Abstract: Systems and methods include, responsive to a request to access an application, wherein the application is in one of a public cloud, a private cloud, and an enterprise network, and wherein the user device is remote over the Internet, determining if a user of the user device is permitted to access the application and whether the application should be provided in an isolated browser; responsive to the determining, creating secure tunnels between the user device, an isolation service operating the isolated browser, and the application based on connection information; loading the application in the isolated browser, via the secure tunnels; and providing image content for the application to the user device, via the secure tunnels.

Abstract: This application provide a data management method for a blockchain system, a medium, and an electronic device. The system includes an accounting node sub-network and a service node sub-network. The method includes: adding, after an accounting node generates a first data block, first key information used for verifying a block header of a second data block generated after the first data block to a block header of the first data block; generating a signature corresponding to the first data block, and adding the signature corresponding to the first data block to the block header of the first data block; and releasing the block header of the first data block to the service node sub-network, to cause a service node to verify the signature included in the block header of the first data block, and obtaining the first key information after a successful verification to verify the block header of the second data block.

Abstract: A system may receive a string of characters, identify two or more sub-strings of the string, compare the two or more sub-strings to one or more reserve values from a database of reserve values, identify a first sub-string of the two or more sub-strings that contains one of the one or more reserve values, identify a second sub-string of the two or more sub-strings with a sensitive value, and obfuscate the second sub-string and not obfuscating the first sub-string.

Abstract: One aspect provides an FPGA chip mounted on a printed circuit board (PCB). The FPGA chip can include a joint test action group (JTAG) interface comprising a number of input/output pins and an enablement pin, and a control logic block coupled to the enablement pin of the JTAG interface. The control logic block can receive a control signal from an off-chip control unit and control a logical value of the enablement pin based on the received control signal, thereby facilitating the off-chip control unit to lock or unlock the JTAG interface. The FPGA chip can further include a detection logic block to detect an unauthorized access to the FPGA chip. An input to the detection logic is coupled to the enablement pin, and a conductive trace coupling the input of the detection logic block and the enablement pin is situated on an inner layer of the PCB.

Abstract: Target data may be associated with a location requirement established by a data owner. A data access module may be used to attempt access to the target data. Location requirement and provenance metadata associated with the target data are obtained. The provenance metadata must be validated, and evidence only approved data access locations identified in the location requirement. A current location of a computing device attempting access to the target data must also meet the location requirement. The computing device is allowed to access the target data only in response to the current location and each location identified in the provenance metadata meeting the location requirement. The provenance metadata is updated to include a new record including the current data access location.

Abstract: Disclosed are systems and methods for improving interactions with and between computers in distributional similarity identification using randomized observations. In connection with an intrusion detection system monitoring a computing system, a pair of perturbed sample sets are generating using a pair of real sample set (or real observations) and a pair of random sample sets (of randomly-selected observations), and a similarity measuring representing a level of consistency in user behavior is determined. The systems improve the quality and accuracy of the similarity determination for use in intrusion detection.

Abstract: In an example, systems and methods enable automatic implementation of intent-based security policies in a network system, such as a software-defined wide area network system, in which network segment prefixes for network segments at one or more sites are dynamically learned. A service orchestrator controller translates an intent-based security policy input by a user to a security policy for a first site. The security policy for the first site specifies a segment-specific queryable resource associated with a second site. To implement the security policy, a device associated with the first site queries the segment-specific queryable resource associated with the second site, and updates one or more forwarding tables of the device with the network segment prefixes associated with one or more network segments at the second site received in response to the query. The first site forwards network traffic to the second site based on the updated forwarding tables.

Abstract: Quorum-based access control management may be implemented. Quorum controls may be created for determining whether to perform or deny access control operations to perform privileged tasks. When an access control operation is received, approval of the operation may be requested from members for the quorum control. If a policy for the quorum control is satisfied by approval responses, then approval to perform the access control operation may be provided.

Abstract: Example computing devices that are enabled to enter secure operating modes are provided. An example computing device includes a main processor to run an operating system enabled to establish communication from an external device to the main processor via a hardware interrupt handler when the external device is connected to the computing device. The computing device further includes a keyboard controller to detect a lock keystroke sequence at a keyboard, and, in response to detecting the lock keystroke sequence, cause the main processor to halt the operating system and to enter a secure operating mode in which communication from the external device to the main processor via the hardware interrupt handler is blocked.

Abstract: A security system obtains data logs from a set of security applications that each output data of different data types and in different formats. A filtering module obtains the data from the security applications as an input message stream and processes the into message stream into an output message stream with messages in a standardized format for processing by a security engine. The filtering module includes a set of filters each tailored to process data from a different data source. The filtering module detects the data source from analysis of the data and applies the corresponding filter to generate the output message stream. The security engine then detects patterns in the output data stream and provides alerts to an administrative interface when it detects a pattern indicative of malicious activity.

Abstract: A system and method for securely storing, retrieving and sharing data using PCs and mobile devices and for controlling and tracking the movement of data to and from a variety of computing and storage devices.

