Abstract: A compliance monitor measures metrics regarding one or more managed devices in a network. The compliance monitor generates a log based on the information detected by the measurement trackers and to transmit a report based on the generated log to a recipient. The compliance monitor also initiates one or more security actions based on the one or more measurement trackers indicating that a measured metric exceeds an associated threshold measurement value.

Abstract: Existing data residency compliance techniques suffer from inherent drawbacks to discover the spread of data, understanding the data residency regulations and semantics behind them and most importantly placement of data in cloud datacenters such that it is data residency compliant. Embodiments herein provide a method and system for optimizing placement of data to a cloud datacenter complying data residency regulations. The system selects one serving cloud datacenter for a user center. The selection considers three conflicting objectives such as minimum data placement cost, provide good quality of service (i.e. latency) and to comply with data residency regulations. The system essentially covers data residency compliance problem in three phases namely, violation detection, decision support and recommendation. Herein, the system trades-offs latency with data placement cost.

Abstract: Systems, computer program products, and methods are described herein for the convergent distribution of electronic digital certificates. The present invention may be configured to generate electronic digital certificates associated with artifacts, store the electronic digital certificates on a distributed ledger, and record, on the distributed ledger, interests of the users in the electronic digital certificates. The present invention may be configured to receive a request from at least one user of the group of users to combine ownership of the electronic digital certificates. The present invention may be configured to generate, based on the request and based on the electronic digital certificates, a combined electronic digital certificate. The present invention may be configured to store the combined electronic digital certificate on the distributed ledger.

Abstract: The present disclosure invention relates to a method for the anonymized transmission of sensor data of a vehicle to a vehicle-external receiving unit, to an anonymizing system, and to a receiving unit, the method including the following steps: determining the sensor data at a measurement location at a measurement time, determining a traffic density in an environment of the measurement location, determining an anonymized time and/or an anonymized location, calculating an anonymization probability of the vehicle, which results from the traffic density and the anonymized time and/or location, determining whether the anonymization probability meets a predetermined anonymization condition, and if the anonymization condition is met, transmitting the sensor data to the external receiving unit, the anonymized time being indicated as a measurement time indication and/or the anonymized location being indicated as a measurement location indication.

Abstract: Examples described herein provide a computer-implemented method that includes receiving a list of objects with anomaly detection results associated therewith. The method further includes generating a resource graph, wherein the resource graph comprises at least two nodes, each of the at least two nodes being associated with one of the objects. The method further includes determining a relationship between the at least two nodes. The method further includes assigning an anomaly score to at least one of the objects. The method further includes calculating for at least one of the nodes, an overall anomaly score for the at least one of the nodes based on the anomaly score for the at least one of the objects and based on the anomaly score for another node related to the at least one of the nodes.

Abstract: Systems, computer program products, and methods are described herein for the divergent distribution of electronic digital certificates. The present invention may be configured to generate an electronic digital certificate associated with an artifact, store the electronic digital certificate on a distributed ledger, and record, on the distributed ledger, an interest of the user in the electronic digital certificate. The present invention may be configured to receive a request from the user to divide ownership of the electronic digital certificate amongst a group of users. The present invention may be configured to determine shares in the electronic digital certificate by determining for each user of the group of users a share of the shares. The present invention may be configured to record, on the distributed ledger and based on the shares, interests of the group of users in the electronic digital certificate.

Abstract: Aspects of the disclosure relate to identity protection in event processing. A computing platform may modify a first distributed ledger to include user PII. The computing platform may generate an internal token representative of an identity for the user and an external token that may be used to process an event between the user and a counter party without exposing any user identity. The computing platform may send the external token to a counter party system. The computing platform may receive, from the counter party system, event processing information. The computing platform may store the event processing information and the external token in a second distributed ledger. The computing platform may receive a request for the event processing information, and may identify the internal/external tokens using the first distributed ledger. The computing platform may identify, using the external token, the event processing information stored on the second distributed ledger.

Abstract: A method and corresponding system is presented for controlling a blockchain transaction output and/or specifying the recipient of the output. It also provides a method of controlling and/or generating an electronic communication. The unlocking script is provided in order to spend an output from a further transaction (Tx2) on the blockchain. The input of the transaction (Tx1) and/or the output of the further transaction (Tx2) may be associated with a tokenised asset represented on, or referenced via, the blockchain. The notification address may be associated with an asset or resource represented on the blockchain, or a controller of an asset or resource represented on the blockchain. The notification address may be a network address, a cryptographic key, a uniform resource locator (URI), email address or any other address or identifier which can be represented in the metadata of a transaction script and used as a destination for an electronic communication.

Abstract: Some embodiments are directed to a system with a first cryptographic device (10) and second cryptographic device (20). The devices may compute a final seed from a preshared secret known to the devices, and on a pre-seed that exchanged between them. The final seed may be used to derive a common object (a).

Abstract: Aspects of the disclosure relate to real-time classification of content in a data transmission. A computing platform may detect, in real-time and via a computing device, a plurality of data transmissions between applications over a communications network. Then, the computing platform may retrieve, for a particular data transmission of the plurality of data transmissions, a content of the particular data transmission. The computing platform may then analyze, via the computing device, the content. Subsequently, the computing platform may determine, in real-time via the computing device and based on the analyzing, a security classification for the content. Then, the computing platform may cause, in real-time via the computing device, the content to be marked with the determined security classification.

