Abstract: Implementations of the present disclosure include providing, by a security platform, graph data defining a graph that is representative of an enterprise network, the graph including nodes and edges between nodes, a set of nodes representing respective assets within the enterprise network, and a node representing a process executed within a system of the enterprise, each edge representing at least a portion of one or more lateral paths between assets in the enterprise network, determining, for each asset, a contribution value indicating a contribution of a respective asset to operation of the process, determining, for each asset, an impact value based on a total value of the process and a respective contribution value of the asset, and implementing one or more remediations based on a set of impact values determined for the assets, each remediation mitigating a cyber-security risk within the enterprise network.

Abstract: A device receives call information associated with a call from a first user device to a second user device, where the first user device is associated with a first network, and the second user device is associated with a second network separate from the first network. The call information includes a caller identification and is received via an originating network device of the first network. The device determines whether the caller identification is verified, and adds authentication information to the call information when the caller identification is verified. The device receives the call information and the authentication information from a terminating network device of the first network, and removes the authentication information from the call information. The device adds a cryptographic signature to the call information, and causes the call information and the cryptographic signature to be provided to the second network for routing to the second user device.

Abstract: A computer-implemented method is disclosed. The method includes: receiving, via a communication interface from a client application executing on a first device, a first signal including a request to obtain an access token for accessing a protected resource, the request including a public key associated with an end user; validating the request to obtain the access token; and in response to validating the request: encrypting an authorization code associated with the request using the public key to generate a first code; and transmitting, via the communication interface to the client application on the first device, a second signal including both the access token for accessing the protected resource and the first code.

Abstract: A system (100) for security assessment of a plurality of IoT devices (210, 220, 230, 240) includes a programmed processing unit (110) adapted to carry out a vulnerability and/or “penetration test” method; according to this method, at least wireless communication medium and at least one communication protocol are determined to be used for the assessment, then at least one scan tool is selected based on the communication medium and communication protocol, then the scan tool is executed on the IoT devices (210, 220, 230, 240), and then data from the scan tool are collected, the data being obtained from reaction of the IoT devices to the scan tool; the computerized system performs a scan of a predetermined frequency bandwidth in order to identify the IoT devices to be assessed and the communication protocol to be used for the assessment.

Abstract: Aspects of the subject technology relate to determining a defense surface change command to be applied to a defense surface. An organizational threat profile is stored and a baseline exposure score for threats is generated. The baseline exposure score is weighted based on at least the organizational threat profile to generate a prioritized exposure score. A defense surface change command is generated based on at least the prioritized exposure score, which is transmitted to hardware or software components, and an updated prioritized exposure score for the one or more hardware or software components is generated.

Abstract: Various methods, apparatuses/systems, and media for implementing a vulnerability management module are provided. A receiver receives a request for dynamically scanning vulnerability of a target computing device based on testable vulnerability criteria extracted from a database. A processor dynamically executes the testable vulnerability criteria from the SCCM based on the received request; creates a static SCCM advertisement with a dynamic pre/post validation check capability based on a result of the dynamically executing the testable vulnerability criteria; reports a success or a failure of the static SCCM advertisement related to the testable vulnerability criteria to indicate whether a vulnerability exists within the target computing device; and automatically remediates the vulnerability when it is determined that the vulnerability exists within the target computing device.

Abstract: Disclosed are various approaches for verifying the compliance of a TLS session with TLs policies. Traffic between an application and a destination server can be routed through a TLS gateway. The TLS gateway can inspect TLS handshake messages for compliance with TLS policies.

Abstract: A system may include a server device configured to: receive selected factors and respective weights for each of the selected factors; obtain combinations of selected primary factors that total less than a maximum number of rows; determine a duplication count for the combinations of selected primary factors; and generate, for display on a graphical user interface, data representing a table, where each column of the table represents one of the selected factors, where for columns of the table representing selected primary factors, rows represent each of the combinations of selected primary factors duplicated according to the duplication count, where for columns of the table representing selected secondary factors from the selected factors, rows represent repeated iteration through possible values of the selected secondary factors, and where each row includes a respective risk score based on a weighted average of the respective weights applied to the selected factors represented therein.

Abstract: A method and system for authenticating a device is provided. A noisy response is received from a physically unclonable function for a challenge. An error code is generated for correcting the noisy first response. An expected response is generated from the noisy first response and the error code. The expected response and corresponding first helper data is store. The helper data includes the first challenge and the error code. The helper data is provided to a device in response to an authentication request from the device, the first device including the physically unclonable function.

Abstract: Systems, methods and computer-readable storage media are utilized dynamically discovering components of a computer network environment. The processing circuit of a data acquisition engine configured determine a domain name associated with an entity profile, determine an IP range, validate at the domain name, the IP range, and the IP address, collect additional device connectivity data, and provide the additional device connectively data.

