Abstract: A fraud monitor in a managed network is provided. The fraud monitor uses the network's instrumentation data, configuration data, and account information to detect fraudulent activities in the network, such as fraudulent advertisement or other types of fraudulent data traffic, including fraudulent responses (e.g., fraudulent clicks) to advertisement. The fraud monitor receives configuration data and identification data for physical resources of the network. The fraud monitor receives instrumentation data of packet traffic in the network. The fraud monitor receives account information for users of the network. The fraud monitor analyzes the instrumentation data to detect a violation of a fraud detection policy that prevents malicious or fraudulent online advertisement activity based on the configuration data, identification data, or account information.

Abstract: Techniques for detection over-the-top piracy are described. In some embodiments, a piracy detection method is performed at a server by a piracy detector. The piracy detector obtains records associated with requests for access from a plurality of client devices. The piracy detector further distributes the records to a plurality of nodes according to distribution keys extracted from the records, where each of the plurality of nodes receives a respective set of records associated with a respective distribution key and generates a set of respective watch session records based on the respective set of records. The piracy detector also generates watch session records associated with the distribution keys by aggregating the respective watch session records from the plurality of nodes. The piracy detector additionally identifies one or more pirated client devices among the plurality of client devices based on clusters established from the watch session records.

Abstract: Example methods and systems for a computer system to perform security threat detection are described. In one example, a computer system may intercept an egress packet from a virtualized computing instance to pause forwarding of the egress packet towards a destination and obtain process information associated a process from which the egress packet originates. The computer system may initiate security analysis based on the process information. In response to determination that the process is a potential security threat based on the security analysis, the egress packet may be dropped, and a remediation action performed. Otherwise, the egress packet may be forwarded towards the destination.

Abstract: Systems and methods for dynamic, hyper context-based microsegmentation are described. In one aspect, span traffic associated with a computing device on a network is processed. Meta data associated with the span traffic is transmitted to a hyper context cloud server. It is determined whether the span traffic meta data matches a policy condition. Responsive to the span traffic meta data matching a policy condition, a policy is triggered. It is determined whether an action associated with the triggered policy is segment. Responsive to determining that the action is segment, a MAC address of the computing device is added to a segment name provided in the policy. The segment name is pushed to one or more enforcement points associated with the network.

Abstract: The present embodiments relate to systems and methods for using a blockchain to record information related to the lifecycle of a vehicle associated with a Vehicle Identification Number (VIN), or other vehicle identifier. For example, the VIN lifecycle process may be used to ensure the transferability of title, including when information relevant to transferability is not easily determinable, such as after a collision occurs. The systems and methods may include the reception of a mileage report corresponding to a vehicle and updating a blockchain to associate the vehicle with mileage information. The systems and methods described herein may allow for using a blockchain which gives the option for private information, and permissioned participants in the blockchain. In particular, the systems and methods allow for a distributed consensus amongst businesses, consumers, and authorities, as to the validity of information and transactions stored on the blockchain.

Abstract: Systems and methods are described for providing a security code to a second device. A first device receives a textual representation of a security code that is required for authorization of a second device with a remote application server. The first device checks if the textual representation of the security code is accessed during a predefined time period. If not, the first device also checks if the second device is within an output range of the first device. If so, the first device outputs an audio representation of the security code.

Abstract: A streaming server receives a first request to view the media item from the client device via a connection between the client device and the streaming server. An encrypted portion of the media item is provided to the client device. A cryptography key is sent to the client device for decrypting the encrypted portion of the media item by the client device to facilitate the playback of the decrypted portion of the media item. A verification is received to determine whether the client device is authorized to play the decrypted media item.

Abstract: In some examples, a system includes a network managed by a service provider and configured to provide access to one or more objects to a set of tenants each having one or more users, the service provider and the set of tenants being part of a set of entities that form a hierarchy, and a controller having access to the network. The controller is configured to obtain data indicative of a set of parameters, where the data indicative of the set of parameters is associated with an owner entity of the set of entities, generate a rule which incorporates the set of parameters, where the rule enables the controller to control access to an object of the one or more objects, and add the rule to a rules database, wherein the rules database is accessible to the controller.

Abstract: Systems and methods for embodiments of a graph based artificial intelligence systems for identity management are disclosed. Embodiments of the identity management systems disclosed herein may utilize a network graph approach to analyzing identities or entitlements of a distributed networked enterprise computing environment. Specifically, in certain embodiments, an artificial intelligence based identity management systems may utilize the peer grouping of an identity graph (or peer grouping of portions or subgraphs thereof) to identify roles from peer groups or the like.

Abstract: Systems and methods for embodiments of artificial intelligence systems for identity management are disclosed. Specifically, embodiments of an identity management system may provide identity management in association with cloud services used by an enterprise and, in particular, may provide identity management in association with cloud based services that may be accessed through federated access providers.

