Abstract: The technology disclosed relates to using synthetic request injection to improve cloud object security posture management.

Abstract: Systems and methods for anomaly detection in workspaces are disclosed. For example, sensor data from sensors associated with a device is gathered and compared with contextual data associated with the device, the environment in which the device is situated, and/or sensitive data that is being accessed to determine whether an anomaly is detected indicating that the environment is unsecure for accessing the sensitive information. An automated action is performed to mitigate unsecure use of the sensitive information based at least in part on the detected anomaly.

Abstract: Validating microservice calls is provided. It is determined whether a microservice call to a microservice hosted by a computer is valid based on a policy in a proactive condition map of a validation proxy that matches the microservice call. In response to determining that the microservice call is invalid based on the policy in the proactive condition map that matches the microservice call, the microservice call is blocked to the microservice. It is determined whether the microservice call needs to be redirected to another microservice based on the policy. In response to determining that the microservice call does need to be redirected to another microservice based on the policy, the microservice call is redirected to the other microservice with a callback to the microservice.

Abstract: An application accessing method can be applied to a terminal, and include: monitoring whether an application invokes privacy content; and authorizing the application with permission to access the privacy content, in response to monitoring that the application invokes the privacy content, and returning other information different from the privacy content. Therefore, the user can realize the purpose of protecting the security of the user's privacy information under the premise of normal use of the application.

Abstract: An apparatus for detecting malicious files includes a memory and a processor communicatively coupled to the memory. The processor receives multiple potentially malicious files. A first potentially malicious file has a first file format, and a second potentially malicious file has a second file format different than the first file format. The processor extracts a first set of strings from the first potentially malicious file, and extracts a second set of strings from the second potentially malicious file. First and second feature vectors are defined based on lengths of each string from the associated set of strings. The processor provides the first feature vector as an input to a machine learning model to produce a maliciousness classification of the first potentially malicious file, and provides the second feature vector as an input to the machine learning model to produce a maliciousness classification of the second potentially malicious file.

Abstract: A method, computer system, and computer program product are provided for controlling data access and visibility using a context-based security policy. A request from an endpoint device to receive data is received at a server, wherein the request includes one or more contextual attributes of the endpoint device including an identity of a user of the endpoint device. The one or more contextual attributes are processed to determine that the endpoint device is authorized to receive the data. A security policy is determined for the data based on the one or more contextual attributes. The data is transmitted, including the security policy, to the endpoint device, wherein the endpoint devices enforces the security policy to selectively permit access to the data by preventing the endpoint device from displaying the data to an unauthorized individual.

Abstract: Disclosed embodiments relate to providing dynamic and least-privilege access to network resources. Techniques include receiving a request from a network identity to access a network resource, authenticating the network identity using a native client and communication protocol, authorizing the network identity based on one or more access policy, generating a least privilege ephemeral account having ephemeral credentials, accessing the network resource using the ephemeral credentials, and enabling the network identity to access the network resource using the least-privilege ephemeral account using the native client and communication protocol. The techniques may further include matching an existing account to the network identity based on the one or more access policy and enabling the network identity to access the network resource using the matched existing account using the native client and communication protocol.

Abstract: There are provided systems and methods for managing network vulnerability scanning to avoid interference and disruption of network operations. In one form, the system includes: a network of computing devices; a network vulnerability scanner for evaluating insecurity and vulnerability of the network; a network traffic monitor for measuring the volume of network traffic at a certain time; and a scanning scheduler that includes scanning blackout events limiting operation of the scanner. Each blackout event includes an event name, a country or region for the blackout, a blackout start time and end time, and a blackout type that may include a level of the blackout and an authorization required for the network scan to proceed. In the system, a control circuit controls operation of the scanner; interrupts, delays, or cancels a network scan when the network traffic exceeds a certain threshold; and enforces blackout events according to the scanning scheduler.

Abstract: A computer may receive editing instructions that specify one or more changes to filters in an existing access control list or a template for an access control list. Then, the computer may dynamically generate the clone access control list by applying the editing instructions to the existing access control list or the template for the access control list. For example, the computer may provide the editing instructions to a computer network device (such as a switch or a router) that are applied to the existing access control list or the template for the access control list while the computer network device is processing data packets. Alternatively, the computer may apply the editing instructions to the existing access control list or the template for the access control list that is not currently installed on the computer network device, and may provide the access control list to the computer network device.

