Abstract: A system for generating a blockchain including an input for receiving a plurality of groups of data. Blockchain processing circuitry generates the blockchain for the plurality of groups of data. The blockchain processing circuitry generates the blockchain by performing a first hash using the first group of data and a first nonce as an input to a hash function to generate a first digital signature for a first block, wherein the hash function uses encryption based on quantum key distribution and orbital angular momentum. The blockchain processing circuitry establishes the first block of the blockchain using the first group of data, the first nonce and the first digital signature.

Abstract: Systems and methods for intelligent data routing based on data type are provided. A proxy installed on a client device receives a data stream and scans the data stream for classification parameters associated with sensitive data. A data stream may be broken down, for example, to data packets, classified using known libraries containing characteristics of a classification, and routed based on applicable policies governing each classification. The routed data packets are constantly monitored and may be re-routed to a network designed to handle highly sensitive data, a network designed to handle data with high security risk, or to another applicable service infrastructure as needed, before reaching the intended recipient. The classification libraries may be updated based on the monitored data and change in classification of the data packet.

Abstract: A malware detection system to detect malware in a client computer system includes a behavior profile generator adapted to generate a behavior profile specifying operational behaviors of a computer system indicative of the existence of malware in the computer system; an interface adapted to communicate the behavior profile to the client; and an identifier responsive to a message from the client that the behavior profile is exhibited by the client and adapted to identify a reaction instruction for performance by the client, wherein the interface is further adapted to communicate the reaction instruction to the client.

Abstract: A computer implemented method to detect a data breach in a network-connected computing system including generating, at a trusted secure computing device, a copy of data distributed across a network; the computing device accessing sensitive information for the network-connected computer system and searching for at least part of the sensitive information in the copy of the data; in response to an identification of sensitive information in the copy of the data identifying the sensitive information as compromised sensitive information.

Abstract: Access to data and resources in a multi-tenant computing system is managed by tagging the data and resources with attributes, as well as by tagging users with attributes. Tenant-specific access policies are configured. When an access request is received from a workload, a policy decision engine processes the attributes that are tagged to the requesting workload (e.g., user, application, etc.) as well as those tagged to the requested data or resource, given a relevant tenant-specific policy. An access decision is provided in response to the access request, and the access decision can be enforced by a tenant-specific enforcement system.

Abstract: Provided herein are systems and methods for classifying content to prevent data breach or exfiltration. An entity engine may receive content for classification into a content type for preventing data breach or exfiltration. The entity engine may determine that secondary data, defined by an operand of an entity definition, is present in the content. Each entity definition may correspond to one content type and may include a Boolean expression of operands. Each operand may include a matching element to be used for matching against content undergoing classification into one of the content types, upon secondary data defined by the operand being present in the content. The entity engine may classify the content into a content type of the content types, corresponding to the entity definition, based on matching the matching element of the operand to the content, and matching other operands of the entity definition to the content.

Abstract: A blockchain configuration may be used to store a distributed ledger for information security and accessibility. One example method of operation may include one or more of logging an asset in a blockchain, identifying a sub-asset linked to the asset, creating a use constraint for the sub-asset, logging the use constraint associated with the sub-asset, and during an access attempt of the sub-asset, prohibiting access to the sub-asset based on the use constraint.

Abstract: A computer-implemented method, computer program product and computing system for: detecting one or more security events within a computing platform of a client; notifying the client of the one or more security events within the computing platform; determining if the client responded to the one or more security events within the computing platform; and providing a response report to the client that quantifies client response performance based, at least in part, upon if the client responded to the one or more security events within the computing platform.

Abstract: Embodiments herein provide a system, method and an apparatus for vulnerability management for connected devices on a network. The proposed method includes identifying vulnerability in a device. The method includes determining whether the vulnerability affects the device by applying one or more rules. Further, the method includes calculating vulnerability score by assigning weights to impact metric and exploitability metric. In various embodiments, the method includes predicting security incident for the device based on the computed vulnerability score, security capabilities of the device and various anomalies on the device.

Abstract: A method for event data fencing includes initializing a media monitoring algorithm, wherein the media monitoring algorithm scans for one or more words relating to a data breach in publicly available reports. Responsive to identifying a report from the publicly available reports relating to a vulnerability associated with the data breach, the method determines whether the vulnerability is associated with event data utilized for an authentication process. Responsive to determining the vulnerability is associated with a portion of the event data utilized for the authentication process, the method fences the portion of event data associated with the vulnerability, wherein fencing prevents the portion of event data from being utilized in the authentication process.

Abstract: Various systems and methods for network optimization or bandwidth conservation may use plugin migration or mirroring to access a plugin utilizing a first network protocol in the cloud. A cloud-based plugin allows for routing optimization to leverage resource directory from the first network protocol to provide discovery or access to the plugin. The plugin may be used when a device operating the first network protocol communicates with a device operating a second, different, network protocol.

