Abstract: A data control method includes receiving from a user an indication of data for sharing, receiving from the user an indication of one or more recipients with which to share the data, and receiving from the user one or more allowed actions for the data. A multidimensional zone is determined based on the indication of the data for sharing, the indication of the one or more recipients, and the one or more allowed actions for the data. A plurality of application program interfaces (APIs) for a plurality of applications are accessed. Data sharing permissions are set for the user for each of the plurality of applications based on the multidimensional zone via the plurality of APIs.

Abstract: A system and method for detecting effective permissions of a principal in a cloud computing environment, includes detecting a group of principal nodes, each principal node representing a principal in a cloud computing environment, in a security graph, the security graph storing therein a representation of the cloud computing environment; selecting a first principal node from the group of principal nodes; determining a permission between the first principal node and a resource node, wherein the resource node represents a resource deployed in the cloud computing environment; and associating the group of principal nodes with the determined permission.

Abstract: Some embodiments relate to systems and method for secure information sharing using an information sharing engine. The information sharing engine configured to manage data access keys and data access control configuration, store the data access keys and data access control configuration on a distributed ledger network and selectively retrieve the data access keys from the distributed ledger network based on the data access control configuration.

Abstract: The present disclosure relates to a wireless token capable of representing a user network, the token being used to automatically provision an IoT enabled device to connect to the user network. Functions required to achieve this include: authenticate the token with the user network, and responsive to said authentication, obtain and store configuration information for enabling the token to communicatively couple one or more devices at or within a defined proximity to the token, with the user network; responsive to a wireless signal received from a given device among the one or more devices, establish a temporary secure communication channel between the given device and the token; and provide the configuration information from the token to the given device using the temporally secure communication channel, wherein the configuration information enables the given device to establish a connection with and operate in the user network based on the obtained configuration information.

Abstract: A URL velocity monitor is integrated with a message-hold decision maker of an electronic mail processing system that processes electronic messages for a protected computer network. The URL velocity monitor receives or obtains a URL, decomposes the URL into URL features based on logical boundaries, and determines features of interest from the URL features for velocity tracking. Examples of URL features can include a randomized URL segment. The velocity of each feature of interest is tracked over a period of time using a counting algorithm that employs a slow counter or a fast counter. The two different counters track two types of velocities which represent different domain behaviors targeting the protected computer network. The URL velocity monitor determines whether the velocity of a feature of interest is accelerating within the time period. If so, the URL is placed in a queue or a sandbox.

Abstract: Aspects of the present disclosure involve a system for hiding conversation elements. The system accesses a conversation interface of a messaging application on a web browser and presents the conversation interface in a window associated with the web browser. The conversation interface comprises a plurality of conversation elements. The system accesses a focus status of the window and, in response to determining that the focus status indicates that the window has lost focus, obscures a first subset of the plurality of conversation elements.

Abstract: A network security computing system includes a steganographic communications analysis engine monitoring incoming and outgoing messages on a secure computing network. The steganographic communications analysis engine identifies a pattern of file transfers between a first computing device on the secure computing network and an internal or external message recipient. When a pattern is identified, the steganographic communications analysis engine quarantines an associated computing device from the secure network. The steganographic communications analysis engine analyzes files transferred between the computing device and the recipient for indications of steganographic information and causes display, based on an identified indication of steganography, an indication that the computing device had been compromised by command and control malware.

Abstract: Adaptive online service access control includes obtaining, by a system access control monitor of a client system, a message from the client system to an external system, prior to transmission of the message, wherein the message is associated with a communication context, in response to obtaining the message, determining, by the system access control monitor, a current access score as a sum of a previous access score associated with the communication context and a modifier value determined for the message, and in response to determining, by the system access control monitor, that the current access score is less than an access threshold value, preventing transmission of the message.

Abstract: A system generates network perimeter for an organization based on the connection data. The system builds a model, for example, a machine learning based model configured to receive a network zone as input and output a score indicating security of the network zone. The system receives information describing connection requests received from client devices associated with the organization. The system adjusts parameters of the machine learning based model based on information describing the connection requests. The adjusting of the machine learning based model improves the accuracy of prediction based on the information describing the connection requests. The system determines a network perimeter for the organization using the machine learning based model. The network perimeter may be used for implementing a network policy for the organization based on the determined network perimeter.

Abstract: Systems for providing a virtual machine and authentication of a user using the virtual machine may perform operations including providing an application programming interface (API) to an electronic device; booting a virtual machine configured to emulate a type of electronic device based on a workstation to which the electronic device is connected; receiving input, using the API, from the electronic device; and providing output to the workstation using the virtual machine. In another example, the operations may include connecting, via at least one network and through an API, to a remote server; providing to the remote server, via the at least one network and the API, the captured biometric indicator; receiving, from a virtual machine executed on the remote server, at least one packet in a defined format based on the biometric indicator; and forwarding the received at least one packet to a workstation communicably connected to the electronic device.

