Abstract: Attacks on a network device, e.g. an IoT device, are detected by analyzing network traffic and subsequently quarantining or blocking the network device on the network to prevent lateral movement of malware. The techniques described herein relate to developing a baseline of network device activity corresponding with a network device during a learning period and comparing the baseline of network device activity with new network activity by the network device in order to identify potentially unusual network device activity by the network device. If unusual network activity is found, remedial actions such as quarantining the network device or restricting some access to a network may be initiated.

Abstract: Provided in the embodiments of the present application is a blockchain hybrid consensus-based system for maintaining domain name information. A gTLD blockchain is formed by first network nodes where international generic top-level domain registries are located, and a ccTLD blockchain is formed by second network nodes where various countries codes top-level domain registries are located. In each blockchain, various network nodes of the blockchain participate in the domain name information update process, so that the domain name information update process will not be affected by a mistake or an attack on one network node. Compared to centralized maintenance methods, this decentralized maintenance method is more secure and is beneficial to maintaining the stability of the system.

Abstract: Systems and methods for improving security event classification by leveraging user-behavior analytics are provided. According to an embodiment, a UEBA-based security event classification service of a cloud-based security platform maintains information regarding historical user behavior of various users of an enterprise network. An endpoint protection platform running on an endpoint device that is part of the enterprise network performs an initial classification of the event, based on which the endpoint protection platform blocks activity by the process. The endpoint production platform requests input from the cloud-based security platform which causes the cloud-based security platform performs a reclassification of the event based on contextual information, multiple data feeds and the UEBA-based security event classification service.

Abstract: A method for accessing cloud resources via a local application development environment on a computing device. The method includes invoking an access management client at the computing device; obtaining an account identifier associated with a user account and communicating the account identifier to an identity platform; receiving an authentication message from the identity platform in response to the identity platform validating the account identifier, the authentication message comprising a role identifier; communicating the authentication message to the cloud platform; receiving security credentials associated with the role identifier from the cloud platform in response to the cloud platform validating the authentication message and the associated role identifier; setting a variable in the local development environment based on the received security credentials for use by the local development environment to request access to one or more resources maintained by the cloud platform.

Abstract: A method for protecting content, comprising receiving, from a client device, a request for an encryption key for encrypting the content comprising a reference associated with the client device, identifying a set of supported security capabilities corresponding to the reference associated with the client device, identifying a set of required security capabilities corresponding to the content associated with the key request, determining if the set of supported security capabilities satisfy the set of required security capabilities, and in response to determining that the supported security capabilities satisfy the set of required security capabilities, transmitting the encryption key to the client device.

Abstract: Systems and methods for building systems of honeypot resources for the detection of malicious objects in network traffic. A system includes at least two gathering tools for gathering data about the computer system on which it is installed, a building tool configured for building at least two virtual environments, each including an emulation tool configured for emulating the operation of the computer system in the virtual environment, and a distribution tool configured for selecting at least one virtual environment for each computer system and for establishing connection between the computer system and the virtual environment.

Abstract: A method and apparatus for hard deletion of user data are described. The method may include receiving a request from a user computer system to delete user data. The method may also include determining a unique user identifier associated by a system with a user making the request. The method may also include determining whether a data partition, in which data generated by a job or subsystem of the computer system is stored, is predicted to contain a record having the unique user identifier. Then, the method may include searching, when the data partition is predicted to contain a record having the unique user identifier, data records stored in the data partition for a user data record based on the unique identifier, and performing a hard deletion of the user data record from the partition when found during the searching.

Abstract: Embodiments herein relate to the field of communications, and more particularly to key matching for extensible authentication protocol over local area network (EAPOL) handshaking using distributed computing. Other embodiments may be described and claimed.

Abstract: An apparatus for collecting data includes a memory that stores a vehicle identifier for identifying a vehicle; and a processor configured to associate, when a time of generation of data representing road environment around the vehicle is included in a first period, a first hash value with the data and to associate, when the time of generation is included in a second period different from the first period, a second hash value different from the first hash value with the data. The data is generated by a sensor mounted on the vehicle. The first hash value and the second hash value are obtained by irreversibly transforming the vehicle identifier.

Abstract: Systems and methods are described for generating a blockchain-based user profile. In various aspects, one or more blockchain IDs associated with a user is received, where each blockchain ID is associated with a corresponding blockchain. One or more blockchain transactions are identified that are associated with the one or more blockchain IDs, where a trust profile for the user can be generated based on the one or more blockchain transactions. The trust profile can include user information determined from the one or more blockchain transactions.

Abstract: A system, method, and computer-readable recording media for a user account secure with a single sign on (SSO) password hidden authentication. Receiving credential information (CI) and generating the SSO password through at least one client device (CD). Encrypting the SSO password. Storing the SSO password in the CD and an electronic device (ED). Transmit the SSO password and encrypted SSO password to a cloud services platform (CSP), where the CSP stores both. Storing the SSO password in a cloud server (CS). Accessing the user account, if SSO password is unavailable, through the CSP transmitting a one time passcode to a user email, the CD setting a temporary password transferred to the CSP. The CSP confirming a match and transmitting the encrypted SSO password to the CD, the CD decrypting the encrypted SSO password and resetting the temporary password to the SSO password.

