Abstract: A method includes, at a security agent executing on a computing platform including a set of resources and a first application: authenticating the security agent with a security device; accessing a configuration profile, from the security device, defining identity information associated with the first application and a first security policy defining a subset of resources, in the set of resources, to which the first application is permitted access; authenticating the first application based on the identity information; monitoring the set of resources responsive to execution of the first application on the computing platform; and issuing a command to cause the computing platform to enter a safe state in response to detecting an access by the first application to a first resource in the set of resources, the first resource excluded from the subset of resources.

Abstract: An AI-based method and system for automatically monitoring first users during tasks performed by the first users, are disclosed. The AI-based method includes obtaining data associated with media contents from first communication devices associated with first users. The AI-based method further includes processing the data associated with the media contents to determine abnormal behaviors of the first users, using AI models. The AI-based method further includes generating alerts corresponding to the abnormal behaviors, to be provided to the first communication devices associated with the first users and second communication devices associated with second users. The AI-based method further includes terminating the tasks performed by the first users to prevent continuous violations on the tasks when a level of the abnormal behaviors exceed a pre-defined threshold. The AI-based method further includes generating outputs comprising information to be provided to the first users and second users.

Abstract: Various embodiments discussed herein are directed to improving existing technologies by extracting or detecting identifiers from a page, regardless of the device or platform a user is using, and then anonymizing such identifiers to determine if the same user accessed different pages or if the current user of a current computer session is a same user as in past computer sessions.

Abstract: The present disclosure generally relates to systems and methods that intelligently generate reassignment value condition for reassigning access rights. The systems and methods include executing a trained contextual machine-learning model to generate predictions of value components of the reassignment value condition, which once satisfied, enables an access-right requestor to have an assigned access right reassigned to the access-right requestor.

Abstract: Various hardware and software configurations are described herein which provide improved security and control over protected data. In some embodiments, a computer includes a main motherboard card coupled to all input/output devices connected to the computer, and a trusted operating system operates on the main motherboard which includes an access control module for controlling access to the protected data in accordance with rules. The trusted operating system stores the protected data in an unprotected form only on the memory devices on the main motherboard. The computer may also have a computer card coupled to the main motherboard via a PCI bus, on which is operating a guest operating system session for handling requests for data from software applications on the computer.

Abstract: A process includes receiving instruction to provide an electronic text document to a plurality of users and a security instruction. In response to the security instruction, the process generates a respective copy of the electronic text document for each user. Each respective copy of the electronic text document is associated with a user identifier of that user and each respective copy includes a respective unique identifier based on a change in presentation of at least one of at least one character of text or at least one image included in the electronic text document. Each copy of the electronic text document having a unique identifier is provided to the user associated with the user identifier associated with that respective copy of the electronic text document. A mapping of each user identifier to the respective unique identifier for the respective copy of the electronic text document is stored in storage.

Abstract: Systems and methods for automated actions for application policy violations are disclosed. For example, policy violation evaluation components may monitor requests and/or responses from one or more applications to identify content policy violations. When a violation is identified, an automated decision engine utilizes data representing the policy violation along with, in example, contextual information about the policy violation to identify a rule from a rules database that is associated with the policy violation. An action is determined from the selected rule, and a command is generated to perform the action in response to the policy violation.

Abstract: Systems and methods for enhanced OTP messaging, comprising: receiving a request from an application executing on a computing device of a user; generating the supplemental information based on the request; segmenting the supplemental information into a first part of the supplemental information and a second part of the supplemental information; transmitting the first part of the supplemental information to the computing device of the user via a first communication channel to another app executing on the computing device of the user; instructing the another app to allow the user to utilize one or more graphical user interface (GUI) elements of a GUI of the another app to transfer the first part of the supplemental information to the app; and transmitting the second part of the supplemental information to the computing device of the user via a second communication channel so as to provide the supplemental information to the app.

Abstract: Systems and methods for enhanced OTP messaging, comprising: receiving a request from an application executing on a computing device of a user; generating the supplemental information based on the request; segmenting the supplemental information into a first part of the supplemental information and a second part of the supplemental information; transmitting the first part of the supplemental information to the computing device of the user via a first communication channel to another app executing on the computing device of the user; instructing the another app to allow the user to utilize one or more graphical user interface (GUI) elements of a GUI of the another app to transfer the first part of the supplemental information to the app; and transmitting the second part of the supplemental information to the computing device of the user via a second communication channel so as to provide the supplemental information to the app.

Abstract: A method of increasing security of access to online accounts, comprising resetting access credentials of one or more accounts of one or more online services of one or more users, by transmitting an access credentials reset request, intercepting one or more credentials reset messages transmitted via one or more correspondence channels associated with the one or more users, the one or more credentials reset messages comprise a credentials reset network address, and accessing the credentials reset network address to replace existing access credentials for the one or more accounts with increased security credentials. Wherein one or more automated access agents adapted to automatically login the one or more users into the one or more online services uses the increased security credentials to login to the one or more accounts.

Abstract: The present disclosure relates generally to security solutions. More specifically, techniques (e.g., systems, methods, and devices) are provided to implement an incentivized-based intrusion detection system to detect malicious acts against an asset. The incentive may lure or facilitate the actor to provide information detecting malicious actions against an asset.

