Abstract: A cyber threat defense system and a method for detecting a cyber threat may use a predictor, e.g. a Transformer deep learning model, which is configured to predict a next item in the sequence of events and to detect one or more anomalies in the sequence of events. This provides a notification comprising (i) information about the one or more anomalies; and (ii) a prediction of what would have been expected.

Abstract: Methods, systems, and computer programs are presented for enabling any sandboxed user-defined function code to securely access the Internet via a cloud data platform. A remote procedure call is received by a cloud data platform from a user-defined function (UDF) executing within a sandbox process. The UDF includes code related to at least one operation to be performed. The cloud data platform provides an overlay network to establish a secure egress path for UDF external access. The cloud data platform enables the UDF executing in the sandbox process to initiate a network call.

Abstract: Participants as requestors using a requesting network element request one or more tokenization processors to generate tokens that represent a sanitized version of data such that the resultant tokens are amenable to comparison across participants. As circumstances warrant, one or more such tokens can be submitted to the tokenization processor(s) to privately retrieve the original data. Role-based access control scope parameters and tokenization processor-specific tokenization processor secrets can be embedded into reversible tokens that remain invariant under updating of the tokenization processor secrets across tokenization processors.

Abstract: A computer-implemented method includes receiving, by a storage system, encrypted data and a set of key identifiers. Each key identifier is associated with information specifying a storage location for which the key identifier is authorized. The method also includes storing, by the storage system, the encrypted data in at least one storage location and receiving, by the storage system, at least one key identifier of the set of key identifiers with a data access request. The method includes determining, by the storage system, whether the data access request is authorized for the at least one key identifier.

Abstract: Mechanisms for authorizing requests to access a resource are provided, the methods comprising: receiving a request to access the resource at a hardware processor from an Internet Protocol (IP) address; determining whether a rule applies to the request to access the resource; in response to determining that a rule does not apply to the request to access the resource, sending a request for authorization; receiving a response to the request for authorization; and in response to the response to the request for authorization indicating that access is authorized, providing a connection to the resource.

Abstract: A computer system controls access to network devices. One or more user interface elements associated with one or more network devices that are within a view of a user are displayed to the user via an augmented reality display. Input from the user is received comprising instructions to execute a command at a network device of the one or more network devices. The user is determined, according to a security policy, to be authorized to execute the command at the network device. In response to determining that the user is authorized to execute the command, the command is executed at the network device. Embodiments of the present invention further include a method and program product for controlling access to network devices in substantially the same manner described above.

Abstract: An information processing apparatus connected to one or more vehicles and a threat information server storing pieces of threat information. The information processing apparatus includes: a processor; and a memory including at least one set of instructions that, when executed by the processor, causes the processor to perform: obtaining a detection result of an attack on one of the vehicles; (a) determining whether the attack is included in any one of the pieces of threat information; (b) when the attack is included therein, determining whether the resolution state to the attack included in the one of the pieces of threat information indicates that the attack has not been resolved or has been resolved; (c) deciding a processing priority level of the attack, based on a determination result in (a) and a determination result in (b); and (d) outputting the processing priority level decided.

Abstract: A method for updating a cryptographic key via a computation unit configured with one or more processors and a memory coupled to the one or more processors is disclosed. The method includes loading a base key into a cryptographic storage unit integrated with a cryptographic application. The method includes generating a temporal key based on the base key using a one-way key update algorithm via cryptographic application logic integrated within the cryptographic application. The temporal key is assigned an update count based on the number of updates performed on the temporal key. The method further includes comparing the update count value to a required update count, updating the temporal key if the update count is less than the required update count, and zeroizing the temporal key if the update count is more than the required update count, in which the temporal key may be regenerated with the required update count.

Abstract: A system for access policy management of a plurality of valid entities communicating over a network comprising a server executing an application programming interface for registration and authentication of said entities directly or via an edge router, one or more encrypted tunnels between entities and one or more gateways. Wherein said server assigns a private IP address to each authenticated entities and propagates said IP address and associated access policies to each of said one or more gateway; and said one or more gateway processing and routing a plurality of packets received from each entity and enforcing one or more access policies associated with the private IP address assigned to the authenticated entity; and said one or more gateways manage routes based on the propagated private IP addresses of each authenticated entities and routes packets to reach one or more remote entities via one or more tunnels to one or more other gateways creating a network overlay between authenticated entities.

Abstract: Example methods disclosed herein to determine whether a first monitored device is compromised include determining a first entropy value for the first monitored device based on a first number of unique event identifiers included in log entries obtained for the first monitored device, the log entries associated with a first time window. Disclosed example methods also include determining a second entropy value for the first monitored device based on numbers of unique event identifiers included in corresponding groups of log entries obtained for respective ones of a plurality of monitored devices including the first monitored device, the groups of log entries associated with the first time window. Disclosed example methods further include determining whether the first monitored device is compromised based on the first entropy value and the second entropy value, and performing an action in response to a determination that the first monitored device is compromised.

