Abstract: Methods and systems identify and redact PII. A PII sensitivity detection framework includes multiple layers where each layer corresponds to a model. The framework analyzes data stored within different data tables and predicts whether a data column includes PII. The first layer corresponds to an AI model that analyzes each column metadata and predicts a first score indicative of a first likelihood of PII existence. The second layer corresponds to a rule-based model that uses various rules to determine a second score indicative of a second likelihood of PII existence for each column. The third layer corresponds to a column content model that analyzes content of each column using various natural language processing techniques to generate a third score indicative of a third likelihood of PII existence. The framework masks data presented to a user based on the scores generated via execution of one or more of the layers.

Abstract: Responsive to a user instruction or a security breach occurring in an enterprise computing environment, an emergency shutdown and restore module is adapted to obtain and evaluate an identity population definition to determine a population of identities (e.g., a forensic team) associated with accounts distributed across applications in the enterprise computing environment. The emergency shutdown and restore module is further adapted to determine source systems of such accounts and communicate with those source systems via source-specific connectors. The emergency shutdown and restore module can respectively request the source systems to shut down access to the applications by the accounts associated with the population of identities, or to exclude the accounts associated with the population of identities in shutting down access to the applications. After performing a security breach analysis, the emergency shutdown and restore module can request the source systems to restore access respectively.

Abstract: A computer-implemented method, computer program product and computing system for: establishing connectivity with a plurality of security-relevant subsystems within a computing platform; and mapping one or more data fields of a unified platform to one or more data fields of each of the plurality of security-relevant subsystems.

Abstract: Churn-aware training of a classifier which reduces the difference between predictions of two different models, such as a prior generation of a classification model and a subsequent generation. A second dataset of labelled data is scored on a prior generation of a classification model, wherein the prior generation was trained on a first dataset of labelled data. A subsequent generation of a classification model is trained with the second dataset of labelled data, wherein in training of the subsequent generation, weighting of at least some of the labelled data in the second dataset, such as labelled data threat yielded an incorrect classification, is adjusted based on the score of such labelled data in the prior generation.

Abstract: An over-the-air (OTA) upgrade method includes obtaining, by a server, a new version of encrypted data and an old version of encrypted data of system software applied to a mobile terminal, decrypting, by the server, the new version of encrypted data to obtain a new version of original data, decrypting, by the server, the old version of encrypted data to obtain an old version of original data, performing, by the server, differentiation on the new version of original data and the old version of original data to obtain differential data, generating, by the server, OTA data based on the differential data, and sending, by the first server, the OTA data to the mobile terminal.

Abstract: Systems, methods, and computer-readable storage media for protecting data. One system includes a readiness system configured to access entity data of an entity, determine a security posture of the entity based on the entity data, and model the security posture and a plurality of security objectives of the entity to generate a set of cybersecurity attributes of the entity. The system can further include a cybersecurity connection system configured to determine and provide, utilizing one or more protection parameters, a cybersecurity protection plan corresponding to a new cybersecurity attribute to protect the entity, wherein the cybersecurity protection plan is configured to be activated in response to an acceptance by the entity and an incident system configured to model a plurality of cybersecurity protection plans between the entity and a third-party.

Abstract: A system and method for adapting one or more cybersecurity microservices to accelerate cybersecurity threat mitigation includes constructing a subscriber-specific data corpus comprising a plurality of distinct pieces of computing environment-informative data of a target subscriber; adapting a subscriber-agnostic microservice of the cybersecurity service to a subscriber-specific microservice, wherein: the subscriber-agnostic microservice includes a plurality of subscriber-agnostic cybersecurity event handling instructions, and adapting the subscriber-agnostic microservice to the subscriber-specific microservice includes generating a plurality of context-informed cybersecurity event handling instructions; augmenting the subscriber-agnostic microservice to include the plurality of context-informed cybersecurity event handling instructions; computing for a target cybersecurity event a subscriber-specific threat severity level based on one or more of the plurality of context-informed cybersecurity event handling i

Abstract: An indication of a key generation function may be received from a server. A random value may be received based on a volatile memory of a device. A cryptographic key may be generated based on the key generation function from the server and the random value that is based on the volatile memory of the device. The cryptographic key may be stored at a non-volatile memory of the device.

Abstract: Attacks on a network device, e.g. an IoT device, are detected by analyzing network traffic and subsequently quarantining or blocking the network device on the network to prevent lateral movement of malware. The techniques described herein relate to developing a baseline of network device activity corresponding with a network device during a learning period and comparing the baseline of network device activity with new network activity by the network device in order to identify potentially unusual network device activity by the network device. If unusual network activity is found, remedial actions such as quarantining the network device or restricting some access to a network may be initiated.

Abstract: An apparatus for collecting data includes a memory that stores a vehicle identifier for identifying a vehicle; and a processor configured to associate, when a time of generation of data representing road environment around the vehicle is included in a first period, a first hash value with the data and to associate, when the time of generation is included in a second period different from the first period, a second hash value different from the first hash value with the data. The data is generated by a sensor mounted on the vehicle. The first hash value and the second hash value are obtained by irreversibly transforming the vehicle identifier.