Abstract: A system for data processing, comprising a management controller operating on a processor and configured to load and execute one or more algorithms that provide the function of transmitting a request to a managed device using a Security Protocol and Data Model (SPDM) protocol and to receive a response from the managed device. A system management bus and security policy system operating on the processor is configured to execute one or more algorithms to process the response from the managed device to apply an SPDM security policy to the response.

Abstract: A key distribution host determines a trust level of a user authentication server, wherein the trust level is based, at least in part, on one or more attributes of the user authentication server and provides one or more authentication keys to the user authentication server only if the trust level of the user authentication server is above a threshold value.

Abstract: A system and method of determining an attestation or identity score of a user of a communication device employs metadata stored in a plurality of client devices, such as IoT devices. A request for attestation, comprises a unique identifier associated with the communication device and an input or shared value. The unique identifier is used to identify, in a distributed ledger (blockchain), client devices that are paired with the communication device. Metadata stored in association with each of the client devices is retrieved and compared to the input or shared value, and a sub-identity score is determined based on the extent to which there is a match and the reliability of the client device. The sub-identity scores are combined to obtain an identity score reflecting a confidence level in the user and/or communication device.

Abstract: An anomaly detection method includes receiving, at a processor, a request including a query that references a database. A plurality of attributes is identified based on the request. The processor concurrently processes the query to identify a result, and analyzes the plurality of attributes to identify an anomaly score. When the anomaly score exceeds a first predefined threshold, a signal representing a quarantine request is sent, and a signal representing the result is not sent. When the anomaly score is between the first predefined threshold and a second predefined threshold, a signal representing a notification and a signal representing the result are sent. When the anomaly score is below the second predefined threshold, a signal representing a quarantine request is sent, and a signal representing the result is not sent.

Abstract: A method for providing improved personalized security mechanisms for transferring electronic data is disclosed. In an embodiment, the method comprises generating, at a client computer, a user key pair, wherein the user key pair comprises a user private key and a user public key; transmitting the user public key from the client computer to a server computer; receiving, at the client computer, from the server computer, a user account public key; generating a virtual memory stick (“VMS”) file and including, in the VMS file, one or more keys and one or more passphrases; encrypting the VMS file with a protection passphrase to generate an encrypted VMS file; and transmitting the encrypted VMS file to the server computer.

Abstract: A method for automatically enhancing security and fixing security vulnerabilities in the source code of a computer program in an object oriented run time environment includes evaluating the source code file of a monitored computer program. The source code file includes a plurality of class files. Each session includes two or more session segments. A security assessment on each of the plurality of class files is performed to identify one or more potential security issues associated with the plurality of class files. One or more security controls configured to address the identified potential security issues are automatically injected into a source code of one or more class files identified as having potential security issues. The automatically modified source code file of the monitored computer program is deployed to the run-time environment.

Abstract: An illustrative embodiment disclosed herein is an apparatus including a processor with programmed instructions to receive, from a user device and via a network, encrypted credentials for logging on a user associated with the user device to a virtual machine. The processor is coupled to the virtual machine via a hypervisor. The processor has programmed instructions to decrypt the credentials, send, to an operating system of the virtual machine, the decrypted credentials, and cause the operating system to log the user on to the virtual machine.

Abstract: Techniques are provided for detection of malicious activity using behavior data. A behavior model is trained with behavior data generated in association with a plurality of requests. Data is received that describes a particular request from a particular client device to a server system hosting a website. The data includes particular behavior data generated at the particular client device in association with the particular request. The particular behavior data is analyzed using the behavior model to generate a behavior model result. An automation determination for the particular request is generated based on the behavior model result. The particular request is handled based on the automation determination for the particular request.

Abstract: An access control device provides a secure access control mechanism for a system being remotely accessed. An embodiment of the access control device includes a front-end firewall to provide a first network port to connect a computer to remotely access the system; a bastion host connected with the front-end firewall; and a back-end firewall, connected with the bastion host, to provide a second network port to connect the system. The back-end firewall determines remotely accessible resources in the system and determines resources remotely accessible by the computer, among the remotely accessible resources in the system, according to remote access control policies. The bastion host provides the computer with information provided by the back-end firewall about the resources remotely accessible by the computer through the first network port of the front-end firewall, to permit the resources to be remotely accessible by the computer. Advantages may include security, simplicity and plug-and-play.

Abstract: Systems and methods are provided for receiving, at a network device, a first set of rules from a security controller of an enterprise network, the first set of rules being different from a second set of rules provided to a firewall by the security controller, implementing, at the network device, the first set of rules received from the security controller, generating, at the network device, a first log including metadata based on the first set of rules, the first log being generated on a per flow basis, notifying, at the network device, a NetFlow of the first log including the metadata of the first set of rules, and providing, from the network device, the first log to a cloud-log store by the NetFlow of the network device, the cloud-log store receiving the first log from the network device and a second log from the firewall.