Abstract: A computer-implemented method for evaluating cybersecurity risk may include (i) identifying telemetry data collected from endpoints of an entity, (ii) calculating a cybersecurity risk score for the entity by searching the telemetry data for information indicative of cybersecurity risk exposure of the entity and performing an actuarial analysis on the information indicative of the cybersecurity risk exposure to quantize a potential consequence of the cybersecurity risk exposure, and (iii) performing, based on the cybersecurity risk score, a security action to protect the entity from the potential consequence of the cybersecurity risk exposure. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for preventing addictive application usage may include (i) identifying a user of a software application, (ii) monitoring the user's habits in relation to accessing the software application, (iii) determining that the user's habits indicate potentially addictive behavior relative to a baseline behavior in relation to accessing the software application, and (iv) automatically executing an application control action in response to determining that the user's habits indicate potentially addictive behavior. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for creating validated identities for dependent users may include (1) identifying both a validated user of an identity validation service who has a previously validated identity and a dependent user who cannot create a new validated identity via the identity validation service, (2) enabling, via a graphical user interface displayed on the computing device, the validated user to create the new validated identity for the dependent user in response to determining that the validated user has the previously validated identity, (3) linking the new validated identity for the dependent user to the previously validated identity of the validated user, and (4) generating a token that represents the new validated identity for the dependent user and that comprises a link to the previously validated identity of the validated user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present disclosure relates to initiating remediation of security risks on an endpoint system based on updated reputation data. According to one embodiment, a reputation service receives a request, from a first endpoint system, for reputation data about an object. A reputation service transmits, in response to the request, data indicating a current reputation of the object. The reputation service determines that the object presents a security risk and updates reputation data associated with the object to indicate that the object presents a security risk. Upon updating the reputation data, the reputation system transmits, to the first endpoint system, updated reputation data associated with the object and instructions to remedy the security risk.

Abstract: The disclosed computer-implemented method for using vehicles as information sources for knowledge-based authentication may include (1) identifying a vehicle belonging to a user who is attempting to authenticate with an identity-verification authority, (2) acquiring analytic information about the vehicle, (3) generating, by analyzing the analytic information about the vehicle, at least one authentication question, where the correct response to the authentication question requires knowledge about the vehicle, (4) presenting the authentication question to the user, and (5) authenticating the identity of the user based on the user responding correctly to the authentication question. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Verifying that influence of a user data point has been removed from a machine learning classifier. In some embodiments, a method may include training a machine learning classifier using a training set of data points that includes a user data point, calculating a first loss of the machine learning classifier, updating the machine learning classifier by updating parameters of the machine learning classifier to remove influence of the user data point, calculating a second loss of the machine learning classifier, calculating an expected difference in loss of the machine learning classifier, and verifying that the influence of the user data point has been removed from the machine learning classifier by determining that the difference between the first loss and the second loss is within a threshold of the expected difference in loss.

Abstract: Techniques for brand recognition and protection in applications (“apps”) for mobile devices are disclosed. In some embodiments, brand recognition and protection in apps for mobile devices includes extracting a plurality of features of an app; comparing the plurality of features with a target set of features associated with an entity; and determining whether the app violates a policy for brand recognition and protection for the entity based on the comparing the plurality of features with the target set of features associated with the entity.

Abstract: A system and method for tracking content derived from unverified sources are described. A tracking application determines a file is untrusted when it is obtained from an unverified or untrusted source. Examples of unverified sources include remote servers accessed through a network and removable storage devices. The application marks the file as untrusted by inserting an identification of the file in a watchlist. A filter driver monitors I/O transactions and conveys information regarding file operations and corresponding processes to the tracking application. The filter driver detects a trusted process touches an untrusted file. The application marks the process as being untrusted. The filter driver detects the process subsequently touches another file. The application then marks this other file as untrusted.

Abstract: A computer-implemented method for enforcing access-control policies may include (i) identifying streaming content that is being transmitted from a media server to a media playback system, (ii) determining that a supervised user is within exposure range of the media playback system and could be exposed to the streaming content, (iii) receiving a sample of the content from a sampling system that is remote from the media playback system, (iv) identifying an access-control policy that defines a content-access restriction for the supervised user, (v) determining, based on an analysis of the sample of the content, that the access-control policy applies to the content, and (vi) in response to determining that the access-control policy applies to the content, enforcing the access-control policy by applying the content-access restriction to the streaming content. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for detecting shared devices are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for detecting shared devices comprising receiving, using a shared computer detection component, information about a connection to a website from a user device, identifying, using the shared computer detection component, one or more characteristics associated with the connection from the user device, determining, in the event there is sufficient data based on the one or more characteristics associated with the connection from the user device, whether the user device is a shared device, and calculating a first responsive action in the event it is determined that the user device is a shared device.