Abstract: An apparatus and method for mapping user-associated data to an identifier. The apparatus includes a processor configured to store a plurality of user identifiers. User identifiers may be determined by way of user or by machine-learning modules or the like. Apparatus receives user-associated data from a user to be stored in a resource data storage system. User-associated data may include a plurality of data sets to be mapped to an identifier. Mapping a data set to an identifier may be user determined or use a machine-learning module. Apparatus is configured to update the immutable sequential listing associated with the data set with the mapped identifier.

Abstract: Embodiments of systems and methods for platform framework policy management are described. A platform framework may receive, from an application of an IHS (Information Handling System), a registration as a user of a platform policy that is used to operate one or more of the hardware devices of the IHS. A platform framework of the IHS provides the application with a reference to the platform policy. In response to notifications of updates to the platform policy, the platform framework identifies the application as a registered user of the platform policy and provides the application with a reference to the updated platform policy. The platform policy may include a communication handle by which the policy is retrieved, where the handle may include a token that validates the authenticity of the platform policy.

Abstract: Embodiments described herein provide a compressed container format that enables the container to be decrypted and decompressed in a streaming manner. One embodiment provides a container format for encrypted archives in which data is compressed and encrypted in a segmented manner. A segment of the archive can be decompressed, decrypted, and checked for integrity before the entire archive is received. Metadata for the encrypted archive is also encrypted to secure details of data stored within the archive.

Abstract: A method for verifying a drone included in an industrial Internet of Things (IIoT) system, using a petri-net modeling is disclosed. In an embodiment, the method includes a step of modeling the IIoT system as a hierarchical petri-net (modeling step); and a step of verifying whether the drone has security vulnerability on the basis of the hierarchical petri-net model (verification step), wherein the verification step can determine that a drone has security vulnerability when at least one of a plurality of determination factors provided as places to the hierarchical petri-net model determines that the drone is operating abnormally.

Abstract: Disclosed embodiments relate to systems and methods for securely performing actions on a resource. Techniques include receiving a request by the entity to perform a privileged action on a resource, the request including a token associated with the entity; providing a first indication of the request to a first handler; providing a second indication of the request to a second handler configured to perform the privileged action on the resource, wherein when the privileged action includes a query, the second indication of the request is provided to a query handler, and when the privileged action includes a write command, the second indication of the request is provided to a command handler.

Abstract: In some aspects, a user device may detect an authentication event associated with unlocking the user device. The user device may determine, based at least in part on sensor data from a sensor of the user device, an environmental context of the user device. The user device may select, from a plurality of authentication functions of the user device, an authentication function based at least in part on the environmental context of the user device. The user device may activate an authentication component that is associated with the authentication function to authenticate a user in association with unlocking the user device. Numerous other aspects are provided.

Abstract: Techniques managing access rules are provided. Access rules and their associated profiles are determined for evaluation. A triggering rate or a triggering percentage can be used to indicate efficacy of the rule. Recommendations can be provided based on a triggering percentage difference of the rule during a predetermined period of time. The recommendations can be provided in an interactive user interface.

Abstract: Various embodiments of the present application set forth a computer-implemented method that includes generating, based on a resource file stored at an endpoint device, a credential data packet for authenticating with a first application executing in a first network, where the resource file includes a set of encryption keys associated with a plurality of applications including the first application, and where the credential data packet is encrypted with a device key signed by the endpoint device, and the credential data packet is signed by an endpoint device management (EDM) key extracted from the set of encryptions keys included in the resource file, sending, by the endpoint device, the credential data packet to the first application via a trusted communication channel, and receiving, by the endpoint device and in response to the credential data packet, an authorization packet from the first application via the trusted communication channel.

Abstract: A method of secure data deletion in a multitenant environment, performed by a storage system is provided. The method includes associating a key with a tenant, in the multitenant environment, as a result of the storage system receiving data from the tenant through a virtual local area network (VLAN) or from an Internet protocol (IP) address. The method includes storing the data, encrypted by the key, in the storage system, and determining that the key, as retained in the storage system, is to be deleted, so that the data is to be inaccessible in unencrypted form, responsive to a request from the tenant to delete the data.

Abstract: A network security computing system includes a steganographic communications analysis engine monitoring incoming and outgoing messages on a secure computing network. The steganographic communications analysis engine identifies a pattern of file transfers between a first computing device on the secure computing network and an internal or external message recipient. When a pattern is identified, the steganographic communications analysis engine quarantines an associated computing device from the secure network. The steganographic communications analysis engine analyzes files transferred between the computing device and the recipient for indications of steganographic information and causes display, based on an identified indication of steganography, an indication that the computing device had been compromised by command and control malware.