Abstract: A computer program component configured to collect configuration item data from information technology resources of an air-gapped network for an information technology configuration management database is provided. Configuration item data collected from the information technology resources of the air-gapped network is obtained using the provided computer program component, wherein the obtained configuration item data is physically transferred between a device within the air-gapped network and a device outside the air-gapped network at least in part via a portable physical storage medium, and the collected configuration item data has been reviewed and filtered within the air-gapped network prior to being physically transferred via the portable physical storage medium. The obtained configuration item data is imported to the information technology configuration management database outside the air-gapped network.

Abstract: An example storage medium includes instructions that, when executed, cause a processor of a computing device to read, during start-up of the computing device, first configuration data from a first storage device of the computing device; read second configuration data from a second storage device of the computing device; determine that there is an inconsistency between the first configuration data and the second configuration data; check a tamper status of the computing device; based on the tamper status and the determination that there is an inconsistency between the first configuration data and the second configuration data: (i) clear a secure storage location of the computing device, the secure storage location storing data to access protected data; or (ii) replace the first configuration data on the first storage device of the computing device based on second data and continue the start-up of the computing device.

Abstract: A server can receive a device public key and forward the device public key to a key server. The key server can perform a first elliptic curve Diffie-Hellman (ECDH) key exchange using the device public key and a network private key to derive a secret X1. The key server can send the secret X1 to the server. The server can derive an ECC PKI key pair and send to the device the server public key. The server can conduct a second ECDH key exchange using the derived server secret key and the device public key to derive a secret X2. The server can perform an ECC point addition using the secret X1 and secret X2 to derive a secret X3. The device can derive the secret X3 using (i) the server public key, a network public key, and the device private key and (ii) a third ECDH key exchange.

Abstract: The disclosure is directed towards the detection of supply chain-related security threats to software applications. One method includes identifying differences between updated source code and previous source. The updated source code corresponds to an updated version of an application. The previous source code corresponds to a previous version of the application. A risk score is determined for the updated version. The risk score is based on a machine learning (ML) risk model. The ML risk model analyzes the differences between the updated source code and the previous source code. A value of the risk score corresponds to potential security threats that are associated with the updated version. The potential security threats are not associated with the previous version of the application. The risk score is provided to interested parties.

Abstract: A device that is configured to receive user activity information that includes information about user interactions with a network device for a plurality of users. The device is further configured to input the user activity information into a first machine learning model that is configured to receive user activity information and to output a set of bad actor candidates based on the user activity information. The device is further configured to filter the user activity information based on the set of bad actor candidates. The device is further configured to input the filtered user activity information into a second machine learning model that is configured to receive the filtered user activity information and to output system exposure information that identifies network security threats. The device is further configured to identify network security actions based on the network security threats and to execute the network security actions.

Abstract: Selectively presenting information by generating a dictionary including information categorized as sensitive according to a participant's characteristic, generating a display matrix including display rules according to the participant's characteristics, detecting sensitive data in a presentation stream, determining display coordinates for the sensitive data, determining a presentation status for the sensitive data according to the participant's characteristics, the dictionary, the decision tree and the display matrix, and masking the presentation of the sensitive information according to the presentation status and the display coordinates.

Abstract: A system, method, and computer-readable recording media for a user account secure with a single sign on (SSO) password hidden authentication. Receiving credential information (CI) and generating the SSO password through at least one client device (CD). Encrypting the SSO password. Storing the SSO password in the CD and an electronic device (ED). Transmit the SSO password and encrypted SSO password to a cloud services platform (CSP), where the CSP stores both. Storing the SSO password in a cloud server (CS). Accessing the user account, if SSO password is unavailable, through the CSP transmitting a one time passcode to a user email, the CD setting a temporary password transferred to the CSP. The CSP confirming a match and transmitting the encrypted SSO password to the CD, the CD decrypting the encrypted SSO password and resetting the temporary password to the SSO password.

Abstract: The present disclosure relates to computer-implemented methods, software, and systems for managing incompliances of application instances running in a cloud environment. Compliance requests can be generated for incompliant instances of cloud applications running on a cloud platform. In response, compliance checks for the one or more incompliant instances of cloud applications running on the cloud platform can be automatically executed. Incompliances can be identified by different compliance monitors instantiated at the cloud platform. Each compliance monitor is responsible for a particular type of incompliances. In response to identifying that a first instance of a first cloud application has a first type of incompliance, a maintenance action to be automatically executed by a first compliance maintainer running on the cloud platform is scheduled. The first compliance maintainer executes automatically a compliance measurement action for the first type of incompliance.

Abstract: The present disclosure is directed to assessing API service security and may include the steps of identifying an API service called by an application based on information provided by an agent embedded within the application; collecting telemetry associated with the API service, the telemetry collected from one or more telemetry sources and indicating any deficiencies in the API service; generating a reputation score for the API service based on analysis of the collected telemetry; and transmitting the reputation score to at least one of the following: the agent embedded within the application, wherein the reputation score is associated with at least one policy having at least one policy action, and wherein the reputation score is operable to be used by the agent to invoke the at least one policy action relating to use of the API service by the application; or a continuous integration/continuous delivery pipeline associated with the application.

Abstract: Techniques for data lifecycle discovery and management are presented. Data lifecycle discovery platform (DLDP) can identify data of users, data type, and language of data stored in data stores (DSs) of entities based on scanning of data from databases. DLDP determines compliance of DLDP and DSs with obligations relating to data protection arising out of jurisdictional laws or agreements. DLDP generates rules to facilitate complying with and enforcing laws and agreements. DLDP can determine, and present to authorized users, risk scores relating to levels of compliance of the DLDP, associated platforms, or entities, risk indicator metrics, or a privacy health index of the organization associated with DLDP. DLDP can manage user rights regarding data, and access to data in DSs and information relating thereto stored in secure data store of DLDP. DLDP can remediate issues involving anomalies indicating non-compliance. DLDP can utilize machine learning to enhance various functions of DLDP.

