Abstract: A control panel may prevent access to one or more aspects of the control panel based at least in part on one or more security parameters. The security parameters may include a default locked status and a takeover locked status. The default locked status may prevent a user or other personnel from accessing the software, code, or other intellectual property on the control panel while still allowing the user to interface with the security and/or automation system. The takeover locked status may prevent any access or use of the control panel. To protect the automation system and the automation system provider, it may be desired to use a unique identifier to unlock at least one or more aspects of the control panel. The unique identifier may be loaded onto an external storage device which the control panel may automatically recognize.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that manage cryptographically secure exchanges of data using a permissioned distributed ledger. For example, an apparatus may obtain parameter data and additional content associated with a data exchange. The apparatus may generate first data that includes at least a portion of the additional content accessible to a first computing system, and may generate second data that includes at least a portion of the parameter data. The apparatus may provide the first data to a peer computing system, which records encrypted information associated with the first data within an element of a distributed ledger accessible at the first computing system. The apparatus may also provide the second data to a second computing system, which executes the data exchange in accordance with at least the portion of the parameter data.

Abstract: The disclosed computer-implemented method for deep packet inspection of vulnerable network devices may include (i) detecting at least one vulnerability associated with a network device service, (ii) identifying one or more network devices associated with the vulnerability, (iii) initiating a deep packet inspection of data traffic communicated by a target network device, (iv) determining, based on the deep packet inspection, one or more signatures associated with a potential malware attack for the target network device, and (v) performing a security action that mitigates the potential malware attack. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: In an embodiment, a data processing method comprises receiving, from one or more service monitoring processes configured to monitor operations of one or more computer applications instantiated within one or more containers, operation datasets representing operations that have been performed by one or more processes associated with the one or more computer applications; generating a baseline dataset of operations having operation properties from the operation datasets; computing a score for each operation in the baseline dataset, from the operation datasets, the score indicating whether the operation is a candidate for generating a rule that defines one or more expected values for an operation property of the operation; automatically generating a set of baseline operations rules for only those operations in the baseline dataset that score more than a score threshold.

Abstract: A method, system, and computer-usable medium for analyzing security data formatted in STIX™ format. Data related to actions performed by one or more users is captured. Individual tasks, such as analytics or extract, transform, load (ETL) tasks related to the captured data is created. Individual tasks are registered to a workflow for executing particular security threat or incident analysis. The workflow is executed and visualized to perform the security threat or incident analysis.

Abstract: The present disclosure relates to a communication method and system for converging a 5th-Generation (5G) communication system for supporting higher data rates beyond a 4th-Generation (4G) system with a technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. Embodiments herein provide a method for authentication by dynamically generating security credentials in plug and play scenarios without a pre-configuration of F1 security credentials at an integrated access and backhaul (IAB) relay device in a wireless network.

Abstract: A method, system and product for detecting firmware vulnerabilities, including, during a testing phase of a firmware of a device, continuously polling states and activities of the device, wherein said polling is at a testing agent that is functionality separate from the firmware; correlating between at least one event that is associated with the states or the activities of the device and test results of the testing phase; based on said correlating, determining for the firmware one or more normal events and one or more abnormal events; and after the testing phase, providing indications of the one or more normal events and one or more abnormal events from the testing agent to a runtime agent, whereby said providing enables the runtime agent to protect the firmware from vulnerabilities associated with the one or more abnormal events.

Abstract: Generally discussed herein are systems, apparatuses, and methods for cyber resiliency. An apparatus can include one or more memory devices including a plurality of instruction sets corresponding to respective application variants stored thereon, one of the application variants including an unmodified version of an application, and one of the application variants including a modified version of the application including the application altered to be resistant to a specified type of cyberattack, processing circuitry to execute the application variants based on a same input, and generate an output, and a monitor to compare output from each of the application variants, and in response to detecting that the output from an application variant of the application variants is not equal to the output from other application variants of the application variants executing a time delayed version of the application variants or restoring the application variants to a known good operating state.

Abstract: Techniques are provided for intrusion detection on a computer system. In an example, a computer host device is configured to access data storage of the computer system via a communications network. It can be determined that the computer host device is behaving anomalously because a first current access by the computer host device to the data storage deviates from a second expected access by the computer host device to the data storage by more than a predefined amount. Then, in response to determining that the computer host device is behaving anomalously, the computer system can mitigate against the computer host device behaving anomalously.

Abstract: A system and method for securing virtual cloud assets in a cloud computing environment against cyber threats. The method includes: determining a location of a snapshot of at least one virtual disk of a protected virtual cloud asset, wherein the virtual cloud asset is instantiated in the cloud computing environment; accessing the snapshot of the virtual disk based on the determined location; analyzing the snapshot of the protected virtual cloud asset to detect potential cyber threats risking the protected virtual cloud asset; and alerting detected potential cyber threats based on a determined priority.

