Abstract: Systems, methods, and computer-readable media for implementing an extranet policy include receiving a request from a source to perform a lookup for a destination address. A lookup for the destination address is performed in a consolidated routing table, the consolidated routing table including a consolidated mapping of address prefixes associated with two or more virtual networks. If the lookup results in a match for the destination address with a matching address prefix, a matching virtual network associated with the matching address prefix is determined. An access policy for the request corresponding to the matching virtual network is obtained, and based on the access policy the request is allowed to access the destination address in the matching virtual network or disallowed. The consolidated routing table can be implemented in a mapping server using a Locator/ID Separation Protocol (LISP).

Abstract: A network is secured by managing domain name requests such that client devices are restricted from visiting malicious or undesirable domains. An endpoint Domain Name Server (DNS) agent is installed on client devices on a local network, and the endpoint DNS agents intercept DNS requests from the client devices and process the received DNS request in the endpoint DNS agent based on a security policy set for the client device via the endpoint DNS agent. In a further example processing the received DNS request comprises identifying the client device, end user, and the DNS request to a cloud-based DNS server, and processing a response received from the cloud-based DNS server received in response to the DNS request. The endpoint DNS agent is further operable to distinguish between DNS requests for local domains and remote domains, and to redirect DNS requests for local domains to a local network DNS server.

Abstract: In some examples, a method for generating a low data rate signal for transmission from a first network domain to a second network domain, the second network domain logically separated from the first network domain by a firewall, can include encoding a signal from a first device logically positioned within the first network domain to form a data signal, and transmitting the data signal over an out-of-band communications channel from the first network domain to the second network domain.

Abstract: A system and method for self-adjusting cybersecurity analysis and score generation, wherein a reconnaissance engine gathers data about a client's computer network from the client, from devices and systems on the client's network, and from the Internet regarding various aspects of cybersecurity. Each of these aspects is evaluated independently, weighted, and cross-referenced to generate a cybersecurity score by aggregating individual vulnerability and risk factors together to provide a comprehensive characterization of cybersecurity risk using a transparent and traceable methodology. The scoring system itself can be used as a state machine with the cybersecurity score acting as a feedback mechanism, in which a cybersecurity score can be set at a level appropriate for a given organization, and data from clients or groups of clients with more extensive reporting can be used to supplement data for clients or groups of clients with less extensive reporting to enhance cybersecurity analysis and scoring.

Abstract: Aspects of the disclosure relate to configuration of the Access Stratum (AS) security in communication networks. The AS security may be defined by security configuration information selected for a protocol data unit (PDU) session established for a user equipment (UE). The security configuration information may be selected by a network node within a core network based on one or more of the PDU session, device type of the UE, or Quality of Service (QoS) flow within the PDU session. The security configuration information may be provided to a radio access network (RAN) serving the UE for selection of an AS security configuration that is specific to the PDU session.

Abstract: Endpoints in a network execute a sensor module that intercepts commands. The sensor module compares a source of commands to a sanctioned list of applications received from a management server. If the source does not match a sanctioned application and the command is a write or delete command, the command is ignored and a simulated acknowledgment is sent. If the command is a read command, deception data is returned instead. In some embodiments, certain data is protected such that commands will be ignored or modified to refer to deception data where the source is not a sanctioned application. The source may be verified to be a sanctioned application by evaluating a certificate, hash, or path of the source. Responses from an active directory server may be intercepted and modified to reference a decoy server when not addressed to a sanctioned application.

Abstract: Described embodiments provide systems and methods for selecting one or more firewall rules to apply to a server based at least on identifying a service of the server. A device intermediary to a plurality of clients and a serve may identify a pattern of a firewall to apply to a response from the server to a request from a client of the plurality of clients. The pattern may be to identify a service configured on the server. The device may determine that the response from the server matches the pattern. The device may identify, responsive to the response matching the pattern, that the service is configured on the server. The device may select, based at least on the service, one or more rules for the firewall to apply to responses from the server.

Abstract: Systems, methods, and computer-readable media are disclosed for systems and methods for sending and receiving anonymized signals or beacons. Example methods may include determining an authentication code and sending a signal associated with the authentication code from an electronic device to a server via a connected device. Example methods may include determining an authentication code by a server or a second electronic device and requesting signal information from the server corresponding to the signal associated with the authentication code.

Abstract: Methods and systems for detecting anomalous network device activity. The system may include an interface for receiving an identification label associated with a host device and pre-existing traffic data associated with the host device. The system may further detect that the pre-existing traffic data associated with the host device is anomalous based on the identification label. The system may then issue an alert upon detecting that the pre-existing traffic data associated with the host device is anomalous.

Abstract: A system for cybersecurity rating using active and passive external reconnaissance, that uses a web crawler that sends message prompts to external hosts and receives responses from external hosts, a time-series data store that produces time-series data from the message responses, and a directed computational graph module that analyzes the time-series data to produce a weighted score representing the overall cybersecurity state of an organization.

