Abstract: A system, method, and computer-readable medium are disclosed for management of a distributed web application firewall (WAF) cluster that supports one or more protected applications. A WAF cluster infrastructure is configured for the protected applications. The WAF cluster includes one or more WAFs that are used to route traffic directed to the protected applications. The WAF cluster infrastructure is validated as to be current and updated. The validated WAF cluster infrastructure is then used as routing service.

Abstract: A compliance monitor measures metrics regarding one or more managed devices in a network. The compliance monitor generates a log based on the information detected by the measurement trackers and to transmit a report based on the generated log to a recipient. The compliance monitor also initiates one or more security actions based on the one or more measurement trackers indicating that a measured metric exceeds an associated threshold measurement value.

Abstract: The present invention relates to a method for automatic aggregating and enriching data from honeypots comprising defining a plurality of identified honeypots of a different type to be monitored in a network; collecting metadata and samples from said honeypots of a different type in said network, which in turn comprises defining a predefined collection model for the honeypots such as to collect homogeneous metadata and samples among the honeypots of a different type, extracting the metadata according to the collection model defining a model metadata, and extracting the samples according to the collection model defining model samples; enriching said metadata and sample collected, which in turn comprises scanning the model metadata to extract IoCs, scanning the model samples to extract IoCs, recursively scanning the model samples to generate secondary model metadata and scanning the secondary model metadata to extract IoCs, until no further IoCs can be generated, recursively obtaining secondary samples from the

Abstract: Systems and methods for dynamic workspace targeting with crowdsourced user context are described. In some embodiments, an Information Handling System (IHS) of a workspace orchestration service may include a processor; and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the IHS to: detect execution of an application in a workspace instantiated by a client IHS; validate the application based upon productivity context information and security context information received from the client IHS; and in response to the validation, distribute the validated application to another workspace instantiated by another client IHS.

Abstract: A system, a method, and a computer program for protecting data traffic from a communication device against fingerprinting or privacy leakage. The method can include receiving data traffic from a communication device connected to a network, parsing a device identification value for the communication device from the received data traffic, and determining at least one of (i) a data transmission rate based on a first portion of the device identification value, (ii) a number of destinations based on a second portion of the device identification value, and (iii) a data payload size based on a third portion of the device identification value. The method can include generating forged data traffic for the communication device based on the determined at least one of data transmission rate, number of destinations and data payload size, and transmitting the forged data traffic to an external communication device that is located outside the network.

Abstract: The disclosed computer-implemented method for protecting user data privacy against web tracking during browsing sessions may include (i) detecting a user request, including a private domain, for a website in a web browser address bar during a browsing session, (ii) separating, utilizing a browser container, a user browsing state associated with the private domain from other domains during the browsing session, (iii) routing the user website request to one or more servers in a random order to run the browsing session, (iv) performing a browsing state security action that protects against cross-website tracking by discarding user browsing state data collected during the browsing session, and (v) performing a web isolation security action that protects against use of browser fingerprint data for conducting malicious attacks based on the routing of the user website request to the servers in the random order. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems and methods are disclosed for automatically predicting a risk score of a user login attempt by receiving a user login attempt and generating a login feature vector associated with the user login attempt. The systems and methods further train a machine learning technique to establish a relationship between the login feature vector and the risk score. The trained machine learning technique is applied to new user login attempts to predict a risk score associated with the login attempt and issue an authentication challenge to the user if the risk score exceeds a predetermined threshold value.

Abstract: A computing device includes a memory and at least one processor configured to cooperate with the memory. The processor is to boot the computing device, and direct generated data to data storage. The data storage includes at least one persistent layer and a non-persistent layer. The processor determines if the data is to be stored in the at least one persistent layer or the non-persistent layer based on a version of the operating system being used to boot the computing device.

Abstract: Electronic publications are increasingly replacing physical media but to date standards have evolved to mimic these physical media. Accordingly it is beneficial to provide electronic publication software systems and/or software applications to enable new paradigms that provide consumers, authors, publishers, retailers, and others with new models for releasing digital content from editorial and authorship viewpoints; new models for providing digital rights management with licensing, re-assignable rights and the ability to issue sub-rights or issue partial licenses with predetermined validity; new models for publishers to release revised editions, errata, new additions, etc; engaging social network type collaborative behavior within work and private environments with associated content (annotations) to the original release content; and supporting discussion and information dissemination within a wide variety of environments from education to business to book clubs etc.

Abstract: A method and system for accessing stored data includes receiving a request to access data stored in a data storage unit. The request requires one or more data operations to be performed by a system having access to the stored data. Responsive to the data request, one or more locks are derived and assigned to one or more of the data operations. Each of the locks control invocation of the data operations to which the respective lock is assigned. The deriving is based in part on (i) user context data obtained from a user issuing the request and (ii) data context comprising one or more attributes of the request. Each of the one or more locks is unlocked and the one or more data operations are invoked after the one or more locks are unlocked.