Abstract: Systems, methods, and computer-readable media are disclosed for systems and methods for automated deployment of decoy production networks. Example methods may include detecting, by one or more computer processors coupled to memory, an unauthorized user in a production network environment, determining a computer-executable payload associated with the unauthorized user, and initiating a first virtual decoy production network environment. Methods may include causing the computer-executable payload to be executed in the first virtual decoy production network environment, and recording telemetry data associated with execution of the computer-executable payload in the first virtual decoy production network environment.

Abstract: An extended enterprise browser provides protection from ransomware attacks against SaaS and private enterprise application. In one implementation, the extended enterprise browser supports at least two different endpoint security certificates. A selection of the endpoint security certificate is made based on a ransomware risk level posture. Various factors may be used to determine the ransomware risk level posture to aid preventing ransomware attacks.

Abstract: Aspects of the disclosure relate to real-time validation of application data. A computing platform may collect, in real-time, information associated with a plurality of data transmissions between applications, where the information includes, for each data transmission of the plurality of data transmissions, an indication of a source application and a destination application, a first indication whether the data transmission was sent by the source application, and a second indication whether the data transmission was received by the destination application. The computing platform may compare, for each data transmission, the first indication and the second indication. The computing platform may detect, for a particular data transmission, a lack of a match between the first indication and the second indication. The computing platform may identify the particular data transmission as an anomalous data transmission.

Abstract: System, method, and apparatus of securing and managing Internet-connected devices and networks. A wireless communication router is installed at a customer venue, and provides Internet access to multiple Internet-connected devices via a wireless communication network that is served by the router. A monitoring and effecting unit of the router performs analysis of traffic that passes through the router; identifies which Internet-connected devices send or receive data; and selectively enforces traffic-related rules based on policies stored in the router. Optionally, the monitoring and effecting unit is pre-installed in the router in a disabled mode; and is later activated after the router was deployed at a customer venue. Optionally, the router notifies the Internet Service Provider the number and type of Internet-connected devices that are served by the router.

Abstract: A system and method for ransomware protection includes an extended browser in an endpoint device. The extended browser selects a certificate for user authentication with an identity provider based on the enterprise ransomware threat level. The selection of the certification may be used to aid in providing protection from ransomware attacks of SaaS and private enterprise applications. The endpoint device may be part of a larger VLAN environment in which endpoint devices are deployed under a default gateway with point-to-point links.

Abstract: Methods and systems for assessment and management of security in serverless environments are provided. One method includes executing an at least partially automated environment discovery process in which an overall security footprint of the enterprise is determined, and automatically identifying, via an enterprise security assessment tool, one or more security applications and associated settings capable of meeting the set of security requirements of the enterprise based on the sets of attributes associated with a plurality of serverless services.

Abstract: Systems, methods, and computer-readable media for managing cybersecurity risk for an entity are disclosed. An example method includes receiving device connectivity data for the entity; determining vulnerability data based on the device connectivity data; generating a security risk profile of the entity; retrieving an external contact; generating a vulnerability notification; transmitting the vulnerability notification; providing a content portal to a user, wherein the content portal is configured to display the security risk profile via a dynamically generated graphical user interface (GUI); receiving, via the dynamically generated GUI, an input from the user, the input comprising a selection of a component identified in the security risk profile and a response parameter; initiating a targeted scan of the selected component; determining a result of the targeted scan; updating the security risk profile; and providing, via the dynamically generated GUI, the updated security risk profile to the user.

Abstract: An operating system monitors a computing device to determine that one or more events, including background activity, have occurred. In response to detecting the background activity, data associated with the background activity is automatically obtained from the computing device. An application is initiated on the operating system of the computing device, and the data is transmitted to the application.

Abstract: Systems and methods for provisioning secure terminals for secure transactions are disclosed herein. A disclosed method includes generating a key using a key generator element on a secure terminal and sending a key validation request for the key from the secure terminal to a provisioning device. The method also includes parsing the key validation request and generating a key validation for the key and a trusted time stamp on the provisioning device. The method also includes sending, from the provisioning device, the key validation and the trusted time stamp to the secure terminal. The method also includes setting a clock on the secure terminal using the trusted time stamp and storing the key validation at the secure terminal.

Abstract: Described are a system, method, and computer program product for user network activity anomaly detection. The method includes receiving network resource data associated with network resource activity of a plurality of users and generating a plurality of layers of a multilayer graph from the network resource data. Each layer of the plurality of layers may include a plurality of nodes, which are associated with users, connected by a plurality of edges, which are representative of node interdependency. The method also includes generating a plurality of adjacency matrices from the plurality of layers and generating a merged single layer graph based on a weighted sum of the plurality of adjacency matrices. The method further includes generating anomaly scores for each node in the merged single layer graph and determining a set of anomalous users based on the anomaly scores.