Abstract: A digital ledger built upon a blockchain to provide users with the ability to securely, accurately, and verifiably share state information between distrustful parties is provided herein. The Verifiable Outsourced Ledger is hosted in a networked environment, accessible by multiple parties, and maintains an immutable view of the transactions submitted by authorized parties and a continuous view of the states shared between the parties that the parties can replicate independently locally to verify the integrity of the ledger.

Abstract: A system and method for geolocation-aware, cyber-enabled infrastructure inventory and asset management with state prediction capability. The system tracks tangible and intangible assets, including states associated with each asset such as the location, condition, and value of each asset. Physical assets may be cyber-enabled by attaching wireless computing devices to some or all of the physical assets to provide data about the physical assets using sensors of the computing devices, including but not limited to, such data as location, conditions of storage, and hours of operation or use. Data for each item is stored in a multi-dimensional time series database, which keeps a historical record of the states of each item. Unknown or future states can be predicted by applying predictive models to the time series data. Parametric evaluations of current and predicted future states can be used to optimize the assets against an objective.

Abstract: A secure approval chain for runtime protection is disclosed. As an application or pod is developed in a pipeline, an approval engine ensures that the pod is approved by all approvers. The approval engine generates a deployment token that is added to the configuration data of the pod and that can be used at deployment to perform various security operations including pod verification, runtime environment control and enforcement, and pod or application verification.

Abstract: Described herein are improvements for responding to incidents in an information technology (IT) environment. In one example, a method includes, in an incident response system, receiving authentication information for use by a first component for responding to an incident in an information technology (IT) environment. The method further includes encrypting the authentication information and storing the authentication information in the incident response system along with encrypted parameters for operating the first component. In the incident response system, upon determining that the first component requires the authentication information for an interaction, the method provides retrieving the authentication information and providing the authentication information to the first component.

Abstract: The subject matter discloses computer-implemented method performed during a multi-party computation (MPC) process performed between multiple parties, said method comprising, the multiple parties executing a pre-processing phase and obtain values of correlated random variables to be used in an MPC process, the parties periodically verifying the correctness of the correlated random variables by exchanging information between the multiple parties, refreshing the values of the correlated random variables in each of the multiple parties, wherein no party of the multiple parties has access to values of the correlated random variables stored in another party of the multiple parties during the verifying and refreshing processes, the multiple parties using the correlated random variables during the MPC process after verifying a correctness of the correlated random variables.

Abstract: A system and method for dynamic geospatially-referenced cyber-physical infrastructure inventory and asset management using state models, wherein a computing device with a geolocation device and wireless networking capability is attached to each of a plurality of physical assets, and used to periodically determine a state of the physical asset to which it is attached using the geolocation device, periodically generate a status update message and send it to a remote computer, and wherein the remote computer stores the status of the physical asset as time series data in a state model and, if a status message is not received in a defined period of time, applies a machine learning algorithm to the state model to predict a current or future state of that particular physical asset.

Abstract: A system and method for sharing user preferences pertaining to one or more products, without having the user reveal their identity, is described herein. The system is configured for registering a user by receiving a set of biometric samples of the user, processing the set of biometric samples to compute a Secret-Key (S1) corresponding to the user, generating a Unique-Number (N1) using a random number generation algorithm, applying a Function (F1) to the Secret-Key (S1) and the Unique-Number (N1), to compute a Public-Key (P1). Once the user is registered, the system is configured to receive a biometric sample from the user in real-time and compute the Secret-Key (S2) for authenticating the user. Once the user is authenticated, the system may recommend to the user, a candidate product from a product catalog, based on the user's preferences.

Abstract: A system, a method, and a computer program are provided for securely connecting a main network to one or more subnetworks in an enterprise network through a group of enterprise routers has all data traffic routed between the main network and the subnetwork through an encrypted virtual private network (VPN) tunnel. The data traffic is monitored for a cyberthreat indication in the enterprise network, and any cyberthreat indication is has the cyberthreat remediated by modifying a policy in a firewall or one of the group of enterprise routers to stop routing exchange or cease encryption or transmission of data between the main network and the one or more subnetworks. In part, a key server and each router and the group of enterprise routers is configured with an Internet Protocol address, a group security association value, and a group profile which are employed by the technological solution for secure enterprise connectivity.

Abstract: A processor may identify one or more transaction verification requests from one or more entities. The processor may convert each of the one or more transaction verification requests into respective hashed transaction verification requests. The processor may send, on one or more private, anonymous channels, the hashed transaction verifications to an orchestrator. The processor my decrypt the hashed transaction verifications with the orchestrator. The processor may determine whether information in each of the one or more transaction verification requests matches.

Abstract: Techniques for providing a feedback mechanism to enforce a security policy are provided. In some embodiments, dynamic resolution of Fully Qualified Domain Name (FQDN) address objects in policy definitions includes receiving a security policy that includes a domain name (e.g., the network policy can include a network security rule that is based on the domain name); and periodically updating Internet Protocol (IP) address information associated with the domain name based on a feedback mechanism that utilizes network logs (e.g., implemented using a learning process for FQDN to IP address mappings) to facilitate a more effective security policy enforcement.