Abstract: A method for identifying non-provisioned access to software applications, the method comprising collecting from resources used by an organization a data record of software applications used by entities of the organization and a list of accounts registered in the software applications, performing an entity consolidation process to identify a main AD account associated with a specific account, where the main AD account is the account used for provisioned access to the software applications, extracting a list of application definitions that the main AD account of the specific account is assigned to access in a provisioned manner, performing an application consolidation process to identify a generic application identifier associated with a specific application of the software applications, and determining whether the specific account accesses the specific application in a provisioned manner or a non-provisioned manner according to the application definitions of the main AD account associated with the specific acc

Abstract: User identification information is received through a user interface device. A processor device supplies the user identification information through an input/output device to an external computerized device to receive, in response, external authorization to use features of an apparatus. The user interface device outputs a menu having options to create a local account based on the external authorization and, in response, receives instructions to create a local account using the processor device. The local account is created based on the instructions being received using the processor device. The local account is stored in a memory device. After creation of the local account, the processor device generates local authorization to use the features of the apparatus based on the user identification information matching information in the local account stored in the memory device, without contacting the external computerized device for the external authorization.

Abstract: A method for detecting anomalous streaming network traffic data in real time includes: creating an anomaly detection model including a singular value matrix and a data pattern matrix from a matrix of historical network traffic data; storing the singular value matrix and the data pattern matrix of the anomaly detection model; receiving streaming network traffic data; performing a log transform on the streaming network traffic data; applying the anomaly detection model to a matrix of the streaming network traffic data in real time as the streaming network traffic data is received; detecting anomalous patterns in the streaming network traffic data based on patterns identified by the anomaly detection model; and associating the anomalous patterns in the streaming network traffic data with IP addresses.

Abstract: The present disclosure describes defending against an attack execution operation. According to one aspect of the subject matter described in this disclosure, a method for generating a domain-specific language (DSL) file is disclosed. The method may comprise determining, a framework based on an attack repository, determining a first primitive based on the framework, and determining a second primitive based on the framework. In one implementation, the first primitive and the second primitive are fundamental structures or constructs within a DSL. The method further comprises combining the first primitive and the second primitive into a DSL file. In one implementation, the DSL file is executed to defend against a first attack execution operation executed by a threat-actor.

Abstract: The present describes simulating a threat-actor executing an attack execution operation. According to one aspect of the subject matter described in this disclosure, a method for generating a domain-specific language (DSL) simulant is disclosed. The method may comprise determining, a framework based on an attack repository, determining a first primitive based on the framework, and determining a second primitive based on the framework. In one implementation, the first primitive and the second primitive are fundamental structures or constructs within a DSL. The method further comprises combining the first primitive and the second primitive into a DSL simulant. In one implementation, the DSL simulant is executed to simulate a threat-actor executing an attack execution operation.

Abstract: A heightened level of security is provided in a computing platform by monitoring usage of applications and/or services residing on or accessible to a computing platform to determine abnormal usage patterns. In response to determining an abnormal pattern of usage, the user is required to provide biometric data, such as voice data, facial feature data, fingerprint data or the like, as a means of authenticating the user. The abnormal pattern of usage may be determined dynamically by comparing current usage patterns to known user baseline usage patterns. Alternatively, the abnormal pattern of usage is predefined, such as the resetting of passwords in a predefined number of applications and/or services over a predefined period of time.

Abstract: Systems and methods for providing least privilege access to a resource within a secured server are disclosed. The systems and method can include receiving an access request from a client requesting access to the resource, the access request comprising a role or policy associated with the client and one or more actions associated with the resource. A rules engine can be initialized, the engine defining one or more rules usable by the system to determine whether the access request complies with a least privilege policy. The systems and method can analyze the role or policy and the access request with the rules engine to determine whether the access request complies with the least privilege policy. When the access request complies with the rules, access to the resource can be granted; when the access request does not comply with the rules, access to the resource can be denied.

Abstract: An architecture is disclosed for submission and recordation of application programmer interfaces (APIs) using non-fungible tokens (NFTs) inserted into a blockchain. The API-NFT pairings are validated by nodes of the network. The system automatically searches for and generate NFTs for APIs and/or intermediate layers on a computer network based on metadata associated with the API and a hash of the API/intermediate layer. The API-NFT pair binding ensures that developers/consumers are ingesting APIs that are secure and do not include malicious rules. Furthermore, performance monitoring of the API is performed using artificial intelligence (AI) and machine learning (ML), including long short term memory (LSTM) neural networks.

Abstract: Data is received that characterizes artefacts associated with each of a plurality of layers of a first machine learning model. Fingerprints are then generated for each of the artefacts in the layers of the first machine learning model. These generated fingerprints collectively form a model indicator for the first machine learning model. It is then determined whether the first machine learning model is derived from another machine learning model by performing a similarity analysis between the model indicator for the first machine learning model and model indicators generated for each of a plurality of reference machine learning models each comprising a respective set of fingerprints. Data characterizing the determination can be provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.