Abstract: Examples described herein include systems and methods for onboarding a device into a management system. An example method can include loading a management agent onto the device and receiving inventory information for the device. The example method can further include receiving a request to whitelist the device. In some examples, the request originates from a different device, such as a device used by a technician installing the connected device. The management server can authorize the device and add it to the whitelist. After authorizing the device, the management server can onboard the device by sending management information to the management agent on the device. The management server can then exercise management control of the device through the management agent installed on the device.

Abstract: There is provided a system for creating a cryptographic non-fungible identity unique token (IUT), comprising code for: obtaining a private key linked to a public address of an electronic wallet, associated with a wallet address, obtaining a digital representation of a hashed genetic sequence of a user and an associated wallet address of the electronic wallet, storing in the cryptographic non-fungible IUT, an IUT identifier, the IUT identifier is an outcome of hashing a subset of the hashed digital representation and a unique password, storing the IUT in a genetic sequence record stored in a block of a blockchain dataset, wherein the genetic sequence record is associated with the IUT, the IUT is associated to the wallet address, wherein the user is authenticated by a match between a computed value of a password and the wallet address provided by the user, and the IUT identifier stored on the blockchain.

Abstract: A cybersecurity risk management method may include recommending, for each of a plurality of affiliates of an entity, a respective cybersecurity criticality tier selected from a set of cybersecurity criticality tiers; receiving user input adjusting and/or adopting the recommended cybersecurity criticality tier for each of the affiliates; assigning each of the affiliates to the respective adjusted or adopted cybersecurity criticality tier; obtaining respective security scores for the affiliates; and displaying a user interface component configured to show a visualization of a cybersecurity risk management plan of the entity with respect to the plurality of affiliates, wherein the risk management plan partitions the affiliates into a plurality of affiliate sets based on the security scores and the assigned cybersecurity criticality tiers of the affiliates and specifies, for each of the affiliate sets, an action to be taken by the entity with respect to the affiliates in the affiliate set.

Abstract: An autonomous report composer composes a type of report on cyber threats that is composed in a human-readable format with natural language prose, terminology, and level of detail on the cyber threats aimed at a target audience. The autonomous report composer cooperates with libraries with prewritten text templates with i) standard pre-written sentences written in the natural language prose and ii) prewritten text templates with fillable blanks that are populated with data for the cyber threats specific for a current report being composed, where a template for the type of report contains two or more sections in that template. Each section having different standard pre-written sentences written in the natural language prose.

Abstract: Various embodiments discussed herein enable the detection of malicious content. Some embodiments do this by determining a similarity score between content, computer objects, or indications (e.g., vectors, file hashes, file signatures, code, etc.) known to be malicious and other content (e.g., unknown files) or indications based on feature weighting. Over various training stages, certain feature characteristics for each labeled malicious content or indication can be learned. For example, for a first malware family of computer objects, the most prominent feature may be a particular URL, whereas other features change considerably for different iterations of the first malware family of computer objects. Consequently, the particular URL can be weighted to determine a particular output classification corresponding to malicious behavior.

Abstract: A first device governs operation of a second device based on a network security risk posed by the second device. The second device is disposed locally to the first device and in local network communication with the first device. The first device is in network communication with a cloud-based computational service.

Abstract: A mobile device can receive input to execute a target application in a private session. The target application is a native application for a mobile platform of the mobile device. The private session is a native function of the mobile device configured to isolate data of the target application. In response to the input, the mobile device can configure a local resource of the mobile device to support the target application in the private session, instantiate a procedure that utilizes the local resource to isolate the data of the target application while in the private session, and execute the target application in the private session on the mobile device. The operation of the private session is transparent and undetectable to the target application.

Abstract: This disclosure and the exemplary embodiments described herein, provide methods and systems for detecting a ransomware infection in one or more files. According to an exemplary embodiment, a low frequency encryption analysis and a high frequency encryption analysis of a plurality of received files is performed to determine if the one or more of the files are encrypted. If a file is encrypted, a watcher is utilized to monitor file events associated with the files for determining if one or more of the files are infected with ransomware.

Abstract: A simulated process is initiated. The simulated process includes generating, by an emulator, a control signal based on external inputs. The simulated process further includes processing, by a simulator, the control signal to generate simulated response data. The simulated process further includes generating, by a deep learning processor, expected behavioral pattern data based on the simulated response data. An actual process is initiated by initializing setpoints for a process station in a manufacturing system. The actual process includes generating, by the deep learning processor, actual behavioral pattern data based on actual process data from the at least one process station. The deep learning processor compares the expected behavioral pattern to the actual behavioral pattern. Based on the comparing, the deep learning processor determines that anomalous activity is present in the manufacturing system. Based on the anomalous activity being present, the deep learning processor initiates an alert protocol.

Abstract: A server receives encrypted data from a protected-resource-requesting device that includes an encrypted combination of the device and user identification. The first server requests a most recent copy of data of a distributed ledger from a randomly selected logged-in workstation. The first server searches for a match of the encrypted data from the first device in the distributed ledger data received from the randomly selected workstation. In response to determining a match, the first server updates a table of a second server with a one-time-password (OTP) and a copy of the encrypted data received from the device. The first server sends the OTP and an instruction to the device to send the OTP and the encrypted data to the second server, which determines whether a match exists. In response to a confirmed match, the first server grants access to the device.

