Abstract: Provided is a method and apparatus for providing a cryptographic security function for the operation of a device, and to an associated computer program (product). The method for providing a cryptographic security function for the operation of a device carries out the following steps: receiving a request to provide such a security function, providing an interface to a point providing such a security function, said point being called a trust anchor, wherein said interface determines context information in accordance with the application initialing the request, providing the requested security function for the application initiating the request, wherein the determined context information influences the provision of said security function.

Abstract: Managed real-time communications between user devices may be provided. Upon receiving a request to instantiate a communication connection from an application, a secure session may be established between the application and a remote application. Input from a user of the application may be received, subjected to at least one management policy, and transmitted to the remote application.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for securely performing cryptographic operations. One of the methods includes receiving biometric information associated with a user and a request to perform one or more cryptographic operations based on one or more cryptographic keys stored in a memory of an identity cryptographic chip (ICC); comparing the biometric information associated with the user with biometric information pre-stored in the memory of the ICC as pre-stored biometric information; and in response to determining that the biometric information matches the pre-stored biometric information, authorizing the one or more cryptographic operations to be performed.

Abstract: A segmentation server generates and distributes management instructions for enforcing a segmentation policy. The segmentation server discovers a network configuration of workloads including an identification of workloads that are behind network address translation modules. The segmentation server generates management instructions for enforcing the rules in a manner dependent on the detected network configuration. Furthermore, the segmentation server monitors traffic flows and generates a traffic flow graph in a manner dependent on the detected network configuration.

Abstract: A system may include a first network device configured to communicate via an encrypted session, and a second network device configured to communicate with the first network device via the encrypted session, where the second network device may be configured to perform operations to facilitate communication via the encrypted session. The operations may include receive a first set of data from a device other than the first network device, where the first set of data is used to communicate via the encrypted session. The operations may also include combine peer-to-peer information to be used by the first network device to communicate via the encrypted session to an encrypted packet, where the peer-to-peer information is combined with the encrypted packet in an unencrypted form. The operations may additionally include send the encrypted packet with the peer-to-peer information to the first network device.

Abstract: The disclosed computer-implemented method for protecting passwords may include (i) intercepting network traffic indicating an attempted login procedure at a workload device to login to a protected resource, (ii) prompting a user, in response to intercepting the network traffic, and at an authentication device that has been registered to the user, to indicate whether to approve the attempted login procedure, (iii) collecting, at the authentication device, a credential for the attempted login procedure that was stored in a protected vault of the authentication device, (iv) providing, by the authentication device to the workload device, an authentication decision based on the collected credential, and (v) injecting, at the workload device, the authentication decision into a browser session to enable the user to complete the attempted login procedure to login to the protected resource. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and system for the deployment of deceptive decoy elements in a computerized environment to identify data leakage processes invoked by suspicious entities are presented. The method includes generating at least one deceptive decoy element; and deploying the generated at least one deceptive decoy element in a folder in a file system of the computerized environment, wherein the deployment is based on a sensitivity level of the folder, wherein the at least one deceptive decoy element is configured to provide an indication of unauthorized access upon an attempt by an unauthorized entity to access the folder.

Abstract: The invention relates to a system for protecting IoT devices from malicious code, which comprises: (a) a memory extracting module at each of said IoT devices, for extracting a copy of at least a portion of the memory content from the IoT device, and sending the same to an in-cloud server; and (b) an in-cloud server for receiving said memory content, and performing an integrity check for a possible existance of malicious code within said memory content.

Abstract: Images related to one or more attacks to a service provider system may be analyzed to improve the security of the service provider system. Each of the images may be segmented into multiple segments. Each of the segments is analyzed independently to determine whether the segment includes obfuscated data and if so, which one of the data obfuscation techniques was used to generate the obfuscated data. Additional information regarding the obfuscated data may be derived from other segments that include unobfuscated data and from the metadata of the image. A data restoration algorithm may be configured accordingly to restore the obfuscated data. The restored data, as well as a context derived for the image, may be used to adjust one or more security parameters of the service provider system to improve the security of the service provider system.

Abstract: Embodiments of the present invention provide techniques, systems, and methods for remote, agent-less enterprise computer threat data collection, malicious threat analysis, and identification and reporting of potential and real threats present on an enterprise computer system. Specifically, embodiments are directed to a system that securely collects system information from computers across the enterprise, internally encrypts and analyzes the collected information for indicators of compromise, threatening behavior, and known vulnerabilities, and generates alerts regarding known and potential threats for further analysis and remediation. If potential threats are identified, the system may deploy a memory analysis module that takes a deeper analysis of the potentially compromised computer to obtain more information about the potential threat.

Abstract: Techniques are provided for selectively granting access credentials through the use of a machine learning model. Embodiments include collecting data from one or more sources related to user access of an information technology (IT) infrastructure. Based on the collected data, a machine learning model is created for authenticating a request from a client device to access the computer system within the IT infrastructure based on the collected data, based on the machine learning model. An access credential is generated upon processing the user identifier as an input to the machine learning model, and the access credential is provided to the client device.