Abstract: The present disclosure relates to computer-implemented methods, software, and systems for managing incompliances of application instances running in a cloud environment. Compliance requests can be generated for incompliant instances of cloud applications running on a cloud platform. In response, compliance checks for the one or more incompliant instances of cloud applications running on the cloud platform can be automatically executed. Incompliances can be identified by different compliance monitors instantiated at the cloud platform. Each compliance monitor is responsible for a particular type of incompliances. In response to identifying that a first instance of a first cloud application has a first type of incompliance, a maintenance action to be automatically executed by a first compliance maintainer running on the cloud platform is scheduled. The first compliance maintainer executes automatically a compliance measurement action for the first type of incompliance.

Abstract: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.

Abstract: The invention presents a solution in which blockchain Transactions are created to implement the functionality of a logic gate. The invention may be implemented on the Bitcoin platform or an alternative blockchain platform. The transaction includes a locking script which comprises instructions selected so as to implement the functionality of a logic gate such as OR, AND, XOR, NOT and so on. In some examples, the instructions may be provided in a hashed form. When the script is executed (because a second transaction is attempting to spend the output associated with the locking script) the inputs will be processed by the conditional instructions to provide an output of TRUE or FALSE. The second transaction is transmitted to the blockchain network for validation and, if determined to be valid, it will be written to the blockchain. Validation of the second transaction can be interpreted as a TRUE output. Thus, the locking script of the first transaction provides the functionality of the desired logic gate.

Abstract: The network reachability module maps and dynamically tracks network reachability of network addresses and/or devices. The network reachability module can map and dynamically track network reachability of a response-orchestrator engine, via communicating and cooperating with the response-orchestrator engine. The network reachability module has a tracking module to 1) monitor network traffic and 2) keep a list of known devices and/or known subnets on the network, which is dynamically tracked and updated as previously unknown devices and subnets on the network are detected. A trigger module generates a spoofed transmission and/or response communication, supported by a network protocol used by the network. The spoofed transmission and/or response communication can be used to map network reachability of i) network devices, ii) network addresses, and iii) any combination of both, which either 1) can receive or 2) cannot receive protocol communications from a host for the network reachability module in the network.

Abstract: A communication system authorizes a User Equipment (UE) for a wireless data service and a media-conferencing service. A network core receives UE authentication data from the UE that is based on a secret key. The network core determines network authentication data for the UE that is also based on the secret key. The network core authorizes the UE for the wireless data service based on the UE authentication data and the network authentication data. The network core transfers the network authentication data for the UE to a media-conferencing server in response to the authorization of the UE for the wireless data service. The media-conferencing server receives other UE authentication data from the UE that is based on the secret key. The media-conferencing server authorizes the UE for the media-conferencing service based on the other UE authentication data from the UE and the network authentication data from the network core.

Abstract: A computer-implemented method includes assigning each access device of a plurality of access devices to at least one respective space of a plurality of spaces, including assigning a first access device to a first space of the plurality of spaces, based on the first access device controlling access to the first space. One or more access devices, from among the plurality of access devices, that are assigned to the first space are grouped together into a first group of devices. A boundary of the first space is generated based at least in part on access data generated by the first group of devices, where the access data describes access to the first space by way of the one or more access devices in the first group of devices.

Abstract: Machine learning techniques are described for analyzing information network traffic to identify different devices connected to a network. Transmitted network packets may be passively collected and analyzed. In some cases the described techniques may be used to identify distinct devices connected to a network even though the collected and analyzed packets may lack a unique device identifier, such as a media access control (MAC) identifier, corresponding to a device that originated the packets.

Abstract: A method for detecting threat pathways using sequence graphs includes constructing a sequence graph from a set of data containing information about activities in a telecommunications service provider network, where the sequence graph represents a subset of the activities that occurs as a sequence, providing an embedding of the sequence graph as input to a machine learning model, wherein the machine learning model has been trained to detect when an input embedding of a sequence graph is likely to indicate a threat activity, determining, based on an output of the machine learning model, whether the subset of the activities is indicative of the threat activity, and initiating a remedial action to mitigate the threat activity.

Abstract: The present disclosure is directed to assessing API service security and may include the steps of identifying an API service called by an application based on information provided by an agent embedded within the application; collecting telemetry associated with the API service, the telemetry collected from one or more telemetry sources and indicating any deficiencies in the API service; generating a reputation score for the API service based on analysis of the collected telemetry; and transmitting the reputation score to at least one of the following: the agent embedded within the application, wherein the reputation score is associated with at least one policy having at least one policy action, and wherein the reputation score is operable to be used by the agent to invoke the at least one policy action relating to use of the API service by the application; or a continuous integration/continuous delivery pipeline associated with the application.