Abstract: Systems, methods, computer-readable storage mediums including computer-readable instructions and/or circuitry for control of transmission to a target device with a cloud-based architecture may implement operations including, but not limited to: detecting, at least in part via a cloud-based architecture, an elapsed time since a prior authorization of a transmission to a target device; comparing, at least in part via a cloud-based architecture, the elapsed time since a prior authorization of a transmission to a target device against a threshold transmission interval associated with a target device; and authorizing, at least in part via a cloud-based architecture, at least one transmission to a target device in response to the comparison.

Abstract: The present disclosure relates to scanning for security threats on a lightweight computing device. An example method generally includes receiving, from a mobile device, a software package including a lightweight computing device security application. A lightweight device transmits, to the mobile device, information identifying at least a first application installed on the lightweight computing device. In response, the lightweight device receives, from the mobile device, information identifying the first application as being a known security threat and remediates a security threat posed by the identified application.

Abstract: A Security Alerting System is provided with dynamic buffer size adaptation. An alert message from a Security Alerting System is transmitted by obtaining the alert message from the Security Alerting System; authenticating the alert message using a secret key known by a server; storing the authenticated alert message in a buffer; transmitting the buffer to the server; and detecting a truncation attack based on generating different cryptographic keys for protection of inserted messages and transmitted buffers, wherein the cryptographic keys for protection of inserted messages are generated in a forward-secure manner in a same order that the messages are inserted in the buffer and wherein the cryptographic keys for protection of transmitted buffers are generated in a forward-secure manner in a same order that the buffers are transmitted over a network.

Abstract: One embodiment provides a method including identifying malicious information spreading in an information-exchange network; classifying at least one topic of the malicious information; determining a potential sub-network for future spread of the malicious information based on the at least one topic classified; and attenuating a potential future spread of the malicious information via at least one of: automatically propagating a countervailing message to the potential sub-network; and prompting manual intervention for propagating a countervailing message to the potential sub-network. Other variants and embodiments are broadly contemplated herein.

Abstract: Present example embodiments relate generally to scanning websites, wherein the devices, methods, and logic for the scanning comprises receiving interaction information between a user computing device and a web application of the website; dynamically determining an action to be performed to the web application that approximately simulates the user computing device interacting with the web application, wherein the action is dynamically determined based on the received interaction information; establishing a browsing session with the website; discovering the web application within the website; and identifying a vulnerability of the web application by interacting with the web application using the action.

Abstract: A security alerting system is provided with a network blockage policy based on alert transmission activity. Alert messages from a Security Alerting System executing on a host indicating a potential compromise of a protected resource are processed by determining if a number of buffer contents received from the host within a predefined time interval satisfies a predefined criteria, the buffer content comprising one or more of the alert messages from the Security Alerting System; and blocking a network connection of the host if the number of buffer contents received from the host within the predefined time interval does not satisfy the predefined criteria. The blocked network connection of the host can optionally be restored when a valid buffer content is received from the host. The predefined criteria is based on the alerting activity of the host.

Abstract: A security device may receive, from a client device, a request associated with a server device. The security device may determine a communication channel and contact information for validating the request. The security device may provide validation information via the communication channel using the contact information. The security device may receive a validation response from the client device, and may determine whether the validation response is valid. The security device may selectively perform a first action or a second action based on determining whether the validation response is valid. The first action may be performed based on determining that the validation response is valid, and may include providing a validation indicator, with the request, to the server device. The second action may be performed based on determining that the validation response is not valid, and may include providing an invalidation indicator, with the request, to the server device.

Abstract: Embodiments relate to systems, devices, and computing-implemented methods for providing DoS mitigation using a list of persistent clients generated using network flow data. Daily flow counts can be incremented once per date for unique flow combinations in the network flow data that are associated with at least one network interaction that occurred on that date. A candidate list of persistent clients can be created based on the daily flow counts, and the candidate list of persistent clients can be filtered and ranked, and the list of persistent clients can be selected based on the rankings.

Abstract: A programmable display for connection to a control device includes: a user management unit configured to identify a user accessing the programmable display; a generation unit configured to generate an interface screen containing information from the control device in accordance with privileges assigned the user identified by the user management unit; a display unit configured to output the interface screen; a connection management unit configured to, in response to a request for access from a user on an external device, establish a connection with the external device on the basis of identification of the user by the user management unit, and to send the interface screen to an external device with which a connection is established; and the user management unit prohibits simultaneous access to the programmable display by a plurality of users each having different privileges assigned.

Abstract: A new management node associated with a new rack sends at least a public key of the new management node to a first management node associated with a first rack and a plurality of autonomous management nodes. The first management node sends the new management node an access token trusted by at least a portion of the plurality of autonomous management nodes and a set of public keys corresponding to at least a portion of the plurality of autonomous management nodes. The new management node can send its public key and the access token to at least a portion of the plurality of autonomous management nodes. In response, the new management node can establish a mutual trust relationship with at least a portion of the plurality of autonomous management nodes.

