Abstract: A method includes: accessing objects, generated by a set of sources, representing attributes of assets, affiliated with a computer network, including a set of endpoint devices and a first application; partitioning the objects into object groups including a first object group representing the first application; aggregating objects in the first object group into a first user container representing the first application during the first time interval; and, in response to selection of the first application at an operator portal: generating a visualization representing a subset of endpoint devices, in the set of endpoint devices, on which the first application is installed during the first time interval based on a set of attributes, exhibited by the first application during the first time interval, contained in the first application container; and rendering the visualization at the operator interface.

Abstract: Disclosed is a system for customizing protections provided to different application programming interfaces (“APIs”) and different functions of an API based on different API context and user context associated with the different APIs and the different functions of each API. The system receives a particular API, determines API context for proper usage of one or more functions of the particular API, and determines user context associated with endpoints properly accessing the one or more functions. The system generates a model for differentiating between proper and improper use of the one or more functions based on contextual relationships between different combinations of the API context and the user context. The system monitors usage of the one or more functions based on the model, and performs an action that is associated with the model in response to the usage violating the contextual relationships for the one or more functions.

Abstract: Embodiments described herein provide for performing a risk assessment using graph-derived features of a user interaction. A computer receives interaction information and infers information from the interaction based on information provided to the computer by a communication channel used in transmitting the interaction information. The computer may determine a claimed identity of the user associated with the user interaction. The computer may extract features from the inferred identity and claimed identity. The computer generates a graph representing the structural relationship between the communication channels and claimed identities associated with the inferred identity and claimed identity. The computer may extract additional features from the inferred identity and claimed identity using the graph. The computer may apply the features to a machine learning model to generate a risk score indicating the probability of a fraudulent interaction associated with the user interaction.

Abstract: A network-accessible service provides an enterprise with a view of identity and data activity in the enterprise's cloud accounts. The service enables distinct cloud provider management models to be normalized with centralized analytics and views across large numbers of cloud accounts. Using a domain-specific query language, the system enables rapid interrogation of a complete and centralized data model of all data and identity relationships. The data model also supports a cloud “least privilege and access” framework. Least privilege is a set of minimum permissions that are associated to a given identity; least access is a minimal set of persons that need to have access to given piece data. The framework maps an identity to one or more actions collected in cloud audit logs, and dynamically-build a compete view of an identity's effective permissions. The resulting least privilege and access policies are then applied natively to a given cloud environment to manage access.

Abstract: Embodiments described herein provide for automatically detecting whether an audio signal is a spoofed audio signal or a genuine audio signal. A spoof detection system can include an audio signal transforming front end and a classification back end. Both the front end and the back end can include neural networks that can be trained using the same set of labeled audio signals. The audio signal transforming front end can include a one or more neural networks for per-channel energy normalization transformation of the audio signal, and the back end can include a convolution neural network for classification into spoofed or genuine audio signal. In some embodiments, the transforming audio signal front end can include one or more neural networks for bandpass filtering of the audio signals, and the back end can include a residual neural network for audio signal classification into spoofed or genuine audio signal.

Abstract: Systems, methods, and computer-readable media for call classification and for training a model for call classification, an example method comprising: receiving DTMF information from a plurality of calls; determining, for each of the calls, a feature vector including statistics based on DTMF information such as DTMF residual signal comprising channel noise and additive noise; training a model for classification; comparing a new call feature vector to the model; predicting a device type and geographic location based on the comparison of the new call feature vector to the model; classifying the call as spoofed or genuine; and authenticating a call or altering an IVR call flow.

Abstract: Security systems for microelectronic devices physically lock the hardware itself and serve as a first line of defense by preventing overwriting, modification, manipulation or erasure of data stored in a device's memory. Implementations of the security systems can respond to lock/unlock commands that do not require signal or software interactivity with the functionality of the protected device, and which therefore may be consistent across devices.

Abstract: Disclosed herein are techniques for protecting web applications from untrusted endpoints using remote browser isolation. In an example scenario, a browser isolation system receives a request from a client browser executing on a client device to connect with a remote application accessible via a private network. A surrogate browser is provided to facilitate communications between the client browser and the remote application. A security policy is enforced against the communications.

Abstract: Embodiments described herein provide for passive caller verification and/or passive fraud risk assessments for calls to customer call centers. Systems and methods may be used in real time as a call is coming into a call center. An analytics server of an analytics service looks at the purported Caller ID of the call, as well as the unaltered carrier metadata, which the analytics server then uses to generate or retrieve one or more probability scores using one or more lookup tables and/or a machine-learning model. A probability score indicates the likelihood that information derived using the Caller ID information has occurred or should occur given the carrier metadata received with the inbound call. The one or more probability scores be used to generate a risk score for the current call that indicates the probability of the call being valid (e.g., originated from a verified caller or calling device, non-fraudulent).

Abstract: An improved hand truck is provided and generally characterized by a chassis, a wheel assembly, an outrigger assembly, a platform and a platform lift assembly. The chassis includes a base bracket and support bars longitudinally extending therefrom in spaced apart condition, the wheel assembly operably depending from the base bracket. The outrigger assembly includes outrigger arms rotatingly supported by a portion of the wheel assembly such that the outrigger arms are reversibly pivotable between passive and active assembly configurations. The platform, translatably received upon the support bars of the chassis, includes a base plate and a backer plate, the backer plate adapted to receive an accessory hangar. The platform lift assembly, for reversibly translating the platform upon the support bars of the chassis is operatively interposed between the base bracket of the chassis and the platform.

