Abstract: The exemplary embodiments described herein relate to systems and methods for identifying and authenticating a mobile platform. One embodiment relates to a method comprising receiving, by a mobile platform, a digital certificate from an integrated circuit card (“ICC”) via close-proximity radio communication, verifying the digital certificate with a digital signature stored on the mobile platform, and booting the mobile platform upon verification of the digital certificate of the ICC. A further embodiment relates to a mobile platform, comprising a non-transitory computer readable storage medium storing a digital signature, and a processor receiving a digital certificate from an integrated circuit card (“ICC”) via close-proximity radio communication between the ICC and the mobile platform, verifying the digital certificate with the digital signature, booting the mobile platform upon verification of the digital certificate of the ICC.

Abstract: An apparatus including a memory and a processor that can receive information about asset-agnostic threat information from a source. The processor can receive an indication of an importance of a first organization asset, and can calculate a threat score for the first organization asset based on the information about the asset-agnostic threat information. The processor can calculate a threat score for a second organization asset based on (1) a relationship between the first organization asset and the second organization asset, and (2) the indication of the importance of the first organization asset. The processor can perform threat mitigation for the first organization asset when the threat score for the first organization asset exceeds a predetermined threshold. The processor can perform threat mitigation for the second organization asset when the threat score for the second organization asset exceeds the predetermined threshold.

Abstract: A virtualization environment is provided to include a security management instance and an application instance. The application instance is separated from the security management instance and includes a first operating system and a particular software application. The security management instance includes a second operating system and one or more security tools to provide security for the particular application. Data for the application instance is received at the security management instance, the data is processed using at least one of the security tools, and the processed data is securely passed from the security management instance to the application instance.

Abstract: A virtualization environment is provided to include a security management instance and an application instance. The application instance is separated from the security management instance and includes a first operating system and a particular software application. The security management instance includes a second operating system and one or more security tools to provide security for the particular application. Data for the application instance is received at the security management instance, the data is processed using at least one of the security tools, and the processed data is securely passed from the security management instance to the application instance.

Abstract: A plurality of devices in a system are identified, each device having an operational context. One of a plurality of agents are identified for each of the plurality of devices, which correspond to the device. Data is received from the plurality of agents that describes security attributes of the plurality of devices. Policy data is sent to each of the plurality of agents to cause a set of security policies to be applied to the plurality of devices through the security management instances. Each of the plurality of agents can be provided in a respective security management instance separate from the operational context.

Abstract: A connection is established between a network gateway and a particular device. An identity is generated for the particular device and a secure communication tunnel is established with another device at the network gateway using the identity. The secure communication tunnel can be established by the network gateway on behalf of the other device and is for use by the particular device to communicate with the other device. Data to be received from the other device over the secure communication tunnel can be sent on the connection to the particular device.

Abstract: The exemplary embodiments described herein relate to systems and methods for identifying and authenticating a mobile platform. One embodiment relates to a method comprising receiving, by a mobile platform, a digital certificate from an integrated circuit card (“ICC”) via close-proximity radio communication, verifying the digital certificate with a digital signature stored on the mobile platform, and booting the mobile platform upon verification of the digital certificate of the ICC. A further embodiment relates to a mobile platform, comprising a non-transitory computer readable storage medium storing a digital signature, and a processor receiving a digital certificate from an integrated circuit card (“ICC”) via close- proximity radio communication between the ICC and the mobile platform, verifying the digital certificate with the digital signature, booting the mobile platform upon verification of the digital certificate of the ICC.