Abstract: Techniques are disclosed for analyzing data related to computer applications and identifying suspect instances of such applications based on rolling baseline. The analysis is performed by a baseline engine that first establishes a rolling baseline with a centroid of a conceptual hypercube. The centroid represents the normal population of data packets for a given type of computer application. Data packets far enough away from the centroid indicate an anomaly or a suspect event for that computer application. An early detection of such suspect events and suspect application instances can prevent catastrophic downstream consequences for the concerned party/parties. Related embodiments also record suspect events and the identity of the suspect applications in a private and/or public distributed ledger, including a blockchain.

Abstract: Data surveillance techniques are presented for the detection of security and/or performance issues on a zero-trust computer network. There is a network device policy manager that works in conjunction with a network data policy manager and which is in charge of performing the above data surveillance. Of special interest are those security issues where privileged data may be stolen by steganographic, data manipulation or any form of exfiltration attempts. Such attempts may be made by rogue users or admins from the inside of a network, or from outside hackers who are able to intrude into the network but can impersonate themselves as legitimate users. The above data surveillance techniques are also applied for detecting intentional or unintentional exfiltration/leak of privileged data/assets between unauthorized users/groups of the organization.

Abstract: Techniques are disclosed for identifying indicators of compromise in a variety of medical/healthcare objects. The objects may be finished products or components of medical/healthcare objects/devices. The indicators of compromise in the objects are determined/detected by analyzing their data residing in a cloud. The analysis is performed by an instant baseline engine that first establishes a rolling baseline with a centroid of a conceptual hypercube. The centroid represents the normal population of data packets. Data packets far enough away from the centroid indicate an anomaly that may be an indicator of a compromise of/in the respective object. An early detection of such indicators of compromise in the objects can prevent catastrophic downstream consequences with the potential of saving lives and/or protecting them from harm.

Abstract: Techniques are disclosed for identifying indicators of compromise in a variety of objects. The objects may be finished products or components thereof. The indicators of compromise in the objects are determined/detected by analyzing their data which may reside in a cloud. The analysis is performed by an instant baseline engine that first establishes a rolling baseline with a centroid of a conceptual hypercube. The centroid represents the normal population of data packets. Data packets far enough away from the centroid indicate an anomaly that may be an indicator of a compromise of/in the respective object. An early detection of such indicators of compromise in the objects can prevent catastrophic downstream consequences for the concerned party/parties.

Abstract: Data surveillance techniques are presented for the detection of security and/or performance issues on a zero-trust computer network. There is a network device policy manager that works in conjunction with a network data policy manager and which is in charge of performing the above data surveillance. Of special interest are those security issues where privileged data may be stolen by steganographic, data manipulation or any form of exfiltration attempts. Such attempts may be made by rogue users or admins from the inside of a network, or from outside hackers who are able to intrude into the network but can impersonate themselves as legitimate users. The above data surveillance techniques are also applied for detecting intentional or unintentional exfiltration/leak of privileged data/assets between unauthorized users/groups of the organization.

Abstract: Techniques are disclosed for identifying anomalous subjects and devices at a site. The devices may or may not be carried by or associated with subjects at the site. A number of various types of sensors may be utilized for this purpose. The sensors gather data about the subjects and devices. The data is processed by a data processing module which provides its output to a rolling baseline engine. The rolling baseline engine establishes a baseline for what is considered the “normal” behavior for subjects/devices at the site based on a desired dimension of analysis. Data associated with subjects/devices that is not normal is identified as an anomaly along with the associated subject/device. The findings are archived for performing analytics as required.

Abstract: Techniques are disclosed for identifying anomalous subjects and devices at a site. The devices may or may not be carried by or associated with subjects at the site. A number of various types of sensors may be utilized for this purpose. The sensors gather data about the subjects and devices. The data is processed by a data processing module which provides its output to a rolling baseline engine. The rolling baseline engine establishes a baseline for what is considered the “normal” behavior for subjects/devices at the site based on a desired dimension of analysis. Data associated with subjects/devices that is not normal is identified as an anomaly along with the associated subject/device. The findings are archived for performing analytics as required.

Abstract: Data surveillance techniques are presented for the detection of security issues, especially of the kind where privileged data may be stolen by steganographic, data manipulation or any form of exfiltration attempts. Such attempts may be made by rogue users or admins from the inside of a network, or from outside hackers who are able to intrude into the network and impersonate themselves as legitimate users. The system and methods use a triangulation process whereby analytical results pertaining to data protocol, user-behavior and packet content are combined to establish a baseline for the data. Subsequent incoming data is then scored and compared against the baseline to detect any security anomalies. The above data surveillance techniques are also applied for detecting intentional or unintentional exfiltration/leak of privileged data/assets between unauthorized users/groups of the organization. Such detection may be performed based on analyzing threat stream data from threat intelligence providers.

Abstract: Data surveillance techniques are presented for the detection of security issues, especially of the kind where privileged data may be stolen by steganographic, data manipulation or any form of exfiltration attempts. Such attempts may be made by rogue users or admins from the inside of a network, or from outside hackers who are able to intrude into the network and impersonate themselves as legitimate users. The system and methods use a triangulation process whereby analytical results pertaining to data protocol, user-behavior and packet content are combined to establish a baseline for the data. Subsequent incoming data is then scored and compared against the baseline to detect any security anomalies. The above data surveillance techniques are also applied for detecting intentional or unintentional exfiltration/leak of privileged data/assets between unauthorized users/groups of the organization.