Abstract: A method and a system for identifying indicators of compromise are provided. The method comprises: obtaining a given malware carrier configured for execution a main malware module; generating, based on the given malware carrier, an attack roadmap, the attack roadmap including a plurality of malware carriers; determining a malware class of each one of the plurality of malware carriers; generating a current list of indicators of compromise of each of the plurality of malware carriers; searching a database to locate at least one stored attack roadmap including a plurality of stored malware carriers; retrieving from the database a stored list of indicators of compromise for each of the plurality of stored malware carriers; generating an amalgamated list of indicators of compromise based on the current list of indicators and the stored digital list of indicators of compromise; storing, in the database, the amalgamated list of indicators of compromise.

Abstract: A computer-implemented method, in a communication framework in which each of a plurality of users has one or more devices associated therewith, and in which the users use at least some of their devices to communicate via a backend system. A first user has a first set of first one or more associated trusted devices, and a second user has a second set of second one or more trusted devices associated therewith. The first user forms a first trust relationship between a first device in the first set and a second device in the second set. Based on (i) the first trust relationship, and (ii) the second set associated with the second user, the first user forms a second trust relationship between each device in the first set and each device in the second set. A least one device in the first set communicates with one or more devices in the second set based on the second trust relationship.

Abstract: Systems and methods that provide access to users of a network system via a unique identity key that controls access and permission rights of outside entities as controlled by the entity itself. The system assigns unique identity to a unique entity. The key is responsible for facilitating preferred access types and information accessed by outside entities, and acts as a signal for action, interaction and experience within the System as well as third party platforms. Each interaction within the system includes a requesting entity's proxy (‘REP’) sending an information access request (‘IAR’) to the deciding entity's proxy (‘DEP’) via a network. This IAR is routed to the correct DEP via the unique identifier. The DEP applies access preferences to allow or deny the IAR, in part or completely. If allowed or partially allowed, the DEP returns information to the REP.

Abstract: A method may be provided at a wireless terminal to support communications with a network node of a wireless communication network. An IKE SA may be initiated to establish a NAS connection between the wireless terminal and the network node through a non-3GPP access network and a non-3GPP interworking function network node. After initiating the IKE SA, an IKE authorization request may be transmitted through the non-3GPP access network to the N3IWF network node, with the IKE authorization request including an identifier of the wireless terminal. An access network key may be derived for the NAS connection through the non-3GPP access network at the wireless terminal, with the access network key being derived based on a NAS count for the wireless terminal and an anchor key. An IKE authorization response corresponding to the IKE authorization request may be received.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to detect malware based on network traffic analysis. An example apparatus includes a classification controller to: in response to a first classification score of a first network traffic sample satisfying a first threshold, determine whether a second classification score of a second network traffic sample satisfies a second threshold; and in response to the second classification score of the second network traffic sample satisfying the second threshold, classify network traffic associated with the first network traffic sample and the second network traffic sample as potentially malicious network traffic; and a remediation controller to, in response to the network traffic being classified as the potentially malicious network traffic, execute a remediation action to remediate malicious activity associated with the potentially malicious network traffic.

Abstract: An information handling system may include at least one processor; a plurality of physical storage resources; and a network interface configured to communicatively couple the information handling system to a plurality of host systems; wherein the information handling system is configured to: determine a likelihood of compromise for each of the plurality of host systems; and in response to the likelihood of compromise for a particular host system exceeding a threshold likelihood, carry out a remedial action with respect to the particular host system, wherein the remedial action includes restricting access from the particular host system to the plurality of physical storage resources.

Abstract: Systems and methods include receiving a request for resources that are one of web content and a cloud application from a user device; determining the request requires isolation based on any of policy, category of the web content, type of the user device, and location of the user device; rendering content associated with the request in a secure environment that is isolated from the user device; and providing image content based on the content to the user device. The user device can execute a web browser that loads the image content utilizing a JavaScript application and that interacts with the image content by sending keyboard and mouse inputs via a WebSocket channel.

Abstract: The technology provides for a threat detection system. In this regard, the system may be configured to output file states of a multi-layer file system. For instance, the system may determine, based on the file states for a file, one or more layers of the multi-layer file system in which one or more objects corresponding to the file can be found. Based on the one or more objects corresponding to the file, the system may detect a potential threat. The system may then take an action in response to the potential threat.

Abstract: Disclosed herein are methods and systems for detecting malicious files by a user computer. For example, in one aspect, the method comprises registering application programming interface (API) calls made by a file during an execution of the file on the user computer in a local call log, the local call log comprising control flow graphs of processes launched from the file, searching for a rule that matches behavioral rules a local database, when the behavioral rules are found, determining the file is malicious and halting execution of the file on the user computer, otherwise, transmitting the local call log to a remote server, receiving a verdict, when the verdict indicates the file is malicious, receiving a virus signature corresponding to the verdict, and updating the local call log based on the verdict and virus signature, wherein the updating enables detection of subsequently received malicious files.