Abstract: A security client can be configured to operate on the one or more computing systems and record all events occurring on the one or more computing systems. The security client can operate as a “security camera” for the computing systems by identifying and retaining data and information that describes and details different events that occur on the computing systems. The security client can be configured to generate event records for the events that are uniquely associated with the process that requested or performed event. Likewise, the security client can be configured to uniquely associate the event records with the specific computing system associated with the event.

Abstract: A security client can be configured to operate on the one or more computing systems and record all events occurring on the one or more computing systems. The security client can operate as a “security camera” for the computing systems by identifying and retaining data and information that describes and details different events that occur on the computing systems. The security client can be configured to generate event records for the events that are uniquely associated with the process that requested or performed event. Likewise, the security client can be configured to uniquely associate the event records with the specific computing system associated with the event.

Abstract: The technology disclosed relates to securely encrypting a document. In particular, it relates to accessing a key-manager with a triplet of organization identifier, application identifier and region identifier and in response receiving a triplet-key and a triplet-key identifier that uniquely identifies the triplet-key. Also, for a document that has a document identifier (ID), the technology disclosed relates to deriving a per-document key from a combination of the triplet-key, the document ID and a salt. Further, the per-document key is used to encrypt the document.

Abstract: Technologies are provided in embodiments for receiving policy information associated with at least one security exception, the security exception relating to execution of at least one program, determining an operation associated with the security exception based, at least in part, on the policy information, and causing the operation to be performed, based at least in part, on a determination that the at least one security exception occurred.

Abstract: Systems and methods are provided for a content-based security for computing devices. An example method includes identifying content rendered by a mobile application, the content being rendered during a session, generating feature vectors from the content and determining that the feature vectors do not match a classification model. The method also includes providing, in response to the determination that the feature vectors do not match the classification model, a challenge configured to authenticate a user of the mobile device. Another example method includes determining a computing device is located at a trusted location, capturing information from a session, the information coming from content rendered by a mobile application during the session, generating feature vectors for the session, and repeating this until a training criteria is met. The method also includes training a classification model using the feature vectors and authenticating a user of the device using the trained classification model.

Abstract: Provided is an information processing apparatus including a sensor data obtaining unit configured to obtain predetermined information from a sensor, the sensor obtaining the predetermined information by sensing, and a key generation unit configured to generate key information for use in an authentication process, based on the information which is obtained by the sensor data obtaining unit during a predetermined period of time.

Abstract: Embodiments of the present application relate to a method for policy enforcement, a system for policy enforcement, and a computer program product for policy enforcement. A method for policy enforcement is provided. The method includes receiving a host information profile report from a client device, and enforcing a security policy for network access based on the host information profile report. The host information profile report includes device profile information associated with the client device.

Abstract: Suspicious file prospecting activity is detected based on patterns of file system access. A user's file system access is monitored over a specific time period. A sequence of the file accesses (e.g., represented as path names) made by the user during the time period is recorded. Distances between the recorded file accesses are determined, for example as edit distances. A distance sequence is recorded, comprising a record of the determined distances. The distance sequence is reduced to one or more baseline statistics describing the pattern of the user's access of the file system during the given period of time. At least one subsequent anomaly in the user's access of the file system is detected, by comparing at least one subsequently calculated statistic representing at least one subsequent pattern of the user's file system access to the at least one baseline statistic.

Abstract: For coupling a first communication partner with a second communication partner, a signal source sends a radio signal to the first communication partner via a first channel. The first communication partner ascertains a first measured value of a measuring variable related to the first channel during the receiving of the radio signal, ascertains a first comparative value as a function of the first measured value, and sends the first comparative value to the second communication partner. The second communication partner ascertains a first relationship measure between the first comparative value and a second comparative value, and couples with the first communication partner if the first relationship measure exceeds a specified threshold value.

Abstract: The disclosed computer-implemented method for improving the classification accuracy of trustworthiness classifiers may include (1) identifying a set of training data that is available for training trustworthiness classifiers used to classify computing resources as clean or malicious, (2) selecting, based at least in part on a characteristic of a specific organization, a subset of training data from the set of training data that is available for training trustworthiness classifiers, (3) training a trustworthiness classifier for the specific organization using the subset of training data selected based at least in part on the characteristic of the specific organization, and then (4) applying the trustworthiness classifier to at least one computing resource encountered by the specific organization to classify the computing resource as clean or malicious. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The subject disclosure relates to a method for initiating an accelerated desktop session between a client device and a remote server. In some aspects, the method includes steps for receiving, via a network gateway, a remote desktop connection request, initiating a first connection with a client device via the network gateway using a first communication protocol and sending a token to the client device via the network gateway. In certain aspects, the method further comprises initiating a second connection with the client device, via a proxy, wherein the second connection is established using a second communication protocol. A client device and computer-readable medium are also provided.

