Abstract: According to an embodiment of the disclosure, a toll-free telecommunications validation system determines a confidence value that an incoming phone call to an enterprises' toll-free number is originating from the station it purports to be by incorporating one or more layers of signals and data in determining said confidence value. The data and signals can include one or more call identifiers and/or toll-free call routing logs, service control point (SCP) signals and data, service data point (SDP) signals and data, dialed number information service (DNIS) signals and data, session initiation protocol (SIP) signals and data, carrier identification code (CIC) signals and data, location routing number (LRN) signals and data, jurisdiction information parameter (JIP) signals and data, charge number (CN) signals and data, billing number (BN) signals and data, and originating carrier information (such as information derived from the ANI).

Abstract: Disclosed are methods, systems and non-transitory computer readable memory for container image or host deduplication in vulnerability management systems. For instance, a method may include: obtaining source data from at least one source, wherein the source data includes a plurality of assets and/or findings; extracting data bits for each asset or finding from the source data; determining a first asset or finding concerns a first container image or first host based on the data bits for the first asset or finding; in response to determining the first asset or finding concerns the first container image or first host, obtaining a container image dataset or a search structure; determining whether the data bits match any of the plurality of sets of values of the container image dataset or the search structure; and, based on a match result, generating or updating records for the first container image or the first host.

Abstract: Embodiments described herein provide for automatically authenticating telephone calls to an enterprise call center. The system disclosed herein builds on the trust of a data channel for the telephony channel. Certain types of authentication information can be received through the telephony channel, as well. But the mobile application associated with the call center system may provide additional or alternative forms of data through the data channel. The system may send requests to a mobile application of a device to provide information that can reliably be assumed to be coming from that particular device, such as a state of the device and/or a user's response to push notifications. In some cases, the authentication processes may be based on quantity and quality of matches between certain metadata or attributes expected to be received from a given device as compared to the metadata or attributes received.

Abstract: Disclosed are methods, systems and non-transitory computer readable memory for container image or host deduplication in vulnerability management systems. For instance, a method may include: obtaining source data from at least one source, wherein the source data includes a plurality of assets and/or findings; extracting data bits for each asset or finding from the source data; determining a first asset or finding concerns a first container image or first host based on the data bits for the first asset or finding; in response to determining the first asset or finding concerns the first container image or first host, obtaining a container image dataset or a search structure; determining whether the data bits match any of the plurality of sets of values of the container image dataset or the search structure; and, based on a match result, generating or updating records for the first container image or the first host.

Abstract: A method includes identifying a first group of objects generated by security tools during a first time interval and containing cotemporal, analogous characteristics identifying a first endpoint device connected to a computer network; based on the first group of objects, confirming detection of the first endpoint device by a first security tool and a second security tool during the first time interval; identifying a second group of objects generated by security tools during a second time interval and containing cotemporal, analogous characteristics identifying the first endpoint device; based on the second group of objects, confirming detection of the first endpoint device by the second security tool during the second time interval; and responsive to absence of detection of the first endpoint device by the first security tool during the second time interval, generating a source remove event specifying removal of the first security tool from the first endpoint device.

Abstract: A threat monitoring and vulnerability management system is disclosed. The system includes one or more sensors configured to scan a frequency spectrum of a project 25 (P25) network and to collect data on the P25 network.

Abstract: A decentralized security system and associated methods are implemented by a distributed set of security controllers that independently detect threats and implement attack protections for endpoints based on cumulative threat states that are synchronized across the distributed set of security controllers in a decentralized manner. A particular security controller receives different states associated with different hashed identifiers from the other security controllers, and also receives a request from a client that is directed to a particular endpoint. The particular security controller generates a hashed value from hashing an identifier from the request that identifies the particular endpoint, updates a first state based on the first hashed value matching a hashed identifier that is associated with the first state, and implements a protective action in response to an updated value generated from updating the first state violating a security rule.

Abstract: Embodiments described herein provide for a machine-learning architecture for modeling quality measures for enrollment signals. Modeling these enrollment signals enables the machine-learning architecture to identify deviations from expected or ideal enrollment signal in future test phase calls. These differences can be used to generate quality measures for the various audio descriptors or characteristics of audio signals. The quality measures can then be fused at the score-level with the speaker recognition's embedding comparisons for verifying the speaker. Fusing the quality measures with the similarity scoring essentially calibrates the speaker recognition's outputs based on the realities of what is actually expected for the enrolled caller and what was actually observed for the current inbound caller.

Abstract: Embodiments described herein provide for performing a risk assessment. A computer identifies and stores heterogeneous events between a user and a provider system in which the user interacts with an account. The computer may store the heterogeneous events in a table. The stored event information normalizes the events associated with an account. The computer may determine static risk contributions associated with the event information of the account and store the static risk contributions in the table. The computer groups the static risk contributions into predetermined groups. The static risk contributions in each group are converted into dynamic risk contributions. The dynamic risk contributions of each group are aggregated, and the aggregate value of the dynamic risk contributions are fed to a machine learning model. The machine learning model determines a risk score associated with the account.

Abstract: Utterances of at least two speakers in a speech signal may be distinguished and the associated speaker identified by use of diarization together with automatic speech recognition of identifying words and phrases commonly in the speech signal. The diarization process clusters turns of the conversation while recognized special form phrases and entity names identify the speakers. A trained probabilistic model deduces which entity name(s) correspond to the clusters.

