Abstract: A method for detecting attacks on a network component of an industrial network uses a component monitoring unit integrated in the network component. The component monitoring unit has at least one checking module for performing a check on the network component and a communication module for the component monitoring unit to communicate with at least one further network component of the industrial network. The component monitoring unit further has a management module for managing a communication between the at least one checking module and the communication module. When a predetermined criterion is satisfied, the at least one checking module collects and/or evaluates information concerning the network component and/or concerning the satisfied criterion for the purpose of checking the network component.

Abstract: In one embodiment, a labeling service receives telemetry data for a cluster of endpoint devices in a first network environment. The endpoint devices in the cluster are clustered by a device classification service based on their telemetry data and labeled by a device type classifier of the device classification service as being of an unknown device type. The labeling service obtains a first device type label for the cluster of endpoint devices via a first user interface. The labeling service identifies one or more other network environments in which endpoint devices are located that have similar telemetry data as that of the cluster of endpoint devices. The labeling service obtains device type labels for the cluster of endpoint devices via a selected set of user interfaces from the identified one or more other network environments.

Abstract: The present invention generally relates to systems and methods for detecting and/or isolating any causes of defective and/or partially defective IoT device or individual sensor device(s). In embodiments the present invention generally relates to fixing, replacing, and/or troubleshooting IoT devices and/or individual sensor device(s) that are defective and/or partially defective.

Abstract: Systems, methods, and non-transitory computer-readable media can obtain respective instances of verification information can be obtained from computing systems associated with a plurality of third-party vendors, wherein a computing system associated with a third-party vendor determines verification information based at least in part on an analysis of an identification document provided by a user to be authenticated. The respective instances of verification information can be interpreted, wherein interpreting an instance of verification information comprises assigning respective states to attribute fields included in the verification information. A set of interpreted instances of verification information can be evaluated in combination to determine whether to authenticate the user, wherein the set includes an interpreted instance of verification information from each of the plurality of third-party vendors.

Abstract: A evaluation method by a computer, the method includes: making, based on domain information included in input cyber attack information, an inquiry about whether an address associated with the domain information exists to multiple first servers that manage associations between the domain information and addresses; make an inquiry about an answer history related to the domain information to a second server that monitors communication of the first servers and manages answer histories, related to the associations between the domain information and the addresses, of the first servers; and outputting a result of diagnosing a threat detail of a cyber attack related to the domain information based on a ratio of the number of answers indicating that an address associated with the domain information does not exist with respect to the number of answers acquired from each of the first servers, and the answer histories acquired from the second server.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which improves security of a system. The analytic server may monitor the system by retrieving status information from various devices within the system. The analytic server may generate an attack tree model based on a set of aggregation rules that are configured based on the monitored status information. The analytic server may detect one or more attacks by associating the status information with corresponding nodes of the attack tree model and executing a logic of the attack tree model. The analytic server may determine aggregated impact and risk metrics and calculate an impact score for each attack based on aggregated impact and risk metrics. The analytic server may generate reports comprising the one or more attacks ranked based on the impact scores. The analytic server may respond to one or more attacks by taking automated actions.

Abstract: A method for heterogeneous execution engines in a network centric process control system. The network centric process control system includes a plurality of nodes and each node includes one or more control service components, a middleware service component, a middleware API subcomponent, an address space subcomponent, and a communication component, where each control service component, middleware service component, and communication component is a separate executable running in a separate operating system process as provided by a real time operating system of each node.

Abstract: Systems and methods of automatically creating and operating a Maintenance End Point (MEP) include, at a slave/reactive network device, receiving an Operations, Administration, and Maintenance (OAM) Protocol Data Unit (PDU) with a destination Media Access Control (MAC) address equal to an interface address of the slave/reactive network device; automatically creating the MEP based on the received OAM PDU and attributes contained in a header of the OAM PDU, wherein the MEP is with a master/active network device; and operating an OAM session with the master/active network device including exchanging Continuity Check Messages (CCMs) with an interval learned from received CCMs from the master/active network device. The systems and methods can further include automatically deleting the MEP responsive to failing to receive any OAM PDUs from the master/active network device during the operating for a predetermined time.

Abstract: A method may include obtaining, from a user device, a first feedback from a first predetermined party regarding a data loss prevention (DLP) event through a graphical user interface (GUI). The method may further include determining whether the DLP event is authorized using the first feedback. The method may further include transmitting, automatically in response to determining that the DLP event is not authorized, a request for a second feedback by a second predetermined party using the GUI. The second predetermined party may be selected for the request automatically according to a routing queue. The method may further include obtaining, in response to transmitting the request for the second feedback, a selection of a security action regarding the DLP event using the GUI. The method may further include transmitting, automatically in response to the selection of the security action, a command that initiates the security action.

Abstract: The present invention reduces the time required for inspecting packets and detecting unauthorized commands. An intrusion prevention device (3) is connected to a communication network (9-1) in which a packet including a command for a device to be controlled is transmitted according to a predetermined rule. An analysis table storage part (34) stores an analysis table comprised of a predetermined number of slots for storing a predetermined number of commands together with time information. An input part (31) extracts the command from the packet detected from the communication network (9-1). A parse part (32) inserts the command into the analysis table. An analysis part (33) analyzes whether or not the plurality of commands stored in the respective slots of the analysis table follow the predetermined rule. A notification part (35) outputs an alarm when an analysis result indicates an abnormality. An output part (36) determines whether to pass or discard the packet according to the analysis result.

