Abstract: A network security platform (NSP) device and interaction method are disclosed. The interaction method provides network packet analysis for secure transmission protocols using ephemeral keys or keys that are negotiated dynamically. The NSP may be part of an Intrusion Protection System, or firewall. The disclosed approach does not use man-in-the-middle proxy. Instead, it includes monitoring connections ends: client and/or server, to intercept the required data or negotiated (or changed) encryption keys. Decrypted data may be sent to an NSP sensor in a secure manner for analysis. Alternatively, intercepted keys used for the encrypt/decrypt operations may be sent to an NSP sensor in a secure manner every time they are changed. The NSP sensor may then use the obtained keys to decrypt traffic prior to providing it to the inspection engines. Embodiments focused on inbound traffic to a web server may coordinate between a web server and an NSP.

Abstract: The present disclosure describes systems and methods for determining a subsequent action of a simulated phishing campaign. A campaign controller identifies a starting action for a simulated phishing campaign directed to a user of a plurality of users. The simulated phishing campaign includes a plurality of actions, one or more of the plurality of actions to be determined during execution of the simulated phishing campaign The campaign controller responsive to the starting action, communicates a simulated phishing communication to one or more devices of a user. The campaign controller determines a subsequent action of the plurality of actions of the simulated phishing campaign based at least on one of a response to the simulated phishing communication received by the campaign controller or a lack of response within a predetermined time period and initiating, responsive to the determination, the subsequent action of the simulated phishing campaign.

Abstract: According to one embodiment, a system featuring one or more processors and memory that includes monitoring logic. During operation, the monitoring logic is configured to monitor for and detect a notification message that is directed to a destination other than the monitoring logic and identify an event associated with a change in state of a data store associated with the file system to occur. The notification message, at least in part, triggers a malware analysis to be conducted on an object associated with the state change event.

Abstract: Examples relate to edge device disablement. In some examples, edge device disablement includes an edge device including a processing resource in communication with a memory resource including instructions executable to receive an indication of a disablement trigger associated with the edge device and responsive to the indication, reprogram a printed circuit assembly (PCA) of the edge device to render mechanisms of the PCA inoperable.

Abstract: A system and method is described that sends multiple simulated phishing emails, text messages, and/or phone calls (e.g., via VoIP) varying the quantity, frequency, type, sophistication, and combination using machine learning algorithms or other forms of artificial intelligence. In some implementations, some or all messages (email, text messages, VoIP calls) in a campaign after the first simulated phishing email, text message, or call may be used to direct the user to open the first simulated phishing email or text message, or to open the latest simulated phishing email or text message. In some implementations, simulated phishing emails, text messages, or phone calls of a campaign may be intended to lure the user to perform a different requested action, such as selecting a hyperlink in an email or text message, or returning a voice call.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media are provided. One of the methods includes: sending, by a first node to a computing system, a transaction request comprising transaction data for forwarding to a target blockchain network among one or more first blockchain networks connected to the computing system, the first node being excluded from one or more consensus processes associated with the one or more first blockchain networks; receiving, by the first node from a second node associated with the target blockchain network, a block generated based on consensus validation of the transaction data by the target blockchain network and stored in a blockchain associated with the target blockchain network; and storing, by the first node, the received block in a blockchain associated with a second blockchain network, the first node participating in a consensus process associated with the second blockchain network.

Abstract: A method for assisting in improving the security of an electronic operation carried out via a secure element. The method comprises the following steps. A first application of the secure element is selected and writes a piece of contextual data in means of recording of the secure element. Then, a second application is selected, reads the contextual data in the means for recording and verifies if the contextual data satisfies a predefined condition. If yes, it is considered that the context of the selecting of the second application is legitimate and the electronic operation can continue normally.

Abstract: In one embodiment, an apparatus includes a non-volatile storage to store a seed value and a signature that is based on an iterative execution of a function for a predetermined number of intervals. The apparatus may further include the security processor coupled to the non-volatile storage, where the security processor is to independently recover a credential for an updated version of the firmware based at least in part on the seed value and a security version number for the updated version of the firmware. Other embodiments are described and claimed.

Abstract: Embodiments of the present application relate to a method, device, and system for intercepting traffic to malicious websites. The method includes obtaining, by one or more processors, a network request from a terminal, obtaining, by one or more processors, domain information from the network request, determining, by one or more processors, whether the domain information corresponds to an access-prohibited website domain, and communicating, by one or more processors, a web page response to terminal, wherein the web page response is based at least in part on the determining whether the domain information corresponds to an access-prohibited website domain.

Abstract: A method of applying information on the display of the electronic device includes displaying content elements associated with an application running on the electronic device on a display of the electronic device, receiving a selection of a content element associated with the application running on the electronic device, determining an identity profile having an associated key, encrypting information associated with the selected content element utilizing the key associated with the determined identity profile to generate encrypted information, displaying the encrypted information in the selected content element.