Abstract: To provide enhanced operation of computing systems to control access to audit logging resources by virtual machines, various systems, apparatuses, methods, and software are provided herein. In a first example, a method of operating a computing system is provided. The method includes receiving requests for audit credentials from virtual machines, and responsively providing individualized audit credentials to the virtual machines based at least on identities of the virtual machines. The method also includes, in the audit system, authorizing storage of audit data transferred by the virtual machines based at least on the individualized audit credentials accompanying the audit data. The method also includes, in the authorization system, selectively de-authorizing one or more of the virtual machines and reporting information regarding the de-authorized one or more of the virtual machines to the one or more audit systems.

Abstract: A method and system for recording data including content in a recording medium on a computer apparatus. First encrypted data, obtained by encrypting the data using a medium key created for each recording medium, is recorded in a recording medium. Second encrypted data, obtained by encrypting the medium key using a public key, is recorded in the recording medium. A private key corresponding to the public key is not recorded in the recording medium.

Abstract: The present invention is a device, system and method for providing a more secure full motion video with metadata streaming product. More specifically, the invention is capable of ensuring a more secure video transfer from a less secure input data network to a more secure data receiving network through the use of a firewall on the less secure input network interface, which is used for separating video and discarding other unwanted data, and an Air Gap that physically separates the input and output networks. This physical separation ensures a secure transfer of the “cleaned” input data from the less secure input source to the more secure data receiving network.

Abstract: A system includes a first computing device and a second computing device. The first computing device includes a port. The second computing device is configured to communicate with the first computing device. The system also includes a port security device configured to restrict access to the port. The port security device includes a transceiver configured to communicate with a third computing device. The third computing device is configured to determine a status of the port security device. At least one of the port security device and the third computing device includes a user interface configured to provide an indication of the status of the port security device.

Abstract: The present invention describes a system and method for tokenization of data. The system includes a receiver configured to receive a request for tokenization. The request for tokenization comprises an input data to be tokenized. The system also includes a parser configured to determine one or more datatype from the input data. The system further includes a trained artificial neural network to generate a token for the input data based on a tokenization technique corresponding to the datatype of the input data.

Abstract: Automatically establishing and/or modifying a trust relationship between devices, including mobile devices, in communication, and customizing a user interface workflow based on the trust relationship. Trust relationships are based on numerous proximity-related factors including automatically gathered proximity data, length of time in proximity, and signals detected from a target communication device as well as other nearby communication devices.

Abstract: A computer-implemented method is described to monitor and control enterprise information stored on a cloud computing service (CCS). The method includes using a cross-application monitor to detect a cloud computing service (CCS) application programming interface (API) in use and a function or an activity being performed via the CCS API. The method also includes determining the function or the activity being performed via the CCS API by parsing a data stream based on the CCS API and identifying content being transmitted to the CCS. The method further includes applying a content inspection rule to find strings and interrelated strings in the content that are subject to content control and triggering a security action responsive to finding the strings and interrelated strings subject to content control in the parsed stream.

Abstract: In one embodiment, a device receives a classifier tracking request from a coordinator device that specifies a classifier verification time period. During the classifier verification time period, the device classifies a set of network traffic that includes traffic observed by the device and attack traffic specified by the coordinator device. The device generates classification results based on the classified set of network traffic and provides the classification results to the coordinator device.

Abstract: Methods and systems for improved attack context data logging are provided. According to one embodiment, prior to a logging event being triggered (i) it is determined by a network security device whether a received packet is potentially associated with a threat or undesired activity by analyzing the packet; (ii) when the determination is negative, the packet is stored within a circular buffer; and (iii) when the determination is affirmative, (a) the logging event is triggered, (b) pre-attack context information regarding the threat is captured by extracting information from packets within the circular buffer and (c) the pre-attack context information is stored within a log. After the logging event has been triggered and until information regarding a predefined quantity of packets has been logged, post-attack context information regarding the threat is captured by extracting information from subsequently received packets and the post-attack context information is stored within the log.