Abstract: Methods, systems, and computer readable media for network security are described. In some implementations, security tasks and roles can be allocated between an endpoint device and a firewall device based on tag information sent from the endpoint, the tag information including one or more characteristics of a traffic flow, information of resource availability, and/or reputation of a process associated with a traffic flow.

Abstract: Devices and methods for accessing and for controlling access of a node, called “challenged node”, that has already been authenticated and is provisionally connected to a network of nodes, the network including at least one node, called “challenging node”. The method for controlling access, implemented by a challenging node, includes: defining a personalized test that must be executed by the challenged node; sending the test to the challenged node; receiving, from the challenged node, at least one result of the execution of the test; and authorizing or refusing the access of the challenged node to the network, at least on the basis of the result.

Abstract: A cyber security system creates a behavioral framework for evaluating the cyber security of an organization's computer systems based on its employees. The system leverages offline and online individual identity information and then translates this data to anonymous identifiers to protect privacy. The identifiers are used to pull data from an identity graph, which includes behavioral data. A business-to-business identity graph correlates the name of an organization that maintains the targeted computer system with the anonymous identifiers of employees. Online activity is gathered by pixels fired from websites accessed by user browsers and gathered by one or more remote servers.

Abstract: Provided are a transaction request construction method and apparatus, a transaction request processing method and apparatus, a device and a storage medium, which relate to the field of blockchain technology and can be used for cloud computing and cloud services. A specific implementation includes: generating a standard transaction request according to a standard key of a service application party, to-be-processed request data, a target blockchain architecture to be accessed and a target blockchain identifier; and calling a transaction conversion service and converting the standard transaction request into a target transaction request under the target blockchain architecture according to the standard key, the target blockchain architecture and the target blockchain identifier; where the target transaction request is used for processing the to-be-processed request data. Transaction request construction and processing efficiency can be improved.

Abstract: Authentication of a user of an OAuth client by an OAuth authorization server, comprising exposing an authentication state machine, where the states of the state machine are hypermedia-based representations of login resources, and transitions between states are represented by hypermedia links, wherein the authentication state machine is exposed to the client by an API adhering to the principles of REpresentational State Transfer (REST). When the final state of the state machine has been reached, a secondary access token is issued to the client, thereby authenticating the user, wherein hypermedia representations which are sent to the client are encoded so as to be readily parsable by the client.

Abstract: An apparatus comprises a processing device configured to obtain, at a data center, source data generated by edge devices associated with the data center and to determine, for each endpoint subscriber of the source data, an associated per-endpoint data processing workflow. The processing device is also configured to select, based at least in part on authorization parameters in a given per-endpoint data processing workflow associated with a given endpoint subscriber, at least a portion of the source data that is to be provided to the given endpoint subscriber. The processing device is further configured to apply, based at least in part on transformation parameters in the given per-endpoint data processing workflow associated with the given endpoint subscriber, data transformations to the portion of the source data to generate transformed data and to provide, from the data center to the given endpoint subscriber, the transformed data.

Abstract: Disclosed herein are methods, systems, and processes for probabilistically identifying anomalous levels of honeypot activity. A honeypot dataset associated with a honeypot network is received and a representative usage value is determined from the honeypot dataset. The representative usage value is identified as being associated with anomalous behavior if the representative usage value deviates from an expected probability distribution. A remediation operation is initiated in the honeypot network in response to the identification of the representative usage value as being associated with the anomalous behavior by virtue of the representative usage value deviating from the expected probability distribution.

Abstract: Described herein relates to a system and method for the prevention of a malicious attack on a computing resource. In embodiments, the system may comprise the following, including but not limited to: (1) at least one processor; and (2) computer memory storing instructions that, when executed by the at least one processor, cause the at least one processor to perform operations including: (a) observing traffic flow of a network; (b) altering a SYN threshold value based on the observing of the traffic flow of the network; (c) comparing a metric of SYN messages submitted to the network; and (d) based on the comparison of the metric of SYN messages submitted, selectively engaging corrective action with the network.

Abstract: A method, system, and computer program product to protect accelerators from malicious network functions. One embodiment of the method may comprise categorizing an application runtime into a plurality of operational phases, and enforcing one of a plurality of phase-specific security restrictions at each of the plurality of operational phases. The method may further comprise analyzing the application runtime to automatically generate the plurality of phase-specific security restrictions.

Abstract: Determining additional signals for determining cybersecurity risk is disclosed, including: obtaining signals associated with a cybersecurity risk, wherein the obtained signals include technographic signals and query derived signals obtained from queries; combining the technographic signals and the query derived signals into a Bayesian model indicating the cybersecurity risk; and determining additional technographic signals or additional query derived signals associated with the cybersecurity risk to obtain such that the additional technographic signals or the additional query derived signals are to be computed to impact the cybersecurity risk.