Abstract: According to one embodiment, a method performed by a first communication device for generating a symmetric session key for encrypted communication with a second communication device is described comprising generating a blinding value for each of a first and a second private key component, generating a blinded public key from the first private key component, the second private key component, and the blinding values using a public key generation function, transmitting the blinded public key to the second communication device for encryption of a shared secret, receiving the shared secret, generating a session key for encrypted communication with the second communication device from the shared secret, encrypting, using the session key, an information from which the blinding values are derivable and transmitting the encrypted information to the second communication device.

Abstract: Disclosed is a system to optimize rule weights for classifying access requests so as to manage rates of false positives and false negative classifications. A rules suggestion engine may suggest a profile of classification rules to a merchant for access requests. The system can optimize weights for the profile of rules using a cost function based on a training set of historical access requests, for example using stepwise regression or machine learning (ML). The system can compute a profile score based on the optimized weights, for example by summing the weights. The system statistically analyzes the profile score using classification thresholds and the historical access requests. The system can perform receiver operating characteristic (ROC) analysis for various threshold values, enabling a user to select a suitable threshold. The system can further optimize by adding or removing rules from the profile of rules.

Abstract: A network security system provides portals which enable automatic creation of a dynamic one-time port forwarding rule for an authorized user's current IP address following two factor authentication of the authorized user. Such a dynamic one-time port forwarding rule is utilized to set up a connection, at which point the dynamic one-time port forwarding rule is removed, preventing any attacker from subsequently taking advantage of it. Such a methodology is advantageous as compared to conventional port forwarding in that it is much more secure. Such a methodology is advantageous as compared to traditional port forwarding with access control both in that a user does not always have to utilize the same device with a static IP address, and in that the port forwarding rule representing or exposing a potential vulnerability is deleted after a connection is established.

Abstract: Devices and methods for executing instructions in an automatic and secure manner include a security processor having at least a read-only memory, a random access memory, a computer capable of performing cryptographic functions, a monotonic counter management unit associated with one or more monotonic counters, is such that it does not include any other storage memory, meaning that the security processor does not store any program or external data, a public key allowing at least one initial enrolled administrator to be authenticated is stored before the first use of same in its read-only memory, its random access memory is capable of loading a set of data and instructions that can be authenticated by a public key cryptographic module, the execution by the computer, after the authentication of same, of certain instructions, increments one of the monotonic counters.

Abstract: According to certain embodiments, a method comprises performing a posture assessment at a trust anchor in order to determine whether a hardware component is authorized to run on a product. Performing the posture assessment comprises determining a random value (K), encrypting the random value (K) using a long-term key associated with the hardware component in order to yield an encrypted value, communicating the encrypted value to the hardware component, and determining whether the hardware component is authorized to run on the product based at least in part on whether the trust anchor receives, from the hardware component, a response encrypted using the random value (K). The method further comprises allowing or preventing the hardware component from running on the product based on whether the hardware component is authorized to run on the product.

Abstract: An update device includes processing circuitry configured to store package management information that includes associations between files and packages including the files and information indicating existence/non-existence of dependence relationships among the packages, and an access control list that includes associations between the files and access source files permitted to access the files, refer, when a combination of a file and an access source file is specified, to the package management information to identify a package including the file and a package including the access source file, and add, when the identified package including the file and the identified package including the access source file are the same or are mutually in a dependence relationship, the specified combination to the access control list.

Abstract: Embodiments are disclosed for a method. The method includes determining multiple recommended actions based on a security incident using an action model trained to make recommendations. The method also includes determining multiple similar targets to a target of the security incident using a collaborative filtering model trained to assign a confidence value of similarity between two targets. The method further includes assigning a plurality of weights to the recommended actions based on one or more actions taken by the similar targets and the confidence value, and a success or failure of the recommended actions. Additionally, the method includes generating a prioritized list of the recommended actions that is sorted based on the assigned weights.

Abstract: A computer device, including at least a processor and a memory, can be configured to control process components on a computer device. An agent can intercept a request to instantiate a new process component in a user account of a logged-in user. The request can originate on the computing device from an instance of a particular process component amongst a set of process components. The user account can be assigned default user privileges by a privilege access management service. The agent can determine whether to permit the intercepted request. The agent can permit the intercepted request if the relationship is validated and if a trusted owner is identified amongst the set of identified owners.

Abstract: Techniques for controlling data access using machine learning are provided. In one aspect, first, second, and third training data sets are generated from a set of historical access records and a set of historical data records, where the access records correspond to requests for data and comprise information identifying whether the request satisfies one or more data access rules, and the data records correspond to data elements and comprise information identifying whether the data element satisfies the one or more data access rules. One or more machine learning models are trained based on the first, second, and third training data sets to generate an output identifying whether requests for data should be granted.

Abstract: Restricted access tokens are cognitively generated that provide cyber forensic specialists restricted access to applications that require investigation. Cognitive analysis is performed on case details and, in some instances, evidence logs of previously investigated applications to determine parties involved in the investigation and applications requiring investigation. In response to identifying one of the applications, the case details, applicable evidence logs and the identified application are cognitively analyzed to determine operations that are required to be performed in the application and a time required to perform the operations. A restricted access token is generated that is specific to the assigned specialist, the case, and the application.