Abstract: Embodiments detect cyberattack campaigns against multiple cloud tenants by analyzing activity data to find sharing anomalies. Data that appears benign in a single tenant's activities may indicate an attack when the same or similar data is also found for additional tenants. Attack detection may depend on activity time frames, on how similar certain activities of different tenants are to one another, on how unusual it is for different tenants to share an activity, and on other factors. Sharing anomaly analysis may utilize hypergeometric probabilities or other statistical measures. Detection avoidance attempts using digital entity randomization are revealed and thwarted. Authorized vendors may be recognized, mooting anomalousness. Although data from multiple tenants is analyzed together for sharing anomalies while monitoring for attacks, tenant confidentiality and privacy are respected through technical and legal mechanisms. Mitigation is performed in response to an attack indication.

Abstract: Embodiments detect cyberattack campaigns against multiple cloud tenants by analyzing activity data to find sharing anomalies. Data that appears benign in a single tenant's activities may indicate an attack when the same or similar data is also found for additional tenants. Attack detection may depend on activity time frames, on how similar certain activities of different tenants are to one another, on how unusual it is for different tenants to share an activity, and on other factors. Sharing anomaly analysis may utilize hypergeometric probabilities or other statistical measures. Detection avoidance attempts using entity randomization are revealed and thwarted. Authorized vendors may be recognized, mooting anomalousness. Although data from multiple tenants is analyzed together for sharing anomalies while monitoring for attacks, tenant confidentiality and privacy are respected through technical and legal mechanisms. Mitigation is performed in response to an attack indication.

Abstract: Embodiments detect cyberattack campaigns against multiple cloud tenants by analyzing activity data to find sharing anomalies. Data that appears benign in a single tenant's activities may indicate an attack when the same or similar data is also found for additional tenants. Attack detection may depend on activity time frames, on how similar certain activities of different tenants are to one another, on how unusual it is for different tenants to share an activity, and on other factors. Sharing anomaly analysis may utilize hypergeometric probabilities or other statistical measures. Detection avoidance attempts using entity randomization are revealed and thwarted. Authorized vendors may be recognized, mooting anomalousness. Although data from multiple tenants is analyzed together for sharing anomalies while monitoring for attacks, tenant confidentiality and privacy are respected through technical and legal mechanisms. Mitigation is performed in response to an attack indication.

Abstract: The principles described herein relate to the training and implementation of a model designed to estimate the probability of new security incidents being true incidents. This occurs in an environment where a service such as a SIEM monitors a network of computing systems and other resources and detects a variety of incidents that could be security threats. These incidents are reported to the SOC for investigation and the SOC will take appropriate action to mitigate potential threats of true security breaches. As part of the investigation process, the SOC can label whether a security incident is true, false or benign. After labeling enough security incidents a model can be produced to estimate the probability that new security incidents are true incidents. This would help the SOC filter through security incidents more efficiently and allow for quicker response of the most likely security breaches.

Abstract: Examples described herein include a cache controller and a cache device. In some examples, the cache controller is configured, when operational, to: during processor operation, dynamically adjust a maximum number of allocated pinned regions in the cache device based on usage of pinned regions. In some examples, the cache controller is to store an entry into a tag memory based on a number of pinned entries in the cache device not being exceeded. In some examples, the entry includes meta-data information indicative of whether the data is stored in the cache device.

Abstract: There is disclosed in one example a computing system, including: a processor including one or more computing cores; a cache having n discrete cache banks of the same cache level; and a cache controller including n discrete cache buses to communicatively couple the cache controller to the cache, wherein the cache buses are of width b, and a cache access controller configured to: receive an access request for an object of size s, wherein s>b; divide the object into k chunks of size b or smaller; and transfer the object to or from the cache in one or more iterations, the iterations including transferring n chunks of size b or smaller in parallel via the cache buses.