Abstract: This disclosure describes techniques for facilitating a primary account holder (PAH) of a client account to control access privileges of service features that are accessible by secondary account holders (SAH), via the client account. More specifically, an Access Privilege Control (APC) system is described that enables the PAH to generate access privilege rules that control the use of service features by a SAH, that are accessible via the client device(s) associated with the client account. The APC system may associate a set of updated access privilege rules with virtual profile data for clients associated with the client account. The virtual profile data may be transmitted to client devices, or subset thereof, associated with the client account. Further, the APC system may monitor an operation of client devices associated with the client account and provide one or more recommendations to update access privilege rules based on monitored service feature usage.

Abstract: Methods, systems, and computing platforms for data communication are disclosed. Exemplary implementations may: electronically process with a machine learning controller; electronically process the data payloads in the network with deep machine learning; and real-time adjusting of a plurality of network infosec controls associated with the originating node attribute based on the infosec control attribute.

Abstract: A passive authentication method includes, in response to receiving a requested action from a first user, obtaining a set of sensor data and categorizing first sensor data of the set of sensor data into a first modality of a set of modalities. The method includes, for the first modality of the set of modalities, determining a distance value by applying a first modality model to the first sensor data and comparing the distance value to a first verified value of the first user for the first modality. The method includes, based on the comparison, determining a first authentication decision of the distance value. The method includes, in response to the first authentication decision indicating the first sensor data corresponds to the first user, performing the requested action.

Abstract: The present disclosure relates to techniques for enforcing control policies on one more software as a service (SaaS) platforms from a centralized security control platform. An integration component is configured to integrate SaaS accounts with the security enforcement platform. The security enforcement platform executes functions that facilitate the creation of control policies on SaaS accounts. Exemplary control polices can be created to manage or control file sharing activities, user authentication, plugin usage, and/or other functions and features that may impact the security of the files or content included on the SaaS accounts. Activity events generated by the integrated SaaS accounts can be monitored by the security control platform. The activity events monitored by the security enforcement platform can be utilized to enforce the control policies and facilitate verification of file sharing activities.

Abstract: In some examples, a system receives input information relating to a security level for an information technology (IT) stack comprising a plurality of layers including a hardware layer and a software layer, where the input information is technology and product agnostic. The system discovers components of the plurality of layers of the IT stack, accesses a knowledge base that maps the security level and the discovered components to configuration instructions relating to security controls, and configures the IT stack with the security controls using the configuration instructions.

Abstract: A computer system for verifying vehicle software configuration may be provided. The computer system may include a processor and a non-transitory, tangible, computer-readable storage medium having instructions stored thereon that, in response to execution by the processor, cause the processor to: (1) transmit, to a vehicle computing system, an authentication request including a hash algorithm specification; (2) receive, from the vehicle computing system, a current configuration hash value and a vehicle identifier; (3) retrieve a trusted data block from a memory based upon the vehicle identifier, the trusted data block including a stored configuration hash value and a smart contract code segment; (4) execute the smart contract code segment, the smart contract code segment including a failsafe code segment; and/or (5) transmit the authentication response to the vehicle computing system, and cause the vehicle computing system to execute the failsafe code segment.

Abstract: A computing system is provided implementing a text miner configured to mine unstructured data from unstructured text sources and extract features of a target computer system, and a data flow diagram editor configured to process the extracted features to identify system elements of the target computer system and interrelationships between the identified system elements, and to identify system-related candidate properties of the system elements, and to populate a system element template for each identified system element with the system-related candidate properties for that element. The data flow diagram editor is configured to generate a data flow diagram for the target computer system comprising each identified system element having the candidate properties adopted according to the system property adoption user input, and is configured to display the generated data flow diagram in the graphical user interface.

Abstract: Provided is a way of evaluating rules/conditions that span different domain entities against a set of disparate events from multiple sources that have occurred within a specific window or interval of time from the current time back to a specific time in the past. Events are stored in dedicated storage to enable an extended window of time to be used for multiple event evaluation. Only relevant event/rule pairs are evaluated. The system will record when an event relevant to a rule happens. When a second event that is relevant to the rule happens, the system checks the records to see if a previous relevant event had happened in the past that would cause the rule to trigger an alert. A mechanism is also provided for evaluating static state in combination with changed properties.

Abstract: Provided is a network control device 2000 for controlling a network where a plurality of terminals and countermeasure devices are connected, the network control device 2000 including: a clustering unit 2001 that divides terminals including an incident-detected terminal and the related terminal group into a plurality of zones, on the basis of terminal information including information with which an incident-detected terminal is able to be identified, information with which a related terminal group suspected of being related to an incident is able to be identified among the plurality of terminals, and an inter-terminal communication history; and a communication control setting unit 2002 that sets communication control relating to the terminals and the countermeasure devices for each of the plurality of zones.

Abstract: A device configured to identify a first set of clusters based on the group information and to determine a first cluster quantity that identifies a number of clusters within the first set of clusters. The device is further configured to obtain user interaction data for user devices, to input the user interaction data into a machine learning model, to receive a second set of clusters from the machine learning model based on the user interaction data, and to determine a second cluster quantity that identifies a number of clusters within the second set of clusters. The device is further configured to determine the second cluster quantity is greater than the first cluster quantity, to identify a cluster that is not present in the first set of clusters, and to modify settings on a user device from within the cluster.

Abstract: A wideband chaotic waveform that is rateless in that it may be modulated at virtually any rate and has a minimum of features introduced into the waveform. Further, the waveform provided may be operated below a signal to noise ratio wall to further enhance the LPD and LPE aspects, thereof. Additionally, the present disclosure may provide a mix of coherent and non-coherent processing techniques applied to signal samples to efficiently achieve coarse synchronization with a waveform that is faster, more efficient and more accurate than using time domain signal correlators alone.

