Abstract: Providing policy check functionality to file uploads is disclosed. An attempted file upload is detected at a browser isolation system. A user of a client is prompted to provide a credential associated with the file and usable to access contents of the file. A policy is applied to the file upload.

Abstract: Embodiments described herein provide for systems and methods for verifying authentic JIPs associated with ANIs using CLLIs known to be associated with the ANIs, allowing a computer to authenticate calls using the verified JIPs, among various factors. The computer builds a trust model for JIPs by correlating unique CLLIs to JIPs. A malicious actor might spoof numerous ANIs mapped to a single CLLI, but the malicious actor is unlikely to spoof multiple CLLIs due to the complexity of spoofing the volumes of ANIs associated with multiple CLLIs, so the CLLIs can be trusted when determining whether a JIP is authentic. The computer identifies an authentic JIP when the trust model indicates that a number of CLLIs associated with the JIP satisfies one or more thresholds. A machine-learning architecture references the fact that the JIP is authentic as an authentication factor for downstream call authentication functions.

Abstract: Predictive rendering (also referred to herein as speculative rendering) is disclosed. The predictive rendering is performed by an endpoint browser in response to a user input made by a user. The predictive rendering is verified using a surrogate browser that is executed on a remote server. The verification can be performed asynchronously.

Abstract: Systems and methods are disclosed that receive data at an electronic computing device. A first algorithm can be applied to the phrases to generate masked versions of the phrases. The masked versions can be cryptographically secured using a second algorithm and a cryptographic key. The second algorithm and cryptographic key can be used to generate a secured versions of the phrases. A filter representative of the data can be generated using the secured versions of the phrases.

Abstract: Disclosed techniques include cybersecurity workflow management using autodetection. A cybersecurity threat protection workflow is accessed. At least one cybersecurity threat protection application notification is received. The cybersecurity threat protection application notification causes an irreversible action to be scheduled by the workflow. The irreversible action comprises a destructive response. The destructive response includes killing a process, deleting an account, shutting down a computer, wiping a computer, or shutting down a router. The irreversible action is detected before it is implemented by the workflow. The irreversible action in the workflow is mitigated using a supervisory workflow element. The mitigating the irreversible action comprises initiating a machine learning algorithm. The machine learning algorithm enables a near real-time response. The machine learning algorithm self-triggers the actionable response.

Abstract: A System and Method is provided that enable identifying cyber security attacks using observation and monitoring of end point activity. By following and monitoring the wireless connection related activities of endpoint devices as they cycle through various steps leading to establishing a connection to the secure network, a knowledge base is established in the cloud by analysis of the actions, and communication to build the confidence that the users of the network are where they should be. In one embodiment, no access is provided until a user presents valid credentials. Based on these credentials the network then builds a specific path based on access controls, tunnels or other techniques to control the user’s communication and access to specific targets within the network.

Abstract: Example secure runtime systems and methods are described. In one implementation, a secure runtime system is configured to execute multiple applications in a secure manner. The secure runtime is associated with a secure enclave defined by a hardware device. A secure application loader is configured to load an application into the secure runtime system and an OS bridge is configured to provide OS services to the application.

Abstract: Systems and methods are disclosed for generation of a representative data structure. A computing device can receive data including various data items. The computing device can generate logical rows that include the data items. The computing device can convert the logical rows into nodes and store the nodes into logical rows of a first logical table. The computing device can generate logical rows for a second logical table including row identifiers and a link to one of the logical rows from the first logical table.

Abstract: Malware prevention and remediation is provided by monitoring actions performed processes and maintaining indications of which processes are trusted; selectively presenting canary files to these processes, which includes presenting the canary files to processes not indicated as being trusted and hiding the canary files from processes indicated as being trusted, and where the monitoring includes monitoring for access of canary files with change privileges; scoring each of the processes based on the actions performed, including any access of canary files with change privileges, which scoring produces a malice score for each process; and automatically terminating any process for which its malice score indicates at least a threshold level of malice in the execution of the process.

Abstract: A multi-point locking set, comprising an engagement member attached to a first end of an actuator plate and configured to move the actuator plate in a vertical direction, a locking member attached to a second end of the actuator plate and attached to a first moving plate and a second moving plate, wherein the locking member pivots between a retracted position and an extended position when the actuator plate moves in the vertical direction, and wherein the first moving plate and the second moving plate move in a vertical direction when the locking member pivots between the retracted position and the extended position.

Abstract: Techniques for detecting emails that pertain to Internet services are disclosed. Information about such emails can be recognized by performing a discrete analysis of the email before delivering the email to the user and determining whether a corrective action is warranted. Such emails can be recognized by heuristic pattern analysis that scans incoming emails for patterns known to pertain to certain Internet services. Emails relating to other Internet services can be detected by a machine learning classifier that uses labeled training data. These accesses to Internet services can be written to a database. In many implementations, such discrete analysis is performed after an email has been classified as legitimate by one or both of a spam filter and a malware detector. An aggregate analysis, whose output can also update the database, can provide a broad picture of Internet service usage within a set of email users (e.g., by department).