Abstract: Aspects of the disclosure relate to real-time classification of content in a data transmission. A computing platform may detect, in real-time and via a computing device, a plurality of data transmissions between applications over a communications network. Then, the computing platform may retrieve, for a particular data transmission of the plurality of data transmissions, a content of the particular data transmission. The computing platform may then analyze, via the computing device, the content. Subsequently, the computing platform may determine, in real-time via the computing device and based on the analyzing, a security classification for the content. Then, the computing platform may cause, in real-time via the computing device, the content to be marked with the determined security classification.

Abstract: A computing apparatus to provide endpoint detect and response (EDR) filtering to an enterprise, including: a processor and memory; a network interface; a network protocol to communicatively couple to a data source via the network interface; and instructions encoded within the memory to provide an EDR filtering pipeline to receive an unfiltered EDR stream via the network interface, extract an EDR record from the EDR stream, and apply a hash to the EDR record to determine that the EDR record is uncommon in context of the enterprise; and a decorator module to decorate the EDR record for in-depth analysis.

Abstract: An artifact is received from which features are extracted so as to populate a vector. The features in the vector can be reduced using a feature reduction operations to result in a modified vector having a plurality of buckets. A presence of predetermined types of features are identified within buckets of the modified vector influencing a score above a pre-determined threshold. A contribution of the identified features within the high influence buckets of the modified vector is then attenuated. The modified vector is input into a classification model to generate a score which can be provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.

Abstract: Endpoint devices for use, e.g., in distributed environments such as a healthcare institutions comprise, in various embodiments, (i) a processor, (ii) an operating system, (iii) a computer memory, and (iv) instructions stored in the memory and executable by the processor for defining a plurality of user applications, a plurality of sensors for monitoring calls to the operating system, a plurality of actuators for causing the processor to take specified actions for mitigating a threat or anomaly, and an intelligent controller for analyzing time-windowed data from the sensors based on a predictive response model to detect anomalous behavior, and upon detecting such behavior, instructing an actuator to take a specified mitigation action.

Abstract: Systems and methods for improving security event classification by leveraging user-behavior analytics are provided. According to an embodiment, a UEBA-based security event classification service of a cloud-based security platform maintains information regarding historical user behavior of various users of an enterprise network. An endpoint protection platform running on an endpoint device that is part of the enterprise network performs an initial classification of the event, based on which the endpoint protection platform blocks activity by the process. The endpoint production platform requests input from the cloud-based security platform which causes the cloud-based security platform performs a reclassification of the event based on contextual information, multiple data feeds and the UEBA-based security event classification service.

Abstract: An artefact is received. Features are later extracted from the artefact and are used to populate a vector. The vector is input into a classification model to generate a score. This score is then modified using a time-based oscillation function and is provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.

Abstract: There are provided systems and methods for identifying patterns in computing attacks through an automated traffic variance finder. A service provider, such as an electronic transaction processor for digital transactions, may determine network traffic logs caused or generated by malicious web traffic and network communications, such as during a computing attack by a bad actor. The service provider may generate a log signature for the network traffic log based on a variance or uniqueness of the network traffic logs IP address from other network traffic logs for each field in the network traffic log over a time period, and a spread in the commonality of the network traffic log with other network traffic logs. An aggregate score for each field may be determined based on the variance and the spread. Once determined, the log signature may be used to identify other network traffic logs through a search function.

Abstract: The invention provides a method and corresponding system for controlling a blockchain transaction output and/or specifying the recipient of the output. It also provides a method of controlling and/or generating an electronic communication. The invention is a blockchain-implemented solution, which may or may not be the Bitcoin blockchain. In a preferred embodiment of the invention, the method may comprise the step of sending an electronic notification to a notification address which is provided as metadata within an unlocking script of an input of a transaction (Txi) on a blockchain. The unlocking script is provided in order to spend an output from a further transaction (Tx2) on the blockchain. The input of the transaction (Txi) and/or the output of the further transaction (Tx2) may be associated with a tokenised asset represented on, or referenced via, the blockchain.

Abstract: A malicious object detection system for use in managed runtime environments includes a check circuit to receive call information generated by an application, such as an Android application. A machine learning circuit coupled to the check circuit applies a machine learning model to assess the information and/or data included in the call and detect the presence of a malicious object, such as malware or a virus, in the application generating the call. The machine learning model may include a global machine learning model distributed across a number of devices, a local machine learning model based on use patterns of a particular device, or combinations thereof. A graphical user interface management circuit halts execution of applications containing malicious objects and generates a user perceptible output.

Abstract: Systems and methods provide a transient component limited access to data in a composition. One method includes receiving a request for the transient component to access data in the composition. The composition may include permanent components operable to utilize encryption keys generated at selected intervals from a seed value shared by the permanent components. The encryption keys utilized by the permanent components at each selected interval may be identical to one another. The method also includes generating a set of encryption keys from the seed value for a specified period of time. The set of encryption keys may be identical to the encryption keys to be utilized by the permanent components at the selected intervals to occur during the specified period of time. The method further includes granting the transient component access to data in the composition for the specified period of time via the set of encryption keys.