Abstract: Described is a system for detecting adversarial activities. During operation, the system generates a multi-layer temporal graph tensor (MTGT) representation based on an input tag stream of activities. The MTGT representation is decomposed to identify normal activities and abnormal activities, with the abnormal activities being designated as adversarial activities. A device can then be controlled based on the designation of the adversarial activities.

Abstract: A system includes a user computing device with an application for removal of privacy data. The application obtains vehicle information associated with a target vehicle that has a target in-vehicle device from which privacy information of a user is to be removed. Using the vehicle information, the application determines vehicle parameters associated with the target vehicle. The application obtains a privacy information removal file comprising an instruction set associated with removing privacy data from candidate in-vehicle devices, and presents the instruction set. A user experience feedback associated with the candidate in-vehicle devices is obtained and stored in a database.

Abstract: A method for link layer authentication includes receiving, at an edge network access node, a link layer authentication packet from a client, seeking network access, using a remote NAS agent running on the edge network access node. The method transmits, using a tunneling connection, the link layer authentication packet to a remote NAS in a link layer authentication process. The link layer authentication process exchanges the link layer authentication packet with an authentication server to authenticate the client. The method includes receiving a link layer authentication packet from the remote NAS over the tunneling connection. The received link layer authentication packet includes a response from the authentication server regarding the transmitted link layer authentication packet.

Abstract: Systems, computer program products, and methods are described herein for intrusion detection using resource activity analysis. The present invention is configured to receive, from a computing device of a user, an indication that the user has accessed a resource allocation portfolio of a customer; determine a geographic information of the user; retrieve a geographic information of the customer; determine that the geographic information of the user does not match the geographic information of the customer; determine an exposure level associated with the user access of the resource allocation portfolio of the customer; determine that the exposure level is greater than a predetermined threshold; and automatically trigger a transmission of a notification to a computing device of an administrator indicating that the exposure level associated with the user access of the resource allocation portfolio of the customer is greater than the predetermined threshold.

Abstract: A storage system may assign a different encryption key to each logical storage unit (LSU) of a storage system. For each LSU, the encryption key of the LSU may be shared only with host systems authorized to access data of the LSU. In response to a read request for a data portion received from a host application executing on the host system, encryption metadata for the data portion may be accessed. If it is determined from the encryption metadata that the data portion is encrypted, the data encryption metadata for the data portion may be further analyzed to determine the encryption key for the data portion. The data may be retrieved from the storage system, for example, by performance of a direct read operation. The retrieved data may be decrypted, and the decrypted data may be returned to the requesting application.

Abstract: Systems and methods for ensuring that data received from a virtual device is random are provided. A processing device may be used to generate, by a virtual device executing on a hypervisor, data intended for a virtual machine (VM) having a guest memory that includes one or more encrypted pages and one or more unencrypted pages. Data written to an encrypted page of the guest memory by the VM is encrypted using an encryption key assigned to the VM and information read from the encrypted page by the VM is decrypted using the encryption key. The hypervisor may write the data to the encrypted page, wherein the data is not encrypted by the encryption key assigned to the VM because it is written by the hypervisor. The VM reads the data from the encrypted page as randomized data because it cannot be properly decrypted by the encryption key.

Abstract: Ransomware detection and/or isolation and/or remediation of a ransomware-encryption device is performed in a Remote Monitoring and Management (RMM) system environment. The RMM system is operatively associated with monitoring and managing a plurality of devices and, according to an exemplary embodiment, the RMM system includes a RMM agent module locally installed on each device, a cloud-based RMM platform operatively communicating with each device RMM agent module, and a Ransomware Detection (RD)/Isolation module locally installed on each device. The RD/Isolation module locally detects a potential ransomware-encryption in one or more files received by the device and the RMM system isolates a ransomware affected device using a locally executed script provided by the cloud-based RMM platform.

Abstract: A management request is received by a system for carrying out one or more data management operations (including, but not limited to, adding data, merging data or searching for data). The management request is received from a requesting entity. The system comprises a representation database, which comprises at least one secure element. The at least one secure element is a representation of at least one dataset containing confidential data elements stored in at least one database owned or operated by a third party entity. The management request is processed by performing at least one operation, for example by a processing component in the system, on the representation database. In a third step, a processing result is provided, which comprises any suitable information or data content. The processing result is dependent on the contents of the management request.

Abstract: At least one information processing apparatus includes a circuitry that: receives, as a package management unit, a setting of a role, which can assign a usage authority of an application package containing at least one application, with respect to the application package, and permits or restricts, as a user management unit, a user to use the application package in conformity with the role, which is allocated to the user of the application, and the role, which is set in the application package.

Abstract: A first network device may receive a notification over a network; in response to the notification, cause a virtualized operating system (OS) and a hypervisor of the first network device to obtain state units from one or more of first hardware components and virtual components; create a context state transfer package (CSTP) based on the state units; and forward the CSTP from the first network device to a second network device over the network. The second network device may receive the CSTP from the first network device; unpack the CSTP to obtain the state units; and put, at the second network device, second hardware components and virtual components of the second network device in a same state as the first hardware components and virtual components when the state units were obtained at the first network device.