Abstract: A method for protecting content, comprising receiving, from a client device, a request for an encryption key for encrypting the content comprising a reference associated with the client device, identifying a set of supported security capabilities corresponding to the reference associated with the client device, identifying a set of required security capabilities corresponding to the content associated with the key request, determining if the set of supported security capabilities satisfy the set of required security capabilities, and in response to determining that the supported security capabilities satisfy the set of required security capabilities, transmitting the encryption key to the client device.

Abstract: Systems, methods, and computer-readable media for performing threat remediation through a switch fabric of a virtualized network environment. Data traffic passing into a virtualized network environment including a plurality of virtual machines running on a switch fabric is monitored. A network threat introduced through at a least a portion of the data traffic is identified at the switch fabric. One or more remedial measures are performed in the network environment based on the identification of the network threat in the virtualized network environment.

Abstract: A system and method for generating a digital cybersecurity artifact includes selectively executing an automated cybersecurity investigation workflow based on a probable cybersecurity threat type of a cybersecurity event, wherein an output of the automated cybersecurity investigation workflow includes one or more corpora of investigation findings data in response to executing the automated cybersecurity investigation workflow; selectively instantiating a digital cybersecurity artifact of a plurality of digital cybersecurity artifacts based on the probable cybersecurity threat type of the cybersecurity event, wherein the digital cybersecurity artifact includes a plurality of distinct regions electronically mapped to one or more threat type-specific content automations that, when executed, install investigation findings data into the plurality of distinct regions of the plurality of distinct regions of the digital cybersecurity artifact with selective subsets of investigation findings data of the one or more cor

Abstract: A method for controlling an operation of a virtual machine on a cloud by a server is provided. The method includes: (a) receiving, from a terminal device of a user having only a usage authority for a specific virtual machine resource among a plurality of virtual machine resources, a request for allocating or deallocating at least some of the plurality of virtual machine resources to the terminal device; and (b) based on a control condition of the user for the at least some of the plurality of virtual machine resources being recognized, supporting to perform allocation or deallocation of the virtual machine resource by generating a process corresponding to the at least some of the plurality of virtual machine resources and loading the process on a memory or deleting the process from the memory according to the request.

Abstract: Improved tools and techniques for generating stateful rules for behavior-based threat detection enable threat analysts, who do not have advanced computer programming skills, to quickly and easily generate high-level representations of stateful behavioral rules, which are then compiled into a format suitable for execution by a stateful rule processing engine. In some examples, the high-level representations of stateful rules are coded in a high-level, domain specific language (DSL). The DSL may provide high-level primitives suitable for (1) expressing sequences of attack behaviors, (2) tagging computational entities (e.g., threads, processes, applications, systems, users, etc.) with states (e.g., user-defined states), and/or (3) performing operations on endpoint nodes (e.g., reporting activity, blocking activity, terminating processes, etc.).

Abstract: A document is received. The document is analyzed to discover text and structures of content included in the document. A result of the analysis is used to determine intermediate text representations of segments of the content included in the document, wherein at least one of the intermediate text representations includes an added text encoding the discovered structure of the corresponding content segment within a structural layout of the document. The intermediate text representations are used as an input to a machine learning model to extract information of interest in the document. One or more structured records of the extracted information of interest are created.

Abstract: A system and computerized method for generating an improved cyber-security rule ordering for cyber-security threat detection or post-processing activities conducted by a rules-based cyber-security engine deployed within a network device is described. Herein, historical metadata associated with analytics conducted on incoming data by a rule-based cyber-security engine and in accordance with a plurality of rules is described. These rules are arranged in a first ordered rule sequence. The historical metadata is analyzed to determine one or more salient rules from the plurality of rules. The plurality of rules are reprioritized by at least rearranging an order to a second ordered rule sequence with the one or more salient rules being positioned toward a start of the second ordered rule sequence. Thereafter, the rule-based cyber-security engine operates in accordance with the reprioritized rule set that is arranged in the second ordered rule sequence to achieve improved performance.

Abstract: Systems and methods for user training. The systems and methods involve deploying at least one static file on a computing resource controlled by an operator, transmitting a URL to a target user, receiving a request for the URL from the target user, transmitting the at least one static file to the target user for execution in a web browser of the user, and receiving data regarding the execution of the at least one static file.

Abstract: A system and method for securing virtual cloud assets in a cloud computing environment against cyber threats. The method includes: determining a location of a snapshot of at least one virtual disk of a protected virtual cloud asset, wherein the virtual cloud asset is instantiated in the cloud computing environment; accessing the snapshot of the virtual disk based on the determined location; analyzing the snapshot of the protected virtual cloud asset to detect potential cyber threats risking the protected virtual cloud asset; and alerting detected potential cyber threats based on a determined priority.

Abstract: Systems and methods of generating a security key for an integrated circuit device include generating a plurality of key bits with a physically unclonable function (PUF) generator. Unstable bits of the plurality of key bits are identified, and a security key is generated based on the plurality of key bits, wherein the security key excludes the identified unstable bits.