Abstract: Methods and systems for configuring a security policy for an enterprise within an enterprise security management tool are disclosed. In some aspects, such systems receive a definition of at least one custom classification within a user interface of the enterprise security management configuration tool, including a name of a profile and network activity associated with one or more nodes to be included within the profile. Such systems also generate a security settings file to be applied within the enterprise, the security settings file including, for each profile, a common security policy to each of the nodes included in the profile. The profiles to which the security settings file is applied include the profile defined by the at least one custom classification.

Abstract: Embodiments of this application relate to the field of communications technologies, and provide a network connection method and an apparatus. The method carried out by a network control element includes: sending a first connection parameter to a terminal, and sending a second connection parameter to a security node, so that a network connection between the terminal and the security node is established by using the first connection parameter and the second connection parameter, where the first connection parameter is used for decrypting data encrypted by using the second connection parameter, correspondingly, the second connection parameter is used for decrypting data encrypted by using the first connection parameter, and the first connection parameter and the second connection parameter each include a security parameter used when the terminal and the security node establish the network connection.

Abstract: A computing device includes an interface configured to interface and communicate with a communication system, a memory that stores operational instructions, and processing circuitry operably coupled to the interface and to the memory that is configured to execute the operational instructions to perform various operations. The computing device processes an input value associated with a key based on a blinding key in accordance with an Oblivious Pseudorandom Function (OPRF) blinding operation to generate a blinded value and transmits it to another computing device (e.g., that is associated with a Key Management System (KMS) service). The computing device then receives a blinded key that is based on processing of the blinded value based on an OPRF using an OPRF secret. The computing device processes the blinded key based on the blinding key in accordance with the OPRF unblinding operation to generate the key (e.g., to be used for secure information access).

Abstract: A system and method includes an operational network that communicates with an external network by opening a first transmission protocol socket. A data diode coupled to the operational network and a gateway enables the one-way transfer of all information received from the external network and transmitted by the operational network to the gateway such that no information travels from the gateway to the operational network or the external network. The gateway opens a second transmission protocol socket by mapping a sequence number to an acknowledgement number and increasing that mapped acknowledgement number by a value of one. A transmitter then transmits the acknowledgment to a remote network or a gateway.

Abstract: In one embodiment, a client device includes an interface, a memory to store at least one part of a blockchain, and a processor to generate a client message indicating use of blockchain mode to establish a secure connection between the client device and a server, send the client message to the server on the interface, receive, from the server on the interface, a server message indicating use of the blockchain mode, and securely communicate with the server, on the interface, using at least one cryptographic key generated from information including cryptographic key generation information stored in the blockchain. Related apparatus and methods are also described.

Abstract: The invention relates generally to the field of network connectivity management, specifically to provisioning and controlling the data access of multiple client devices to application servers via a connectivity management device. The invention includes apparatuses, methods, and systems for automating the management of such apparatus and its associating client devices. The management includes initializing and storing device data, ownership proof, connectivity credentials, and security policies into a management system, such as blockchain digital ledger or device management application server. The stored information is used for auto pairing and authenticating the devices via a second wireless technology and triggering secure connection setup over the first wireless technology.

Abstract: A method comprises one or more of measuring metrics of a node during boot up, storing the metrics, generating a signature record from the stored metrics, and broadcasting the signature record when said node initializes a network connection.

Abstract: Technologies are described for authenticating a sender identity of an online message. For example, an online message having a purported sender identity can be obtained. Various features can then be extracted from the message, including stylometric features, origin location features, attached file features for any files attached to the message, and embedded URL features. The extracted features can then be compared to a sender profile for a known sender identity matching the purported sender identity, or to one or more sender profiles for recognized suspicious senders if the purported sender identity does not match a known sender identity. The sender profile for a given sender identity can include features extracted from one or more messages previously sent by the sender identity. A global risk score for the message indicating a likelihood that the purported sender identity is inauthentic can be determined based at least in part upon the comparison.

Abstract: An interface manager device interconnects peripheral devices to a network of ACD type or of AISD type of an aircraft, and includes: a first data interface for connecting it to the network; a first electrical power supply interface for connecting it to a general electrical power source; second data interfaces and second electrical power supply interfaces, for connecting it to the peripheral devices, which are deactivated by default. The interface manager device is configurable via a configuration interface so as to selectively authorize connections between the second data interfaces and the first data interface, and to selectively authorize connections between the second electrical power supply interfaces which are associated with them and the first electrical power supply interface, and to activate the second interfaces concerned. The interface manager device propagates a received data packet when said data packet relate to an authorized connection and deletes said data packet otherwise.

Abstract: A method, system and computer-usable medium for performing security analytics comprising receiving a stream of data from a data source; preprocessing the stream of data identify entity information and event information from the stream of data; transforming the entity information into transformed entity data and the event information into transformed event data; the transforming conforming to a genericized data model; storing the transformed entity data and the transformed event data in a security analytics data repository; and, performing a security analytics operation on the transformed entity data and the transformed event data.