Abstract: A computer-implemented method for efficient backup deduplication may include (1) identifying a file to be divided into chunks for deduplication, (2) requesting, from a server, a chunk size to use when dividing the file for deduplication by submitting at least one attribute of the file to the server, the server selecting the chunk size based at least in part on a projected chunk reuse rate when the file is deduplicated according to the chunk size, (3) receiving from the server, in response to requesting the chunk size, the chunk size to use when dividing the file for deduplication, and (4) dividing the file for deduplication into a plurality of chunks according to the chunk size. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for mediating information requests may include (1) detecting, at the information-managing device, a request for the information-managing device to provide at least one element of personal information to a requesting device that is within physical proximity of the information-managing device, (2) evaluating, based at least in part on an attribute of the request, whether the request for the element of personal information is appropriate, and (3) performing a security action that responds to the request in a manner that is commensurate to the appropriateness of the request for the element of personal information. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: According to one embodiment, a computer-implemented method performed by a computing device comprising at least one processor, the method comprising determining a threat score for a user action in a computer application and calculating a decayed threat score based on the determined threat score and a damping factor. The threat score being indicative of a risk presented by the user action, the decayed threat score being a modified threat score for the user action, and the damping factor being a constant value used to reduce the determined threat score.

Abstract: The disclosed computer-implemented method for enforcing access-control policies may include (i) determining that a user is attempting to access a controlled device that is subject to an access-control policy, (ii) locating at least one additional device that is in physical proximity to the controlled device, (iii) acquiring context information from the additional device that provides information about the identity of the user, (iv) establishing the identity of the user based on the context information acquired from the additional device, and (v) enforcing the access-control policy based on the identity of the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for updating network devices may include (1) determining, by monitoring at least one endpoint device connected to a network device that provides a network connection for the endpoint device, periodic time intervals in which a user of the endpoint device is unlikely to access the network connection via the network device, (2) detecting that a system update is available for the network device that will impair the ability of the network device to provide the network connection for the endpoint device while being applied to the network device, (3) identifying, based on the periodic time intervals in which the user is unlikely to access the network connection, an optimal time at which to apply the available system update to the network device, then (4) applying the available system update to the network device at the optimal time.

Abstract: The disclosed computer-implemented method for network traffic routing to reduce service congestion at a server may include (1) receiving, by the computing device and from the cloud server, a traffic routing policy, (2) identifying, for a transaction and using at least one hook inserted into an operating system of the computing device, metadata describing a traffic type, (3) comparing the metadata with the traffic routing policy to determine the transaction is bypass traffic, and (4) sending the bypass traffic from the computing device to a destination other than the cloud server. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for selecting features for classification may include (1) generating a matrix X, a column vector Y, and a matrix Z from a training dataset that includes a plurality of samples with a plurality of features, (2) generating an augmented matrix from the matrix X, the column vector Y, and the matrix Z, (3) identifying one or more most-relevant features from the plurality of features by iteratively applying a sweep operation to the augmented matrix, and (4) training a classification model using the most-relevant features from the plurality of features rather than all of the plurality of features. Various other methods, systems, and computer-readable media may have similar features.

Abstract: The disclosed computer-implemented method for protecting personally identifiable information during electronic data exchanges may include (i) receiving, from a computing device, an authentication token for a proposed electronic data exchange, (ii) preventing the user's personally identifiable information from entering the proposed electronic data exchange by identifying the user using the anonymized identifier rather than using the user's personally identifiable information, (iii) authenticating the user identified in the data exchange information, and (iv) in response to authenticating the user, authorizing completion of the proposed electronic data exchange. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for evaluating infection risks based on profiled user behaviors may include (1) collecting user-behavior profiles that may include labeled profiles (e.g., infected profiles and/or clean profiles) and/or unlabeled profiles, (2) training a classification model to distinguish infected profiles from clean profiles using features and labels of the user-behavior profiles, and (3) using the classification model to predict (a) a likelihood that a computing system of a user will become infected based on a profile of user behaviors of the user and/or (b) a likelihood that a user behavior in the user-behavior profiles will result in a computing-system infection. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for managing encryption keys for single-sign-on applications may include (1) receiving, from an identity service, notification of a request to access encrypted data on a cloud service, the notification including a session key for encrypting and decrypting a master key for decrypting cloud service keys, (2) deriving the master key, (3) decrypting, using the master key, a cloud service key for decrypting data on the cloud service, (4) storing the master key, encrypted using the session key, (5) receiving an additional notification of an additional request to access encrypted data on an additional cloud service, the notification including the session key, (6) without again obtaining the authentication element from the user, decrypting the master key, and (7) decrypting, using the master key, an additional cloud service key for decrypting data on the additional cloud service. Various other methods, systems, and computer-readable media are also disclosed.