Abstract: An approach for publishing posts on a social network through one or more user accounts with different levels of attribution is disclosed. A secure user account publishes a post through a programmatically linked buffer user account. The secure user account and the buffer user account are programmatically linked. Posts published via the buffer user account can be modified to add attribution image data or other visual indicators of the original post creator.

Abstract: Disclosed herein are systems and methods for connecting a Domain Name System (DNS) secure resolution protocol. In one aspect, an exemplary method comprises, by a protection module, determining a DNS query from a client, determining a fulfillment of at least one condition for connecting the DNS secure resolution protocol, wherein the at least one condition is obtained from a database, and connecting the DNS secure resolution protocol for the client when the at least one condition for connecting the DNS secure resolution protocol is fulfilled.

Abstract: A system and method for endpoint selection in a global accelerator system. The global accelerator system includes client devices communicating with a global access point to access various endpoints that can host services. The access points may calculate ranked lists of the plurality of endpoints based on a selection algorithm for the access points and select, for each access point, one of the plurality of endpoints based on the ranked lists before routing the received packets to the selected endpoints by each respective access point.

Abstract: A method comprises collecting device data and connection data corresponding to a plurality of connected devices in a system, and identifying a plurality of network connections between two or more of the plurality of connected devices from the device data and the connection data. In the method, one or more configuration issues across one or more of the plurality of network connections are detected, and a visualization of a topology of the plurality of connected devices in the system is generated. The visualization comprises a depiction of the plurality of connected devices, the plurality of network connections and the one or more configuration issues.

Abstract: A system configured to receive input declaring structure and operation of a web application, including declarations of components of the web application and a declaration of a navigation-mode setting of the web application, and to generate and store, in interrelated tables of a database, a representation of the web application, including references to underlying scripts interpretable to define structure and operation of the components, and including a property record defining the navigation-mode setting. Further, the computing system is configured to receive, from a client device, a request for the web application and to responsively generate based on the stored representation, and output, a data representation defining the structure and operation of the web application, including the navigation-mode setting, for use by the web browser to render the web application including applying the indicated navigation mode.

Abstract: A client-server computer system includes a client-side application executing on a computing device, operative to communicate with a native application executing on the computing device to obtain and store a multi-media content file generated using the native application in a native content file format. A server includes a server-side application operative to communicate with the client-side application, and operative to: create an association between the multi-media content file, a recipient computing device, and a courier tracking number; determine that delivery of a parcel associated with the courier tracking number has occurred; and transmit the multi-media content file in the native content file format to the recipient device in response to determining that delivery of the parcel has occurred.

Abstract: Presented herein are methodologies for implementing application security. A method includes generating an extraction vector based on a plurality of application security rules to be enforced, transmitting the extraction vector to a first agent operating on a first network device and to a second agent operating on a second network device; receiving, separately, from the first agent and from the second agent, first metadata generated by the first agent and second metadata generated by the second agent by the agents applying the extraction vector to network traffic passing, respectively, through the first network device and the second network device. The first metadata includes a transaction ID assigned by the first agent, and the second metadata includes the same transaction ID. The method further includes correlating the first metadata with the second metadata based on the transaction ID to construct a transactional service graph for the network traffic.

Abstract: Systems and methods address automated temporally based configuration management of a procurement/deployment process that may be used at one or more data centers. A set of current configuration attributes and current parameter settings are maintained for a one or more data centers. Information may be obtained from a purchasing system describing a future device. Prior to actual arrival of the future device, the configuration for that future device may be defined. Upon detection of the uniquely identified future device being communicatively coupled to a management network, the previously defined configuration may be applied. Abstraction from a high-level to vendor specific configuration commands may also be incorporated to allow management of devices from multiple vendors.

Abstract: A processor-implemented method for linking identifiers to generate a unique entity identifier for deduplicating high-speed data streams in real time, the method comprising (i) obtaining one or more data streams with an identifier from independently controlled entities, wherein the one or more data streams comprises timestamp data and location indexed data that partially characterizes an activity of an entity, (ii) determining home location or internet protocol address of the entity by analyzing data obtained from the one or more data streams, (iii) clustering entity devices based on an association between an internet protocol address, a real-time event, a period of time or a location, (iv) disambiguating the clusters of entity devices into sub-clusters that resolve to an entity by analyzing data streams until a candidate pair of identifiers is obtained, (v) generating score for the candidate pair using a machine learning classifier to discern the candidate pair of identifiers into to same or different entity,

Abstract: A method performed by a user plane, UP. The method includes determining whether a redirect message should be sent to a user equipment, UE, that has transmitted a first message intended for a first server, wherein the determining comprises: i) receiving a message transmitted by the first server and determining, based on the message, whether a redirect message should be sent to the UE or ii) detecting a timeout with respect to the first server; and, as a result of determining that redirect message should be sent to the UE, sending to the UE the redirect message, wherein the redirect message is configured to cause the UE to send a second message to a second server.