Abstract: Techniques are disclosed for establishing a level of security for a virtual meeting similar to a level of security associated with in person meetings. A communication system may use an application programming interface (API) of an operating system to secure the device by terminating any applications or processes operating on the computing device that are not consistent with a security policy. The system may also use machine learning techniques to monitor audio and/or video streams for participant behaviors that are not consistent with a security policy.

Abstract: Provided herein are systems and methods for targeted attack protection using predictive sandboxing. In exemplary embodiments, a method includes retrieving a Uniform Resource Locator (URL) from a message of a user and performing a preliminary determination to see if the URL can be discarded if it is not a candidate for sandboxing. The exemplary method includes computing a plurality of selection criteria factors for the URL if the URL passes the preliminary determination, each selection criteria factor having a respective factor threshold. The method can further include determining if any of the selection criteria factors for the URL exceeds the respective factor threshold for the respective selection criteria factor. Based on the determining, if any of the selection criteria factors exceeds the factor threshold for the selection criteria factor, the exemplary method includes automatically placing the URL in a sandbox for analysis.

Abstract: Automated authorization policy creation for interrelated services is disclosed. A plurality of request records is obtained, each request record corresponding to a request sent from a sending service of a plurality of services to a receiving service of the plurality of services, and each request record identifying the sending service and the receiving service, wherein the plurality of services comprises a plurality of interrelated services. A first subset of the request records is determined wherein a service of the plurality of services sent a request to a first service. A first subset of services is determined based on the first subset of request records. The generation of an authorization policy is caused that permits requests to the first service from only those services in the first subset of services.

Abstract: Disclosed is an improved systems, methods, and computer program products that use a cluster-based probability model to perform anomaly detection, where the clusters are based upon entities and interactions that exist in content management platforms.

Abstract: The IOC Infrastructure management system (100) and method is disclosed for building an IOC infrastructure and its management thereof. The system mainly includes a IOC processing unit and an endpoint engine. The IOC processing unit is configured to i) source raw IOCs from a plurality of external sources, ii) convert format of the raw IOCs into a predetermined format of an IOC database using a parser unit, where each parser of the parser unit corresponds to at least one IOC format, iii) build and apply syntax tree to the parsed IOCs, where the syntax tree supports complex expression-based toolsets, such as YARA, and sort the IOCs lexicographically to avoid duplication of IOC entry and render the malware detection scanning process faster and efficient.

Abstract: A device may receive content data from a content provider, the content data including: data identifying content, and data for verifying that the content has not changed. The device may access a blockchain associated with the content data, the blockchain including validation information specifying instructions for validating the content. In addition, the device may perform, based on the validation information, validation of the content to determine a measure of confidence that the content is accurate and store results of the validation in the blockchain as a transaction. Based on the validation results, the device may perform an action.

Abstract: Techniques for enhancing the security of a communication device may include providing an application agent and a transaction application that executes on a communication device. The application agent may receive, from the application, a cryptogram key generated by a remote computer, and store the cryptogram key on the communication device. When the application agent receives a request to conduct a transaction from the application, the application agent may generate a transaction cryptogram using the cryptogram key, and provides the transaction cryptogram to an access device.

Abstract: A security management system for a remove working environment, a computer program therefor, and a method therefor are provided. The security management system monitors and tracks a behavior of an endpoint in real time after execution of a process or a network access time point. Furthermore, the security management system monitors a behavior of an operating system level on the endpoint to which the security policy is not applied in real time to detect a behavior which threatens the security management system and controls the endpoint. Furthermore, the security management system corrects and manages the security policy in response to a request about exception application of a predetermined security policy in real time to flexibly perform security management of the endpoint.

Abstract: A resource control system for networked devices in which the subscribers of the networked devices do not trust one another is provided. Also provided is a distributed data bank system, which, for example, is implemented by a blockchain.

Abstract: Systems, devices, and methods are discussed for forward testing rule sets at a granularity that is less than all activity on the network. In some cases, the granularity is that of an individual application.

Abstract: Examples described herein include systems and methods for providing secure access to an email server. A gateway server can receive a request for email notification information from a notification server and parse the request to identify at least one user device associated with the request. The gateway server can then determine whether the identified devices comply with any applicable compliance rules, for example by requesting a compliance status from a management server at which the identified devices are enrolled. If at least one of the identified devices is in compliance, the gateway can pass the request through to the email server. The gateway can then receive a response from the email server and provide it to the notification server.