associated therewith.

Abstract: The present disclosure includes a method for maintaining a dynamic geofence. The method receives a set of digital IDs and data pairs from a monitored user credential. Each digital ID was received by the monitored user credential as part of a wireless transmission from a node device, and each digital ID includes one or more attributes. The method retrieves a user policy that includes a required attribute and a threshold distance. The method determines whether at least one of the digital IDs includes an attribute matching the required attribute, and verifies any digital id containing the attribute matching the required attribute. The method determines the distance between the monitored user credential and the node device using the data paired with the digital ID, and determines whether the distance between the monitored user credential and the node device is less than the threshold distance.

Abstract: The disclosed computer-implemented method for utilizing custom tagging to protect against phishing attacks from malicious applications may include (1) associating a tag with a source application such that the tag is displayed in a user interface generated by the source application (2) launching a target application sharing at least one common feature with the source application, (3) determining, upon launching the target application, whether a user interface generated by the target application is an attack by a malicious application potentially causing harm to the computing device based on a presence or absence of the tag in the user interface, and (4) performing a security action with respect to the target application to protect the computing device from the attack when the tag is determined be absent from the user interface generated by the target application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Thwarting data leakage from a webpage. In some embodiments, a method may include detecting, at a browser on the network device, a visit to the webpage, directing a headless browser on the network device to visit the webpage in parallel to the browser visiting the webpage, detecting, at the headless browser, data leakage from the webpage, presenting, at the browser, a notification regarding the data leakage that allows a user to indicate whether the data leakage should be allowed, receiving, at the browser, an indication that the data leakage should not be allowed, and in response to receiving the indication that the data leakage should not be allowed, thwarting the data leakage by performing a remedial action at the network device to protect the network device from the data leakage.

Abstract: As described, embodiments presented herein provide techniques for detecting malware on computing devices connected to a local network segment by observing the traffic flows of such devices and generating signatures characterizing such traffic flows. Doing so allows instances of malware to be detected on a variety of devices which can be connected to a computing network, but which lack the capability of directly detecting and preventing malware applications from infecting such devices.

Abstract: A computer-implemented method for tracking the flow of user information over a network may include (i) recording user information transmitted from a user's computing device, (ii) identifying at least one third-party communication that utilizes at least a portion of the user information, (iii) deriving communication metadata from the third-party communication, (iv) generating, based on the communication metadata and the recorded user information, an information flow report that describes (A) the user information that was transmitted over the network connection, (B) at least one third-party communication that utilized elements of the user information, and (C) at least one element of user information utilized by the third-party communication, and (v) providing the information flow report to the user via a graphical user interface (GUI). Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for enforcing secure shared access on computing devices by content state pinning may include (1) receiving, from a user, a selection of a content view to be shared with an additional user from content displayed on a computing device by an application, (2) associating, by the computing device, a change event with the content view, (3) detecting, by the computing device, the change event in response to an action by the additional user to change the content view, and (4) performing, by the computing device, a security action to protect the computing device from potentially malicious activity associated with the action by the additional user to change the content view. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for protecting a cloud storage against suspected malware may include (1) receiving a backup of one or more encrypted files over a network, (2) determining that the one or more encrypted files match one or more criteria associated with suspected malware, and (3) performing a security action that protects a computing device against the suspected malware. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for anonymizing user accounts may include (i) receiving an instruction to anonymize a user account to protect a user's personally identifiable information, (ii) accessing, by a security program, a settings portal for the user account in response to receiving the instruction to anonymize the user account, (iii) replacing, by the security program, original values within at least two fields within the settings portal for the user account with anonymized values to mask the user's personally identifiable information, and (iv) storing the anonymized values within a protected vault to enable the user to login to the user account. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for implementing security of Internet of Things (IoT) home voice assistants is described. In one embodiment, a computer-implemented method for implementing a security policy with a voice assistant includes obtaining, by one or more computing devices, encrypted traffic from a voice assistant; identifying, by the one or more computing devices, a user voice command in the encrypted traffic based at least in part on one or more identifiable attributes of the encrypted traffic; determining, by the one or more computing devices, the user voice command triggers at least one security policy; and upon determining the user voice command triggers the at least one security policy, performing, by the one or more computing devices, a security action that implements the at least one security policy. In some cases, the method may include obtaining an audio recording of the user voice command with a microphone built into the router.

Abstract: The disclosed computer-implemented method for improving network efficiency may include (i) receiving, from a client device, and at a publicly available on-demand cloud computing platform, a network packet that indicates an origination network address of an intermediary local network gateway that forwarded the network packet rather than an actual network address of the client device, and (ii) inserting, into the network packet, and at the publicly available on-demand cloud computing platform, network address translation information indicating a path to the actual network address of the client device to enable a virtual node within the publicly available on-demand cloud computing platform to identify the client device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer system stores incident records in a database. When a user wants to resolve a particular current incident, the computer system will access the current incident record from an incident queue. The computer system also identifies historical incident records that share one or more attributes with the current incident record. The computer system creates a plurality of clusters from the current incident record and the selected historical incident records. The clusters are then arranged into a hierarchical tree. This hierarchical tree is presented in a graphical user interface. A user can select a node to access additional information for that node. The computer system generates a first suggested response to a particular current incident based on the incident records included in the selected node. The computer system presents the first suggested response to the particular current incident in a graphical user interface.

Abstract: Software activation using a picture-based activation key. In some embodiments, a method may include presenting, on a display of the network device, a request for a user to enter a picture-based activation key in order to activate a software application on the network device. The method may also include receiving, at the network device, the picture-based activation key that includes pictures. The method may also include confirming, at the network device, that the received picture-based activation key is a valid picture-based activation key for the software application. The method may further include, in response to confirming that the received picture-based activation key is a valid picture-based activation key for the software application, activating the software application on the network device.

Abstract: The disclosed computer-implemented method for detecting malicious programmatic clicks directed to view elements displayed on touchscreens may include (1) receiving an indication of a click event directed to a view element of a user interface displayed on a touchscreen of a computing device, (2) determining that the click event was not immediately preceded by a touch event directed to the view element displayed on the touchscreen, (3) classifying, in response to determining that the click event was not immediately preceded by the touch event directed to the view element, the click event as potentially malicious, and (4) performing, in response to classifying the click event as potentially malicious, a security action that prevents performance of an operation requested by the click event. Various other methods, systems, and computer-readable media are also disclosed.