Abstract: Methods and systems for configuring a security device, such as an electronic lock, are disclosed. In particular, the present disclosure describes methods and systems for provisioning a lock with a certificate such that any change to the lock, or changes to lock-server communication characteristics, can be detected and (optionally) prevented. As such, security of such devices is improved.

Abstract: A computer-implemented method at a data management system comprises receiving, at the system, a write made to a virtual machine from a virtual machine host; computing, at the system, a fingerprint of the transmitted write; comparing, at the system, the computed fingerprint to malware fingerprints in a malware catalog; repeating the computing and comparing; and disabling the virtual machine if a number of matches from the comparing breaches a predetermined threshold over a predetermined amount of time.

Abstract: Systems and methods are provided for authorizing an electronic transaction. In one implementation at least one processor is programmed to receive electronic transaction data and historical transaction data, the electronic transaction data including an entity identifier component and an amount component of an electronic transaction; determine, based on the entity identifier component and the amount component, a location of the electronic transaction in a space of a distributed representation space, the distributed representation space comprising a mapping of electronic transaction components in a high-order space; determine locations of the historical transaction data in the distributed representation space; determine a decision boundary in the distributed representation space based on the locations of the historical transaction data; and authorize the electronic transaction based on the location of the electronic transaction being within the decision boundary.

Abstract: Disclosed is a method and system for assessing the authenticity of a communication. The method comprises receiving data of the communication by the processor between one or more participants. Further, extracting one or more features by the processor from the data by using data extraction techniques. Further, comparing the one or more features by the processor with predefined threshold features stored in a feature repository. Further, generating, one or more authenticity attributes by using one or more trained Artificial Intelligence (AI) models applied over the one or more features, along with results of the comparing. Each of the one or more authenticity attributes generates a recommendation output, providing the authenticity of the communication.

Abstract: According to examples, an apparatus may include a processor that may identify activities of an entity on resources over a predetermined period of time, in which the entity is to use permissions assigned to the entity over the resources to perform the identified activities. The processor may also identify which of a plurality of groups of permissions includes the permissions the entity used to perform the identified activities and may determine permutations of the identified plurality of groups of permissions. The processor may further calculate respective scores for each of the determined permutations to identify permutations of the groups of permissions having the lowest scores and may output information pertaining to the determined permutations having the lowest scores.

Abstract: Computer-implemented systems, method and products configured for providing one or more restriction groups in a content management system are provided. One or more restriction marks may be associated with the one or more restriction groups. At least a first restriction mark may be associated with a first restriction group. The first restriction mark may be assigned to a first content item stored in the content management system, in response to determining that the first content is associated with the first restriction group, the first content item being associated with metadata indicating user access permissions according to the first restriction mark and a security classification. The metadata associated with the first content item may be updated based on the assignment of the first restriction mark to the first content item to allow or limit user access to the first content item.

Abstract: An apparatus, related devices and methods, having a memory element operable to store instructions; and a processor operable to execute the instructions, such that the apparatus is configured to identify sensitive user data stored in the memory by a first application, determine a risk exposure score for the sensitive user data, apply, based on a determination that the risk exposure score is above a threshold, a security policy to restrict access to the sensitive user data, receive a request from a second application to access the sensitive user data, determine whether the first application and the second application are similar applications, and allow access based on a determination that the first application and the second application are similar applications.

Abstract: An artifact is received from which features are extracted so as to populate a vector. The features in the vector can be reduced using a feature reduction operations to result in a modified vector having a plurality of buckets. A presence of predetermined types of features are identified within buckets of the modified vector influencing a score above a pre-determined threshold. A contribution of the identified features within the high influence buckets of the modified vector is then attenuated. The modified vector is input into a classification model to generate a score which can be provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.

Abstract: A system and method for generating a digital cybersecurity artifact includes selectively executing an automated cybersecurity investigation workflow based on a probable cybersecurity threat type of a cybersecurity event, wherein an output of the automated cybersecurity investigation workflow includes one or more corpora of investigation findings data in response to executing the automated cybersecurity investigation workflow; selectively instantiating a digital cybersecurity artifact of a plurality of digital cybersecurity artifacts based on the probable cybersecurity threat type of the cybersecurity event, wherein the digital cybersecurity artifact includes a plurality of distinct regions electronically mapped to one or more threat type-specific content automations that, when executed, install investigation findings data into the plurality of distinct regions of the plurality of distinct regions of the digital cybersecurity artifact with selective subsets of investigation findings data of the one or more cor

Abstract: Methods and systems for detecting and responding to an intrusion in a computer network include generating an adversarial training data set that includes original samples and adversarial samples, by perturbing one or more of the original samples with an integrated gradient attack to generate the adversarial samples. The original and adversarial samples are encoded to generate respective original and adversarial graph representations, based on node neighborhood aggregation. A graph-based neural network is trained to detect anomalous activity in a computer network, using the adversarial training data set. A security action is performed responsive to the detected anomalous activity.

Abstract: Systems, methods, and computer-readable media for performing threat remediation through a switch fabric of a virtualized network environment. Data traffic passing into a virtualized network environment including a plurality of virtual machines running on a switch fabric is monitored. A network threat introduced through at a least a portion of the data traffic is identified at the switch fabric. One or more remedial measures are performed in the network environment based on the identification of the network threat in the virtualized network environment.