Abstract: Disclosed is a system and method of de-identifying data. A method includes splitting, at a first entity, a byte of data of an original record into a first random portion and a second random portion, inserting first random bits into the first random portion to yield a first new byte and inserting second random bits into the second random portion to yield a second new byte. The method then includes transmitting the second new byte to a second entity, receiving, at the first entity, a first portion of an algorithm from the second entity and processing the first new byte by the first portion of the algorithm to yield a first partial result. The first partial result can be combined with a second partial result from the second entity processing the second new byte by a second portion of the algorithm.

Abstract: A network security system provides portals which enable automatic creation of a dynamic one-time port forwarding rule for an authorized user's current IP address following two factor authentication of the authorized user. Such a dynamic one-time port forwarding rule is utilized to set up a connection, at which point the dynamic one-time port forwarding rule is removed, preventing any attacker from subsequently taking advantage of it. Such a methodology is advantageous as compared to conventional port forwarding in that it is much more secure. Such a methodology is advantageous as compared to traditional port forwarding with access control both in that a user does not always have to utilize the same device with a static IP address, and in that the port forwarding rule representing or exposing a potential vulnerability is deleted after a connection is established.

Abstract: A computing system includes an anonymizer server. The anonymizer server is communicatively coupled to a data repository configured to store a personal identification information (PII) data. The anonymizer server is configured to perform operations including receiving an anonymized data request, and creating an anonymized data repository based on the anonymized data request. The anonymizer server is also configured to perform operations including anonymizing the PII data to create an anonymized data by applying a cluster-based process, and storing the anonymized data in the anonymized data repository.

Abstract: Fairness and output authenticity for secure distributed machine learning is provided by way of an encrypted output of a garbled circuit which is simultaneously provided to a garbler and an evaluator by an output discloser. Related systems, methods and articles of manufacture are also disclosed.

Abstract: Systems, methods, and non-transitory computer-readable storage media are disclosed for detecting, identifying, and/or assessing hidden vulnerabilities in an enterprise network. In one example, a device may have one or more memories storing computer-readable instructions and one or more processors configured to execute the computer-readable instructions to receive vulnerability data of network components within an enterprise network. The vulnerability data can include identification of one or more vulnerabilities detected within the enterprise network. The device can then determine a vulnerability frequency and a machine frequency associated with each of the one or more vulnerabilities. The device can then determine a vulnerability score for each of the one or more vulnerabilities based on the vulnerability frequency and an inverse of the machine frequency, to yield a plurality of vulnerability scores. The device can then rank the one or more vulnerabilities based on the plurality of vulnerability scores.

Abstract: Disclosed embodiments relate to systems and methods for correlating software pipeline events. Techniques include receiving first data representing at least one aspect of a first software pipeline event; identifying a value as a potential identifier of the first software pipeline event; storing the value in a data structure in an associative manner with the first software pipeline event; receiving second data representing at least one aspect of a second software pipeline event; identifying an additional value as a potential identifier of the second software pipeline event; comparing additional value to the value stored in the data structure; based on the comparison, determining whether a correlation exists between the first software pipeline event and the second software pipeline event; and based on a determination that a correlation exists, providing an indication of the correlation.

Abstract: An apparatus comprises a processing device configured to receive, at a user interface of a trust platform configured to manage cloud assets operating in clouds of two or more cloud service providers, a specification of security and compliance controls to be implemented for workloads of a given entity running on a subset of the cloud assets. The processing device is also configured to obtain, utilizing application programming interfaces of the trust platform, information characterizing deployed security and compliance controls for the subset of the plurality of cloud assets from first and second pluralities of monitoring tools operating in tenant and management environments of the clouds.

Abstract: Disclosed is an operation method for a dynamic analyzer for analyzing an execution state of a web application. The present invention comprises the steps of: analyzing an execution state of the web application on the basis of a final attack string including a parameter which indicates a particular operation to be executed through the web application; and performing an analysis of the execution state of the web application, wherein the final attack string is generated so as to avoid filtering logic which is designed to filter a raw attack string including a predefined parameter. Therefore, the present invention can detect a security vulnerability, which cannot be detected by the existing dynamic analyzer, through easy generation of a final attack string capable of bypassing filtering.

Abstract: Knowledge-aware detection of attacks on a client device conducted with dual-use tools. A method may include obtaining dual-use tool data related to a plurality of dual-use tools; collecting from a client device, by the computing device, user input related to the use of a dual-use tool of the plurality of dual-use tools; determining that the user input contains a feature of the dual-use tool data; creating a behavioral index of the user input, the behavioral index stored on the client device; detecting new input on the client device; determining a similarity level between the user input and the new input; flagging a malicious attack on the client device based on determining that the similarity level does not satisfy a pre-determined threshold; and implementing a security action on the client device based on flagging the malicious attack.

Abstract: The present disclosure is directed to a method of detecting anomalous behaviors based on a temporal profile. The method can include collecting, by a control system comprising a processor and memory, a set of network data communicated by a plurality of network nodes over a network during a time duration. The method can include identifying, by the control system, one or more seasonalities from the set of network data. The method can include generating, by the control system, a temporal profile based on the one or more identified seasonalities. The method can include detecting, by the control system and based on the temporal profile, an anomalous behavior performed by one of the plurality of network nodes. The method can include identifying, by the control system and based on the temporal profile, a root cause for the anomalous behavior.