Abstract: An anomaly detection system is disclosed. In an embodiment, the anomaly detection system includes an anomaly detection module and a warning indicator module. The anomaly detection module includes one or more auto-encoders that receive sensor data from a plurality of sensors. Each of the one or more auto-encoders receives sensor data from at least three different sensors of the plurality of sensors. By receiving data output from at least three of the sensors, the auto-encoder can recognize expected inter-related patterns from the sensor output. The warning indicator module compares an output of a given auto-encoder of the plurality of auto-encoders to an input of the given auto-encoder to obtain an error value, and then compares that error value against an error threshold. In response to the error value exceeding the error threshold, the warning indicator module issues a warning signal associated with the sensor data received by the given auto-encoder.

Abstract: The present invention is directed to a method, apparatus and computer-readable medium for utilizing a shared computer system. The method includes receiving, by way of at least one interface, an access request associated with a potential user of a financial entity for access to a secure data processing center of a financial regulatory system, wherein the secure data processing center is configured to share information associated with specified financial activities. The method includes determining a classification of the potential user with respect to one or more potential or actual access rights to be associated with the potential user for accessing the secure data processing center. The determined classification of the potential user is that the potential user is an eligible user of the secure data processing center as defined by an accrediting organization of the financial regulatory system.

Abstract: A method for accessing cloud resources via a local application development environment on a computing device. The method includes invoking an access management client at the computing device; obtaining an account identifier associated with a user account and communicating the account identifier to an identity platform; receiving an authentication message from the identity platform in response to the identity platform validating the account identifier, the authentication message comprising a role identifier; communicating the authentication message to the cloud platform; receiving security credentials associated with the role identifier from the cloud platform in response to the cloud platform validating the authentication message and the associated role identifier; setting a variable in the local development environment based on the received security credentials for use by the local development environment to request access to one or more resources maintained by the cloud platform.

Abstract: Systems and methods for improving security event classification by leveraging user-behavior analytics are provided. According to an embodiment, a UEBA-based security event classification service of a cloud-based security platform maintains information regarding historical user behavior of various users of an enterprise network. An endpoint protection platform running on an endpoint device that is part of the enterprise network performs an initial classification of the event, based on which the endpoint protection platform blocks activity by the process. The endpoint production platform requests input from the cloud-based security platform which causes the cloud-based security platform performs a reclassification of the event based on contextual information, multiple data feeds and the UEBA-based security event classification service.

Abstract: Systems and methods for building systems of honeypot resources for the detection of malicious objects in network traffic. A system includes at least two gathering tools for gathering data about the computer system on which it is installed, a building tool configured for building at least two virtual environments, each including an emulation tool configured for emulating the operation of the computer system in the virtual environment, and a distribution tool configured for selecting at least one virtual environment for each computer system and for establishing connection between the computer system and the virtual environment.

Abstract: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.

Abstract: A method for detecting threat pathways using sequence graphs includes constructing a sequence graph from a set of data containing information about activities in a telecommunications service provider network, where the sequence graph represents a subset of the activities that occurs as a sequence, providing an embedding of the sequence graph as input to a machine learning model, wherein the machine learning model has been trained to detect when an input embedding of a sequence graph is likely to indicate a threat activity, determining, based on an output of the machine learning model, whether the subset of the activities is indicative of the threat activity, and initiating a remedial action to mitigate the threat activity.

Abstract: The network reachability module maps and dynamically tracks network reachability of network addresses and/or devices. The network reachability module can map and dynamically track network reachability of a response-orchestrator engine, via communicating and cooperating with the response-orchestrator engine. The network reachability module has a tracking module to 1) monitor network traffic and 2) keep a list of known devices and/or known subnets on the network, which is dynamically tracked and updated as previously unknown devices and subnets on the network are detected. A trigger module generates a spoofed transmission and/or response communication, supported by a network protocol used by the network. The spoofed transmission and/or response communication can be used to map network reachability of i) network devices, ii) network addresses, and iii) any combination of both, which either 1) can receive or 2) cannot receive protocol communications from a host for the network reachability module in the network.

Abstract: Machine learning techniques are described for analyzing information network traffic to identify different devices connected to a network. Transmitted network packets may be passively collected and analyzed. In some cases the described techniques may be used to identify distinct devices connected to a network even though the collected and analyzed packets may lack a unique device identifier, such as a media access control (MAC) identifier, corresponding to a device that originated the packets.

Abstract: In some aspects, a method for mediation of a screenshot capture by a client application based on policy includes identifying, by a client application on a client device, a policy for mediating one or more screenshots of content displayed via the client application. An embedded browser within the client application accesses a network application of one or more servers. The method further includes intercepting, by the client application, a request to capture a screenshot of at least a portion of the network application being displayed, determining, by the client application, one or more mediation actions to perform on the screenshot responsive to the policy, performing, by the client application, the one or more mediation actions on the screenshot, and providing, by the client responsive to the request, the screenshot resulting from the one or more mediation actions.