Abstract: The current document is directed to methods and systems that generate microsegmentation quotients for computational entities and components of a distributed-computer-system. In the described implementation, microsegmentation quotients are generated for each component, subsystem, or computational entity, collectively referred to as “system entities,” of a set of specified system-entity types within the distributed computer system. Microsegmentation quotients are generated for system entities at any of the various hierarchical levels within a distributed computer system, including for the entire distributed computer system. Microsegmentation quotients are generated by an iterative process that refines initial estimates of the microsegmentation quotients for system entities within the distributed computer system.

Abstract: In some embodiments, a network node for securing physical assets may be provided. The network node may include a processor and a memory storing instructions. The network may be configured to: receive, from a first entity, a cryptographic data structure configured to identify a physical item stored in a secured location; in response to receiving the cryptographic data structure, generate and transmit to the first entity a plurality of fungible cryptographic items; secure the cryptographic data structure on a public data structure, such that the cryptographic data structure cannot be released unless the plurality of fungible cryptographic items are received; receive, from a second entity, the plurality of fungible cryptographic items; and in response to receiving the plurality of fungible cryptographic items, transmit to the second entity the cryptographic data structure.

Abstract: A communication method and a method for operating the communication network are disclosed. The method includes: obtaining a network identifier (NI) for a first member of the communication network, where the first member is un-validated and associated with a first user; obtaining a vote value regarding the first user from a second user of a second member in the communication network, where the second member is validated; generating a trust score for the NI based on the vote value; and validating the first member, in response to the trust score satisfying a trust score threshold, by inserting a first validated member identity hash block (MIHB) based on the NI into a master blockchain ledger for the communication network.

Abstract: A method is provided for inspecting network traffic. The method, performed in a single contained device, includes receiving network traffic inbound from an external host that is external to the protected network flowing to a protected host of the protected network, wherein the network traffic is transported by a secure protocol that implements ephemeral keys that endure for a limited time. The method further includes performing a first transmission control protocol (TCP) handshake with the external host, obtaining source and destination data during the first TCP handshake, the source and destination data including source and destination link and internet addresses obtained, caching the source and destination data, and using the cached source and destination data to obtain a Layer-7 request from the external host to the protected host and to pass a Layer-7 response from the protected host to the external host.

Abstract: Systems and methods can enable select virtual session capabilities on a user device configured to access a virtual session, which is an instance of a virtual machine. The user device can receive and forward to a gateway sever, a request to launch a virtual session. Based on the virtual session launch request, the gateway server can obtain a compliance profile determined from operational data. The gateway can permit user device access a virtual session hosted on a virtual machine (“VM”) server. The VM server can use the compliance profile and security data from the user device to determine a risk profile of the user device. The virtual session can be configured at the VM server based on the risk profile so as to allow access to a subset of available applications and functions within the applications for the virtual session.

Abstract: A cyber security threat tool may detect, analyze and alert of cyber security threats in, for example, a communication network of a service provider. For example, the tool may receive network connection data associated with a plurality of network connections between a plurality of computing devices, generate, based at least in part on the network connection data, a graphical database comprising a plurality of graph nodes corresponding to the plurality of computing devices and a plurality of graph edges corresponding to the plurality of network connections and performing a database query on the graphical database to generate query results, the database query including a connection pattern to be matched by the query results generated by the performing the database query. The cyber security threat tool may then render at least a portion of the query results in a graph view and cause the graph view to be output to a user.

Abstract: Two-way secure channels are provided between two parties to a communication with certification being provided by one party. One method comprises providing, by a first entity that provides a certificate authority, a first signed certificate to a second entity, wherein the first signed certificate is signed by the certificate authority and wherein the second entity generates a first request to sign a second certificate generated by the second entity, wherein the first request is generated by the second entity using a first credential generated by the second entity; receiving, from the second entity, (i) the first request to sign the second certificate, and (ii) the first signed certificate; and providing, in response to the certificate authority verifying the first signed certificate, a second signed certificate, signed by the certificate authority, to the second entity; wherein one or more additional communications between the first entity and the second entity use the two-way channel.

Abstract: A computer-implemented method, implemented by one or more computers including hardware and software. The method includes determining whether a computer system contains data subject to a protection policy; in response to a determination that the computer system contains data or information subject to said protection policy, determining whether the data is already subject to protection according to said protection policy; and in response to said determining, that the computer system contains data or information that is not already subject to protection according to said protection policy, applying or implementing the protection policy on the data or information.

Abstract: Embodiments of the present disclosure disclose a method, apparatus, device, and storage medium for processing a network request. The method comprises: activating a domain name server proxy based on local socket service in a preset application; in accordance with a determination that the preset application invokes a preset connect function, acquiring the preset connect function and replacing a destination file path in the preset connect function with a target file path corresponding to the domain name server proxy to establish a connection between the preset application and the domain name server proxy, wherein the target file path is pre-written in the preset application; receiving via the domain name server proxy a network request from the preset application, and parsing a domain name of the network request, and determining a first processing way of the network request based on a result of the parsing of the domain name.