Abstract: A data security server system includes a first network proxy, a data classifier, an operation pipeline module, a vault database, security infrastructure, and second network proxy that function as secure data tunnel mechanisms through which network data containing sensitive information passes through. The data classifier identifies data payloads having data fields that require processing and routes these data payloads to an operation pipeline module which can redact, tokenize or otherwise process sensitive data before the data payload exits the system. The data classifier also reverses the process by identifying data payloads having redacted or tokenize data fields and restoring the sensitive data to these data fields.

Abstract: A device, system, and method, according to various embodiments, can include, for example, a hybrid cloud network, one or more personal cloud virtual LANs, and a home area network. The hybrid cloud network can be configured to provide public access and private access. The one or more personal cloud virtual LANs are provided at an overlapping segment of the hybrid cloud network to provide privacy within the hybrid cloud network. The home area network can include a single purpose computer configured as a gateway for the hybrid cloud network and configured to establish a site-to-site secure connection with the one or more personal cloud virtual LANs.

Abstract: A network-accessible service provides an enterprise with a view of all identity and data activity in the enterprise's cloud accounts. The service enables distinct cloud provider management models to be normalized with centralized analytics and views across large numbers of cloud accounts. The service enables an enterprise to model all activity and relationships across cloud vendors, accounts and third party stores. Display views of this information preferably can pivot on cloud provider, country, cloud accounts, application or data store. Using a domain-specific query language, the system enables rapid interrogation of a complete and centralized data model of all data and identity relationships. User reports may be generated showing all privileges and data to which a particular identity has access. Similarly, data reports shown all entities having access to an asset can be generated.

Abstract: A method includes identifying a first group of objects generated by security tools during a first time interval and containing cotemporal, analogous characteristics identifying a first endpoint device connected to a computer network; based on the first group of objects, confirming detection of the first endpoint device by a first security tool and a second security tool during the first time interval; identifying a second group of objects generated by security tools during a second time interval and containing cotemporal, analogous characteristics identifying the first endpoint device; based on the second group of objects, confirming detection of the first endpoint device by the second security tool during the second time interval; and responsive to absence of detection of the first endpoint device by the first security tool during the second time interval, generating a source remove event specifying removal of the first security tool from the first endpoint device.

Abstract: Disclosed techniques include integrated cybersecurity state change buffer service. A plurality of network-connected cybersecurity threat protection applications is accessed. A background synchronization service is initiated. The background synchronization service receives status from at least one of the plurality of cybersecurity threat protection applications. The status comprises high-volume incoming status data. The status is monitored, using the background synchronization service. A real-time state change in the status is identified, based on the monitoring. The identifying a real-time state change includes quantifying incoming data associated with the status. An actionable response is triggered, based on the state change that was identified. The actionable response enables self-healing of a connected security orchestration, automation, and response (SOAR) application system. The status is processed, using the background synchronization service, to provide the actionable response.

Abstract: A computer-implemented method of providing data governance as data flows within and between networks, comprising: using a global computing device, retrieving data stored in a plurality of local ledgers and written by a plurality of local computing devices, wherein validity of the data stored in the plurality of local ledgers has not been verified prior to writing; using the global computing device, determining that the plurality of local ledgers is cryptographically consistent and, in response to the determination, updating a global ledger with the data stored in the plurality of local ledgers.

Abstract: The application is applicable for use in conjunction with a system that includes connected vehicle communications in which vehicles in the system each have an onboard processor subsystem and associated sensors, the processor subsystem controlling the generation, transmission, and receiving of messages communicated between vehicles for purposes including crash avoidance. A method is set forth for determining, by a given vehicle receiving messages, the occurrence of misbehavior, including the following steps: processing received messages by performing a plurality of plausibility determinations to obtain a respective number of plausibility measurements; determining at least one context for the region at which the given vehicle is located; weighting the plurality of plausibility measurements in accordance with values determined from the at least one context to obtain a respective plurality of plausibility indicator values; and deriving a misbehavior confidence indicator using the plausibility indicator values.

Abstract: A method for monitoring endpoint devices affiliated with a computer network includes: for each security technology, accessing a set of objects generated by the security technology during a time interval and representing characteristics endpoint devices configured with the security technology, partitioning object groups representing individual endpoint devices, and aggregating characteristics represented in each object group into an endpoint device container associated with the security technology and containing identifying data and status data representing one endpoint device; identifying a first subset of endpoint devices configured with first and second security technologies based on correspondence between data contained endpoint device containers associated with the first and second security technologies; and identifying a second subset of endpoint devices configured with the first security technology and excluding the second security technology based on absence of correspondence between data contained in

Abstract: Disclosed are systems and methods including computing-processes executing machine-learning architectures for voice biometrics, in which the machine-learning architecture implements one or more language compensation functions. Embodiments include an embedding extraction engine (sometimes referred to as an “embedding extractor”) that extracts speaker embeddings and determines a speaker similarity score for determine or verifying the likelihood that speakers in different audio signals are the same speaker. The machine-learning architecture further includes a multi-class language classifier that determines a language likelihood score that indicates the likelihood that a particular audio signal includes a spoken language. The features and functions of the machine-learning architecture described herein may implement the various language compensation techniques to provide more accurate speaker recognition results, regardless of the language spoken by the speaker.