Abstract: Computer-implemented systems and methods are disclosed herein for use in cryptographic operations over a cloud-based service. The cloud-based service securely stores and transmits parts of encryption/decryption keys. Split key processing can include splitting the key in two and storing one of them on a remote secure server.

Abstract: Techniques for phishing protection using cloning detection are described herein. The techniques described herein can include a server which hosts a website detecting that a fetcher is a cloning toolkit or an entity known for using a cloning toolkit. The techniques can also include a server which hosts a downloadable application (such as a mobile application) detecting that a fetcher for the application is a cloning toolkit or an entity known for using a cloning toolkit. The detection can be done in several ways, such as by analyzing data logs for patterns associated with cloning toolkits or entities known for using cloning toolkits. The techniques described herein can also include a part of an end user device (such as a part of a mobile device) detecting a clone (such as a clone website or application) that was cloned by a cloning toolkit. Then, upon detection, security actions can be taken.

Abstract: The cyber threat intelligence confidence rating visualization and editing user interface technology (hereinafter “TIC”) provides a user interface that allows a user (e.g., a cyber threat analyst, etc.) to submit ratings for various characteristics associated with a cyber threat indicator. In one embodiment, the TIC may instantiate a user interactive risk evaluation component having a user interface input element for a user to submit calculation weights for one or more characteristics of a cyber threat; generate a graphical representation of a cyber threat confidence score for user interface display via the user interactive risk evaluation component; and dynamically adjust the graphical representation of the threat confidence score using at least one of the one or more characteristics weighted by the user configured weight.

Abstract: In one example, a security application that interfaces one or more cloud application clients in an enterprise network and one or more cloud applications detects a request made by one of the one or more cloud application clients to access a cloud application. The security application sends one or more prompts to the cloud application for one or more responses reflecting current empirical data obtained from the cloud application. The security application receives, from the cloud application, the one or more responses, and generates an application fingerprint that includes the one or more responses.

Abstract: A method and apparatus for Dynamic Executable Verification (DEV) is disclosed that includes a random prefix of functions of a binary application, a check function for at least a subset of the functions and a jump table for at least a subset of the functions. DEV provides low-impact dynamic integrity protection to applications that is compatible with standard code signing and verification methods, and ensures that software cannot be tampered with either statically or dynamically without detection.

Abstract: Instantiating an attestation facilitation component that allows a remote application to attest to a secure state of a secure memory application executing upon a secure platform of a computer system regardless of a type of either the secure platform or a health attestation service. Instantiation comprises identifying a property that includes at least one of the secure platform type and the health attestation service type. The instantiation is customized with the identified property. The attestation facilitation component verifies that a report generated by the secure platform represents that the secure memory application is operating in a secure state, and accesses a token generated by the health attestation service that represents that the secure platform is operating in a secure state. The attestation facilitation component generates a quote that allows the remote application to verify that the secure platform and the secure memory application are both operating in secure states.

Abstract: Systems, methods, and computer-readable media are disclosed for automated sensitive information and data storage compliance verification. In one embodiment, an example method may include determining a software application stored at a database, determining software code of the software application, and determining that the software code includes a function that accesses critical user information. Example methods may include determining a risk score for the software application based at least in part on the function, and determining a compliance level for the software application based at least in part on the function.

Abstract: A method, a computer program product, and a computer system for a security fix of a container in a VM (virtual machine) environment. A computer detects a container in a container environment, determines whether the container has a security issue performs live migration of the container to a created VM, fixes the security issue of the container in the created VM, and determines whether the security issue is fixed. In response to determining that the security issue is fixed, the computer performs live migration of the created VM to the container environment.

Abstract: A computer-implemented method for preventing vulnerable files from being opened may include (1) registering a security application as a universal file opener, (2) receiving, at the security application, a request to open a file, (3) identifying at least one other application on the computing device that is capable of opening the file, (4) determining, based on a security analysis, that there is a security risk in opening the file with the other application that is capable of opening the file, and (5) preventing the other application that is capable of opening the file from opening the file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Computerized methods and systems determine an entry point or source of an attack on an endpoint, such as a machine, e.g., a computer, node of a network, system or the like. These computerized methods and systems utilize an attack execution/attack or start root, to build an attack tree, which shows the attack on the end point and the damage caused by the attack, as it propagates through the machine, network, system, or the like.

Abstract: An example system receives certificate requests from clients. Each request indicates: a number of computerized devices needing certificates; a timestamp indicating when the request was transmitted; and a client. The system includes a Quality of Service (QoS) manager that: distributes the requests from the clients across client queues, each of the client queues corresponding to a particular client; and divides requests into smaller subgroups of entries corresponding to a subset of the computerized devices needing certificates. It also includes a QoS arbiter that selects a sequence of entries from the client queues to be placed onto a QoS queue based on a number of entries in the QoS queue, a latency level of a certificate management service, and timestamps indicating when requests were transmitted, where the QoS manager retrieves entries from the QoS queue in the sequence selected by the QoS arbiter and transmits them to the certificate management service.