Abstract: A computing device detects a trigger or context associated with exchanging, using a body area network (BAN), body area network services with another device. The BAN services can include a discovery service to allow the computing device to connect to a network. Responsive to detecting the trigger or context, one or more body area networks are discovered and the other device is discovered. If the computing device and the other device are new to each other, the computing device is authenticated to the body area network one or more body area network services can be exchanged. If the devices are not new to each other, body area network services can be exchanged using the other device.

Abstract: Methods, computer program products, and systems are presented. The method computer program products, and systems can include, for instance: examining ledger data of a blockchain ledger; examining node data of a plurality of candidate nodes, wherein the examining node data includes examining data of candidate nodal networks associated to respective ones of the plurality of candidate nodes; and transitioning blockchain ledger access in dependence on the examining of the ledger data and in dependence on the examining of the node data, wherein the transitioning blockchain ledger access includes transitioning blockchain ledger access between a first candidate node and a second candidate node of the plurality of candidate nodes.

Abstract: Systems and methods are disclosed for authenticating a chunk of data identified in a query received by a data intake and query system. The data intake and query system receives a query that identifies a set of data and manner for processing the set of data, and identifies a chunk of data that is part of the set of data. The system generates a content identifier, such as a hash, of the chunk of data. The system further authenticates the chunk of data based on the generated content identifier and a content identifier stored by a distributed ledger system.

Abstract: Methods, computer program products, and systems are presented. The method computer program products, and systems can include, for instance: examining ledger data of a blockchain ledger; examining node data of a plurality of candidate nodes, wherein the examining node data includes examining data of candidate nodal networks associated to respective ones of the plurality of candidate nodes; and transitioning blockchain ledger access in dependence on the examining of the ledger data and in dependence on the examining of the node data, wherein the transitioning blockchain ledger access includes transitioning blockchain ledger access between a first candidate node and a second candidate node of the plurality of candidate nodes.

Abstract: Methods, systems, and devices for server-initiated secure sessions are described, A browser application may connect to a portal, where the portal may transmit a command to a server agent to initiate a secure session with an endpoint device. The server agent may be housed in a destination server, and may establish a secure connection with an intermediary server using a secure communication protocol. The secure connection may be made by directing the destination server to open an outbound connection through a firewall of the destination server, A browser session may be redirected to the intermediary server from the browser application, and the intermediary server may route the browser session traffic to the secure connection.

Abstract: Detecting malware attacks is described herein. A computer-implemented method may include receiving, via a processor, events from a plurality of activity monitors. The method also include extracting, via the processor, a plurality of behavioral features from the received events. The method may further include detecting, via the processor, a malware attack based on the extracted behavioral features using a malware identification model trained on private data and public data using a machine learning technique, wherein the private data includes private enterprise attack findings. The method may also include executing, via the processor, an ad hoc protection improvement based on the detected malware attack.

Abstract: An n-tiering security threat inference and correlation apparatus (100) for monitoring and anticipating cyber attacks is disclosed. The apparatus comprises a plurality of groups of inference-correlation systems (106(a, b)-114(a, b)), each group arranged with at least one inference system and at least one associated correlation system configured to monitor at least one network; and an input/output (I/O) system (102) configured to receive security events, and broadcast the received security events to the plurality of groups of inference-correlation systems; wherein the respective groups of inference-correlation systems are configured to process only the broadcasted security events relevant to the respective networks to identify the cyber attacks. A method of operating the apparatus is also disclosed.

Abstract: Embodiments of a secure multi-party computation method applicable to any computing node deployed in a distributed network are provided. A plurality of computing nodes are deployed in the distributed network. The plurality of computing nodes jointly participate in a secure multi-party computation based on private data respectively held by the computing nodes. The method includes: generating a computing parameter related to private data held by one computing node based on a secure multi-party computation algorithm; transmitting the computing parameter to other computing nodes participating in the secure multi-party computation for the other computing nodes to perform the secure multi-party computation based on collected computing parameters transmitted by the computing nodes participating in the secure multi-party computation; and creating an audit log corresponding to the computing parameter, the audit log recording description information related to the computing parameter.

Abstract: Methods and apparatus for controlling access to and/or forwarding of communicated information, e.g. traffic, in a wireless communication system are described. The key, e.g., PSK, used to secure data that is transmitted to an access point for communication to a destination device is taken into consideration when deciding whether or not to provide the destination device access to the communicated content. The decision of whether or not to provide the destination device access to a communication may involve deciding whether or not to forward the received data to another device, e.g., another access point, for delivery to the destination device and/or may involve deciding whether or not to transmit the data to the destination device. If the destination device is not associated with, e.g., does not have access to and/or authorization to use, the key used to secure the received data, the data is not communicated to the destination device.