Abstract: Systems and methods of cyber hardening software by modifying one or more assembly source files. In some embodiments, the SME tool transparently and seamlessly integrates into the build process of the assembly source files being modified. For example, upon integration of the disclosed SME tool into the application's development environment, the modifications in the final executable are transparent to the developer and can support other cyber hardening techniques. In some embodiments, the integration of the SME tool into a build can be automated. Simplifying integration, through automated means, can be beneficial for widespread adoption of SME tools in cyberhardening software applications. Automated SME build integrations, e.g., removing manual methods and techniques, can help eliminate human errors and result in faster SME integrations, in comparison to manual integrations of a SME tool.

Abstract: Transparent web browsing recording is disclosed. A request is received, at a browser isolation system, from a client browser executing on a client device, to connect with a remote resource. A surrogate browser is provided to facilitate communications between the client browser and the remote resource. A set of browsing activities associated with use of the surrogate browser by the client browser is recorded.

Abstract: Systems and methods for initiating an action based on electronic activities of a user. Generally, a computing device receives a policy for enabling cryptographically secure tracking of electronic activities of a user and a particular electronic computing device. The policy can include definitions for a multiple actions to be taken with respect to certain electronic activities resulting from interaction by the user with the at least one computing device. The computing device can identify a particular electronic activity resulting from user interaction with the at least one computing device. The computing device can determine a particular action to take by applying the policy to the particular electronic activity. The computing device can initiate the particular action with respect to the particular electronic activity.

Abstract: Disclosed is a system for customizing protections provided to different application programming interfaces (“APIs”) and different functions of an API based on different API context and user context associated with the different APIs and the different functions of each API. The system receives a particular API, determines API context for proper usage of one or more functions of the particular API, and determines user context associated with endpoints properly accessing the one or more functions. The system generates a model for differentiating between proper and improper use of the one or more functions based on contextual relationships between different combinations of the API context and the user context. The system monitors usage of the one or more functions based on the model, and performs an action that is associated with the model in response to the usage violating the contextual relationships for the one or more functions.

Abstract: An assessment query may be received and analyzed to identify relevant assessment attributes and select a set of associated assessment resources. Assessment information may be extracted from the set of associated assessment resources. The extracted information may be used to identify additional relevant assessment attributes that may be utilized to extract additional assessment information. The extracted information may be used to generate a comprehensive threat assessment report. The threat assessment report, and the threat assessment, may be updated based on user feedback.

Abstract: Systems, computer program products, and methods are described herein for generating information security management packages through malware tracing, logging, and analysis. A system in accordance with embodiments of the present invention may be configured for receiving one or more trace log files from one or more artifact data collection computing systems; parsing the artifact data and metadata to identify one or more relationships between the target malware and one or more malware artifacts; based on parsing the artifact data and metadata, generating one or more nodes within a malware graph database; and executing a coverage analysis of an information security management package configured to detect a presence of the target malware.

Abstract: Disclosed are methods, systems and non-transitory computer readable memory for vulnerability detection and management. For instance, a method may include obtain asset information for an organization, wherein the asset information indicates a plurality of assets; obtain a set of grouping rules, wherein the set of grouping rules defines a plurality of groups based on asset attributes; obtain asset data from at least one source, wherein the asset data indicates particular attributes for at least a subset of assets of the plurality of assets; determine at least one specific group for each of the subset of assets; generate a data structure associating each asset of the subset of assets to a first group, thereby grouping the subset of assets into the first group; and perform at least one vulnerability management action using a command that applies to all of the assets, and only the assets, of the first group.

Abstract: Disclosed are methods, systems and non-transitory computer readable memory for vulnerability detection and management. For instance, a method may include obtain asset information for an organization, wherein the asset information indicates a plurality of assets; obtain a set of grouping rules, wherein the set of grouping rules defines a plurality of groups based on asset attributes; obtain asset data from at least one source, wherein the asset data indicates particular attributes for at least a subset of assets of the plurality of assets; determine at least one specific group for each of the subset of assets; generate a data structure associating each asset of the subset of assets to a first group, thereby grouping the subset of assets into the first group; and perform at least one vulnerability management action using a command that applies to all of the assets, and only the assets, of the first group.

Abstract: Embodiments described herein provide for audio processing operations that evaluate characteristics of audio signals that are independent of the speaker's voice. A neural network architecture trains and applies discriminatory neural networks tasked with modeling and classifying speaker-independent characteristics. The task-specific models generate or extract feature vectors from input audio data based on the trained embedding extraction models. The embeddings from the task-specific models are concatenated to form a deep-phoneprint vector for the input audio signal. The DP vector is a low dimensional representation of the each of the speaker-independent characteristics of the audio signal and applied in various downstream operations.

Abstract: Cryptographic techniques are disclosed which employ at least a five-pass protocol (5PP) for a cryptographic exchange of a secret data matrix between two computer systems. This 5PP approach improves the functioning of the computer systems by making their encrypted communications more resistant to potential quantum computing-based attacks while still resisting brute-force attacks by eavesdroppers. For example, the 5PP approach can be used to improve public-key cryptography. The system may comprise a first computer system and a second computer system, where a secret data matrix is known by the first computer system but is not shared with the second computer system in unobscured form.