Abstract: A Security Alerting System is provided with dynamic buffer size adaptation. An alert message from a Security Alerting System indicating a potential compromise of a protected resource is transmitted by obtaining the alert message from the Security Alerting System; authenticating the alert message using a secret key known by a server, wherein the secret key evolves in a forward-secure manner; storing the authenticated alert message in a buffer, wherein a size of the buffer is based on a connection history of the Security Alerting System; and transmitting the buffer to the server. The alert message can optionally be encrypted. The buffer can be increased in proportion to a duration of a disruption of a connection. The size of the buffer can be increased by adding buffer slots at a location of a current write pointer index. Techniques are also disclosed for detecting truncation attacks and alert message gaps. The alert messages can have a variable size by writing alert message into consecutive buffer slots.

Abstract: In one embodiment, a method includes receiving a first request from a first device to access a first resource of the system and determining whether to grant access to the first resource based on a first access control list stored in the system, the first access control list associated with the first device, the first device having a first relevance value, and based on the determination, granting the access to the first resource; and receiving a second request from a second device to access a second resource of the system and forwarding the second request to an access manager service coupled to the system to determine whether to grant access to the second resource based on a second access control list stored in the access manager service associated with the second device, the second device having a second relevance value, receive an access grant from the access manager service and based thereon, granting the access to the second resource.

Abstract: A mechanism is provided for generating a packet inspection policy for a policy enforcement point in a centralized management environment. Data of a network topology for the policy enforcement point corresponding to a network infrastructure is updated according to metadata of the policy enforcement point, the metadata including a capability of the policy enforcement point. The packet inspection policy for the policy enforcement point is generated according to the data of the network topology and the capability of the policy enforcement point. The packet inspection policy is then deployed to the policy enforcement point.

Abstract: Provided is a method of updating an integrity check value (ICV) stored in a hardware security module (HSM). The method includes storing user authentication information of the terminal transferred from the terminal to preregister a user of the terminal, transferring an authentication information request message, requesting the user authentication information, to the terminal in response to an update request message which is transferred from the terminal and includes an update value of the ICV, comparing the user authentication information transferred from the terminal with the stored user authentication information to perform an authentication operation on the user of the terminal according to the authentication information request message; and when the user of the terminal is successfully authenticated, updating the stored ICV by using the update value.

Abstract: A method begins by receiving a request to retrieve a data segment stored as encoded data slices in a distributed storage network (DSN). The method continues by determining whether at least the threshold number of encoded data slices is cached in temporary storage associated with a distributed storage processing module. When the at least the threshold number of encoded data slices are cached in the temporary storage, the method continues by retrieving the at least the threshold number of encoded data slices from the temporary storage. When the at least the threshold number of encoded data slices is not cached in the temporary storage, the method continues by retrieving one or more of the encoded data slices from the DSN to obtain the at least the threshold number of encoded data slices.

Abstract: A computer-implemented method for detecting cache-poisoning attacks in networks using SDPs may include maintaining a cache of service information that identifies services provided by client devices connected to a network using an SDP. The method may also include detecting a cache-poisoning attack by (1) receiving, from a client device connected to the network, an SDP message related to a service allegedly provided via the network, (2) identifying, within the SDP message, an attribute of the service allegedly provided via the network, and then (3) determining that the client device is attempting to corrupt the cache of service information by determining that the identified attribute of the service suggests that the service is illegitimate. Finally, the method may include performing a security action to mitigate the cache-poisoning attack in response to detecting the cache-poisoning attack. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Disclosed is a system and method for the monitoring and authorization of an optimization device in a network. In exemplary embodiments, an optimization device transmits an authorization request message to a portal to receive authorization to operate. The portal transmits an authorization response message to the optimization device with capability parameters for operation of the device, including an expiration parameter for the authorization. The optimization device sends updated authorization request messages to the portal with its device usage information, such that the portal can dynamically monitor the optimization device and continue to authorize its operation.

Abstract: Web session security techniques which protect displayed sensitive information. In one example embodiment, the method includes setting, by a processor, a timer following a last user action during use of a web application; determining, by the processor, that a threshold time period since the last user action exceeds a predetermined time period; and making, by the processor, displayed sensitive information unreadable.

Abstract: A security device may receive information identifying a set of conditions for providing countermeasure code to a client device. The security device may receive information identifying an action to be performed when the countermeasure code is executed by the client device, and may determine the countermeasure code to be provided to the client device when the set of conditions is satisfied. The security device may receive a request from the client device, and may determine a response to the request. The response may include response code for serving content of a web page to the client device. The security device may determine that the set of conditions has been satisfied, and may insert the countermeasure code into the response code. The security device may provide the response code and the countermeasure code to the client device, and the countermeasure code may cause the client device to perform the action.

Abstract: Management of IoT devices through a private cloud. An IoT device is coupled to a gateway. A request from the IoT device to connect to a private cloud, wherein the private cloud is used to manage IoT devices, is received at a private cloud control center agent. An identification of the IoT device is determined. The IoT device is onboarded, using the identification, for management through the private cloud. A device profile of the IoT device is generated. The flow of data to and from the IoT device is regulated through application of IoT rules of an IoT firewall according to the device profile of the IoT device.