Abstract: A method, a system, and an article are provided for identification of security-related activities based on usage of a plurality of independent cloud-based, hosted application platforms. An example method includes: receiving, from the application platforms, activity data and state data for a plurality of users of the application platforms; generating one or more predictive models configured to detect deviations from normal user behavior across the application platforms; providing, as input to the one or more predictive models, the activity data and the state data for at least one of the users; receiving, from the one or more predictive models, an indication that an activity of the at least one of the users deviates from the normal user behavior; and facilitating a remedial action to address the indicated deviation.

Abstract: A System and Method is provided that enable identifying cyber security attacks using observation and monitoring of end point activity. By following and monitoring the wireless connection related activities of endpoint devices as they cycle through various steps leading to establishing a connection to the secure network, a knowledge base is established in the cloud by analysis of the actions, and communication to build the confidence that the users of the network are where they should be. In one embodiment, no access is provided until a user presents valid credentials. Based on these credentials the network then builds a specific path based on access controls, tunnels or other techniques to control the user's communication and access to specific targets within the network.

Abstract: Embodiments described herein provide for a voice biometrics system execute machine-learning architectures capable of passive, active, continuous, or static operations, or a combination thereof. Systems passively and/or continuously, in some cases in addition to actively and/or statically, enrolling speakers. The system may dynamically generate and update profiles corresponding to end-users who contact a call center. The system may determine a level of enrollment for the enrollee profiles that limits the types of functions that the user may access. The system may update the profiles as new contact events are received or based on certain temporal triggering conditions.

Abstract: Aspects of the invention determining a threat score of a call traversing a telecommunications network by leveraging the signaling used to originate, propagate and terminate the call. Outer-edge data utilized to originate the call may be analyzed against historical, or third party real-time data to determine the propensity of calls originating from those facilities to be categorized as a threat. Storing the outer edge data before the call is sent over the communications network permits such data to be preserved and not subjected to manipulations during traversal of the communications network. This allows identification of threat attempts based on the outer edge data from origination facilities, thereby allowing isolation of a compromised network facility that may or may not be known to be compromised by its respective network owner.

Abstract: The embodiments execute machine-learning architectures for biometric-based identity recognition (e.g., speaker recognition, facial recognition) and deepfake detection (e.g., speaker deepfake detection, facial deepfake detection). The machine-learning architecture includes layers defining multiple scoring components, including sub-architectures for speaker deepfake detection, speaker recognition, facial deepfake detection, facial recognition, and lip-sync estimation engine. The machine-learning architecture extracts and analyzes various types of low-level features from both audio data and visual data, combines the various scores, and uses the scores to determine the likelihood that the audiovisual data contains deepfake content and the likelihood that a claimed identity of a person in the video matches to the identity of an expected or enrolled person.

Abstract: A security server device, method, non-transitory computer readable medium and security system that receives request data for a request from a client to a web server system where the request comprises a session identifier (ID) for a session between an authenticated user and the web server system. A determination is made whether the client is a single-user device based on the request data and multi-domain data. Another determinations is made on whether the client is compromised based on the request data. In response to the determinations that the client is a single-user device and is not compromised an extension of the session between the authenticated user on the client and the web server system is caused.

Abstract: Techniques for determining behavior of individual users or multiple users of an email system with regard to Internet services are disclosed. Such techniques may include a discrete analysis that includes determining whether an email relates to use, by a user of the email system, of an Internet service established with an email address of the user. Indications of Internet service activity of users of the email system can be written to a data store. By employing these techniques across all emails of an entity, insight may be gained into the aggregate nature of Internet services being used. A policy engine may take a corrective action for the email based on the discrete analysis. An aggregate analysis may be used to update the data store, wherein the aggregate analysis includes identification of an aggregate set of Internet services for a group of users.

Abstract: Disclosed are systems and methods including software processes executed by a server that detect audio-based synthetic speech (“deepfakes”) in a call conversation. Embodiments include systems and methods for detecting fraudulent presentation attacks using multiple functional engines that implement various fraud-detection techniques, to produce calibrated scores and/or fused scores. A computer may, for example, evaluate the audio quality of speech signals within audio signals, where speech signals contain the speech portions having speaker utterances.

Abstract: Disclosed are systems and methods including software processes executed by a server that detect audio-based synthetic speech (“deepfakes”) in a call conversation. Embodiments include systems and methods for detecting fraudulent presentation attacks using multiple functional engines that implement various fraud-detection techniques, to produce calibrated scores and/or fused scores. A computer may, for example, evaluate the audio quality of speech signals within audio signals, where speech signals contain the speech portions having speaker utterances.

Abstract: Disclosed are systems and methods including software processes executed by a server that detect audio-based synthetic speech (“deepfakes”) in a call conversation. The server applies an NLP engine to transcribe call audio and analyze the text for anomalous patterns to detect synthetic speech. Additionally or alternatively, the server executes a voice “liveness” detection system for detecting machine speech, such as synthetic speech or replayed speech. The system performs phrase repetition detection, background change detection, and passive voice liveness detection in call audio signals to detect liveness of a speech utterance. An automated model update module allows the liveness detection model to adapt to new types of presentation attacks, based on the human provided feedback.