Abstract: A method for implementing a migration action for a vulnerability includes receiving an indication that a target resource includes a vulnerability where the target resource is being hosted in a cloud environment and associated with a user of the cloud environment. The method also includes receiving a plurality of rules configured to mitigate vulnerabilities for cloud environment resources. The method further includes determining whether the plurality of rules include one or more rules corresponding to the vulnerability of the target resource. When the plurality of rules comprises the one or more rules corresponding to the vulnerability of the target resource, the method includes applying a reversible mitigation action associated with a respective rule of the one or more rules corresponding to the vulnerability of the target resource.

Abstract: This disclosure is related to methods and apparatus used to for preventing malicious content from reaching a destination via a dynamic analysis engine may operate in real-time when packetized data is received. Data packets sent from a source computer may be received and be forwarded to an analysis computer that may monitor actions performed by executable program code included within the set of data packets when making determinations regarding whether the data packet set should be classified as malware. In certain instances all but a last data packet of the data packet set may also be sent to the destination computer while the analysis computer executes and monitors the program code included in the data packet set. In instances when the analysis computer identifies that the data packet set does include malware, the malware may be blocked from reaching the destination computer by not sending the last data packet to the destination computer.

Abstract: Techniques are described for improving real-time application protection (RTAP) systems (e.g., web application firewalls (WAFs), runtime application self-protection (RASP) systems). In particular, a device within a trusted network may be configured to identify risks of the RTAP systems. For example, the device may compare a plurality of attack signatures, from configuration settings of an application protection system to a plurality of defects from a defect data store; determine that at least one configuration setting of the application protection system corresponding to an application does not include protections for at least one defect of the plurality of defects; and in response to determine that the at least one configuration setting of the application protection system does not include protections for the at least one defect, generate an alert corresponding to the at least one defect.

Abstract: A method for providing protection of a computing resource constrained device against cyberattacks may include collecting threat intelligence data in form of indicators of compromise (IoC). The indicators may include cyberattack chain related data. The method may also include determining a relevance of the cyberattack chain for the device, measuring a utilization of security measures in terms of their detection of the respective IoCs and their respective responses to the IoCs, measuring a resource consumption of the security measures, and determining a benefit value for at least one the security measure expressed by its utilization and a relevance value of the IoCs detected with it.

Abstract: An orchestration system is described that is configured to receive a request to monitor compliance of an enterprise infrastructure and generate an infrastructure change that is associated with the compliance of the enterprise infrastructure, based at least in part on a set of predetermined criteria. In doing so, the orchestration system may further generate one or more infrastructure change events based at least in part on instances of the infrastructure change within the enterprise infrastructure. The orchestration system may further generate a verification report for the enterprise infrastructure, based at least in part on the one or more infrastructure change events, and transmit the verification report to a registered user associated with the request.

Abstract: Mechanisms for mitigating damage resulting from a website being an intermediary in a cyberattack, comprising: detecting a domain name server query made to the website; making a request to the website; receiving a header in response to the request; inspecting the header to identify a software stack component of the website; cross-referencing the software stack component to a common vulnerabilities and exposures (CVE) database to identify a CVE that applies to the software stack component; applying a rule to determine the impact of the CVE on whether the website is a possible intermediary in a cyberattack; determining that the website is a possible intermediary in a cyberattack; and taking action on the website to mitigate damage resulting from the website being an intermediary in a cyberattack.

Abstract: Methods, systems, and computer-readable storage media for receiving a process aware AAG from computer-readable memory, the process aware AAG having been generated from the AAG, processing the process aware AAG to consolidate asset nodes to group nodes at least partially by providing metadata describing an asset node to a set of properties of a group node and pruning the asset node and any child nodes of the asset node from the process aware AAG, providing the aggregation graph by identifying relationships between group nodes and, for each relationship, inserting an edge between group nodes, and aggregating one or more of a set of node properties and a set of edge properties for each group node or edge, respectively, storing the aggregation graph to computer-readable memory, and executing one or more remedial actions in the enterprise network in response to analytics executed on the aggregation graph.

Abstract: Systems and methods for dynamically training a threat detection system include monitoring security analyst workflow data from security analysts analyzing scans of security logs. The workflow data includes rules applied to security log scan results, rule results selected for further analysis, tags applied to rule results, filters applied to rule results, rankings applied to rule results, or actions associated with a pivot by security analysts. A tagging classifier is then trained based on tags assigned to scan results. A review classifier is trained based on scan results previously reviewed by security analysts. A filter and ranking method is trained based on filters and rankings applied to the scan results. An automated threat hunting playbook is generated including the tagging classifier, the review classifier, and the filter and ranking method. The automated threat hunting playbook generates one or more scripts to automatically analyze incoming security data.

Abstract: Systems and methods for creating and handling workspace indicators of compromise (IOC) based upon configuration drift are described. In some embodiments, a memory storage device may have program instructions stored thereon that, upon execution by one or more processors of an Information Handling System (IHS) of a workspace orchestration service, cause the IHS to: receive configuration information from a client IHS at a workspace orchestration service, where the configuration information represents a change in a configuration of a workspace executed by the client IHS, and where the workspace is instantiated based upon a workspace definition provided by the workspace orchestration service; determine, by the workspace orchestration service, that the configuration information matches an IOC; and transmit, from the workspace orchestration service to the client IHS, an instruction to perform an action responsive to the IOC.