Abstract: Embodiments of the disclosed technology include systems and methods for identifying one or more entities associated with activities. In an example implementation, a method includes determining one or more geographical regions proximate to the plurality of locations associated with the one or more activities; determining connections between one or more identities of a population and a plurality of related entities associated with the one or more identities; determining geographical information associated with related entities; weighting one or more metrics for each of the identities based on the geographical information associated with the related entities and the or more geographical regions proximate to the plurality of locations associated with the one or more activities; scoring the one or more weighted metrics; and providing, based on the scoring, an indication of a likelihood that the one or more identities of the population are associated with the one or more activities.

Abstract: A transmit packet processing system includes a memory, one or more processors in communication with the memory, and an operating system. The one or more processors execute a packet processing thread and a rearming thread. The OS maps a receive ring into a first memory of an application and maps the first memory into kernel memory. The packet processing thread reads a receive ring. The packet processing thread retrieves the packet information within the receive ring. The packet processing thread processes the packets. The packet processing thread notifies the rearming thread that a batch size limit is reached and the rearming thread requests the OS to rearm the plurality of descriptors. The OS receives the request and initializes the first descriptor of the plurality of descriptors.

Abstract: A system and method for responding to data security incidents in enterprise networks using an incident response bus (IR bus) within an incident management system is disclosed. An Incident Manager (IM) application of the system stores objects that include information concerning data security incidents that occur in enterprise networks managed by the incident management system. Users configure action conditions on the IM, the satisfaction of which cause the IM to send messages that include the information concerning the incidents to message queues, or destinations. Correspondingly, the IR bus includes plugins associated with the devices in each client's enterprise network, where each plugin can access the message destinations for the messages. The plugins, in one embodiment, also configure one or more chains of plugins that process the messages. The plugins then execute the chains of plugins to specify actions for the devices to execute to provide a response to the incidents.

Abstract: A system includes a retrieval engine, an authentication engine, an extraction engine, a determination engine, and an export engine. The retrieval engine receives a request for a data report from a user via a user device. The retrieval engine receives reporting data from one or more data servers. The authentication engine determines whether the user is authorized to receive the customized data based on an authentication token. The extraction engine configured to extract one or more report requirements from the request and extract customized data from the reporting data based on report requirements and metadata. The determination engine determines one or more presentation generation tools based on the report requirements and the customized data. The export engine communicates the customized data and a routine to the one or more presentation generation tools.

Abstract: Providing streaming of one or more applications from streaming servers onto one or more clients. The computer readable medium includes computer-executable instructions for execution by a processing system. The applications are contained within one or more isolated environments, and the isolated environments are streamed from the servers onto clients. The system may include authentication of the streaming servers and authentication of clients and credentialing of the isolated environments and applications the clients are configured to run. The system may include encrypted communication between the streaming servers and the clients. The system may further include a management interface where administrators may add, remove and configure isolated environments, configure client policies and credentials, and force upgrades.

Abstract: A controller is configured to perform various steps including receiving a plurality of user identification values. Another step includes determining a first range of the plurality of user identification values, the first range including a first minimum user identification value and a first maximum user identification value. Another step includes assigning a first user identification value to a first user from the first range of the plurality of user identification values to a first user based on the first minimum and maximum user identification values. Another step includes determining a second user identification value from the first range of the plurality of user identification values by incrementing the first user identification value based on the first minimum and maximum identification values. Yet another step includes assigning the second user identification value to a second user.

Abstract: Methods, systems and computer readable media described herein may facilitate the automatic identification of a need for additional authentication based on a received private message or PID, the urgency of a received private message, thus determining whether an immediate alert is output to a user, and/or a determination whether a protected message is to be archived for later retrieval via authentication. A device may be configured (e.g., by user input) to control selective decoding and display of messages (e.g., private messages), registration and configuration of blacklists, and/or defining criteria for determining urgency of a received message. Device configurations may be dynamically changed or updated according to user preferences and user treatment of received messages.

Abstract: Devices for sampling a plurality of input signals are provided, wherein a sampling device is controlled to sample the input signals in a random order with additional delays. Other embodiments relate to voltage monitoring systems and corresponding methods.

Abstract: An information processing apparatus includes a storage device configured to store data, an encryption chip configured to store an encryption key therein, a nonvolatile memory configured to store a backup encryption key, and a control unit configured to confirm whether the data stored in the storage device has been correctly decrypted by using the encryption key, and when the data has not been correctly decrypted, restore the backup encryption key to the encryption chip, and when the data has been correctly decrypted, back up the backup encryption key, which is a backup of the encryption key, stored in the encryption chip into the nonvolatile memory.