Abstract: Systems and methods for remote monitoring of a Security Operations Center (SOC) via a mobile application are provided. According to one embodiment, a management service retrieves information regarding multiple network elements that are associated with an enterprise network and extracts parameters of the monitored network elements from the retrieved information. The management service prioritizes the monitored network elements by determining a severity level associated with security-related issues of the network elements and generates various monitoring views that summarize in real time various categories of potential security-related issues detected by the SOC. Further, the management service assigns a priority to each monitoring view and displays a video on the display device that cycles through monitoring views in accordance with their respective assigned priorities.

Abstract: A method by one or more electronic devices for identifying and classifying community attacks. The method includes determining, for each of a plurality of enterprise networks, one or more incidents occurring in that enterprise network based on analyzing security alerts generated by a web application layer attack detector used to protect a web application hosted in that enterprise network, where each incident represents a group of security alerts that have been determined as being associated with the same security event, grouping incidents occurring across the plurality of enterprise networks into groups of incidents, where incidents that are determined as having similar features are grouped into the same group of incidents, and classifying each of one or more of the groups of incidents as being an industry-based attack or a spray-and-pray attack based on industry classifications of incidents within that group of incidents.

Abstract: Embodiments described include a computing device for generating risk scores of network entities. The computing device can include one or more processors configured to detect a plurality of risk indicators. Each of the risk indicators identify one of a plurality of activities of a network entity of an organization. The network entity includes a device, an application or a user in the organization's network. The one or more processors can generate a risk score of the network entity, by combining a risk value, an amplification factor and a dampening factor of each of the plurality of risk indicators, and adding an adjustment value for the plurality of risk indicators. The one or more processors can determine, using the generated risk score, a normalized risk score of the network entity. The one or more processors can initiate an action according to the normalized risk score.

Abstract: The present disclosure discloses an information storage method performed at a server.

Abstract: A testing computer system communicates with a cloud computing platform coupled to one or more target computer systems. The testing computer system receives a list of target computer systems from the cloud computing platform, generates respective test payloads for a set of the target systems, and sends the test payloads to the set of target systems. Each respective test payload is useable by its respective target system to perform a security scan of the target system and send test results to the testing computer system and includes instructions that cause the test payloads to be deleted after the security scan is performed. The testing computer system receives test results generated by the set of target systems and evaluates the test results to determine whether any of the set of target systems is implicated in a security breach.

Abstract: Methods, apparatus, and processor-readable storage media for detecting security threats in storage systems using AI techniques are provided herein. An example computer-implemented method includes obtaining historical performance data and historical capacity data pertaining to one or more storage objects within a storage system; determining supervised datasets pertaining to security threat-related data and non-security threat-related data by processing at least a portion of the obtained data using a first set of AI techniques; configuring a second set of AI techniques based at least in part on the determined supervised datasets; detecting one or more security threats in connection with at least one storage object within the storage system by processing input data from the at least one storage object using the second set of AI techniques; and performing at least one automated action based at least in part on the one or more detected security threats.

Abstract: Systems and methods include receiving a domain of interest; performing an analysis of the domain to extract namespaces of the domain, hosts associated with the domain, subdomains associated with the domain, namespaces of the subdomains, and addresses including address ranges of any identified namespaces; performing a Common Vulnerabilities and Exposures (CVE) search based on the analysis to identify a CVE list associated with the domain; determining weightings of the namespaces of the domain and the subdomains to provide a name list; obtaining cloud monitoring content associated with the domain; and utilizing the name list, the CVE list, and the cloud monitoring content to determine a risk associated with the domain.

Abstract: A system, a method, and a computer program for remediating a vulnerability on a computing resource asset located in a computer network that has a plurality of other computing resource assets each having at last one vulnerability, where a Common Vulnerability Scoring System (CVSS) score is determined for the vulnerability. Vulnerability scanning results data corresponding to the computing resource asset can be analyzed and an environmental factor weighting score value determined for each of a plurality of environmentally-dependent factors. The environmental factor weighting score values and CVSS score can be aggregated and an adjusted environmental factor weighting score aggregate value generated. A prioritization score value for the vulnerability on the computing resource asset can be determined based on the adjusted environmental factor weighting score aggregate value and the vulnerability remediated on each of the computing resource assets according to the prioritization score value.

Abstract: A server application may request an authentication token from an authentication token provider on behalf of a client application instance. An application instance public key of a client application instance may be received at the server application, in which the application instance public key belongs to an application instance public-private key pair of the client application instance. An authentication token request is generated at the server application, in which the request includes the application instance public key of the client application instance and is signed with a server application private key of a server application public-private key pair that belongs to the server application. The authentication token request is sent by the server application to an authentication token provider to request an authentication token for use by the client application instance.