Abstract: Data surveillance techniques are presented for the detection of security issues, especially of the kind where privileged data may be stolen by steganographic, data manipulation or any form of exfiltration attempts. Such attempts may be made by rogue users or admins from the inside of a network, or from outside hackers who are able to intrude into the network and impersonate themselves as legitimate users. The system and methods use a triangulation process whereby analytical results pertaining to data protocol, user-behavior and packet content are combined to establish a baseline for the data. Subsequent incoming data is then scored and compared against the baseline to detect any security anomalies. The above data surveillance techniques are also applied for detecting intentional or unintentional exfiltration/leak of privileged data/assets between unauthorized users/groups of the organization. Such detection may be performed based on analyzing threat stream data from threat intelligence providers.

Abstract: Data surveillance techniques are presented for the detection of security issues, especially of the kind where privileged data may be stolen by steganographic, data manipulation or any form of exfiltration attempts. Such attempts may be made by rogue users or admins from the inside of a network, or from outside hackers who are able to intrude into the network and impersonate themselves as legitimate users. The system and methods use a triangulation process whereby analytical results pertaining to data protocol, user-behavior and packet content are combined to establish a baseline for the data. Subsequent incoming data is then scored and compared against the baseline to detect any security anomalies. The above data surveillance techniques are also applied for detecting intentional or unintentional exfiltration/leak of privileged data/assets between unauthorized users/groups of the organization.

Abstract: Data surveillance techniques are presented for the detection of security issues, especially of the kind where privileged data may be stolen by steganographic, data manipulation or any form of exfiltration attempts. Such attempts may be made by rogue users or admins from the inside of a network, or from outside hackers who are able to intrude into the network and impersonate themselves as legitimate users. The system and methods use a triangulation process whereby analytical results pertaining to data protocol, user-behavior and packet content are combined to establish a baseline for the data. Subsequent incoming data is then scored and compared against the baseline to detect any security anomalies. A centroid representing the normal population of the data packets is identified. The design allows establishing the context of various events of interest in the organization, thus enabling dynamic management of security policies.

Abstract: Data surveillance techniques are presented for the detection of security issues, especially of the kind where privileged data may be stolen by steganographic, data manipulation or any form of exfiltration attempts. Such attempts may be made by rogue users or admins from the inside of a network, or from outside hackers who are able to intrude into the network and impersonate themselves as legitimate users. The system and methods use a triangulation process whereby analytical results pertaining to data protocol, user-behavior and packet content are combined to establish a baseline for the data. Subsequent incoming data is then scored and compared against the baseline to detect any security anomalies. A centroid representing the normal population of the data packets is identified. The movement or drift of the centroid in response to various events is measured and analyzed. This allows the system to evolve its baseline over time thereby preventing issuing false positives for such events.

Abstract: Data surveillance techniques are presented for the detection of security issues, especially of the kind where privileged data may be stolen by steganographic, data manipulation or any form of exfiltration attempts. Such attempts may be made by rogue users or admins from the inside of a network, or from outside hackers who are able to intrude into the network and impersonate themselves as legitimate users. The system and methods use a triangulation process whereby analytical results pertaining to data protocol, user-behavior and packet content are combined to establish a baseline for the data. Subsequent incoming data is then scored and compared against the baseline to detect any security anomalies. The design incorporates deployment in a distributed network so that the devices of the network participate in the detection of anomalies as a community.

Abstract: Data surveillance techniques are presented for the detection of security issues, especially of the kind where privileged data may be stolen by steganographic, data manipulation or any form of exfiltration attempts. Such attempts may be made by rogue users or admins from the inside of a network, or from outside hackers who are able to intrude into the network and impersonate themselves as legitimate users. The system and methods use a triangulation process whereby analytical results pertaining to data protocol, user-behavior and packet content are combined to establish a baseline for the data. Subsequent incoming data is then scored and compared against the baseline to detect any security anomalies. The design incorporates deployment in a distributed network so that the devices of the network participate in the detection of anomalies as a community.

Abstract: Data surveillance techniques are presented for the detection of security issues, especially of the kind where privileged data may be stolen by steganographic, data manipulation or any form of exfiltration attempts. Such attempts may be made by rogue users or admins from the inside of a network, or from outside hackers who are able to intrude into the network and impersonate themselves as legitimate users. The system and methods use a triangulation process whereby analytical results pertaining to data protocol, user-behavior and packet content are combined to establish a baseline for the data. Subsequent incoming data is then scored and compared against the baseline to detect any security anomalies. A centroid representing the normal population of the data packets is identified. The movement or drift of the centroid in response to various events is measured and analyzed. This allows the system to evolve its baseline over time thereby preventing issuing false positives for such events.

Abstract: Data surveillance techniques are presented for the detection of security issues, especially of the kind where privileged data may be stolen by steganographic, data manipulation or any form of exfiltration attempts. Such attempts may be made by rogue users or admins from the inside of a network, or from outside hackers who are able to intrude into the network and impersonate themselves as legitimate users. The system and methods use a triangulation process whereby analytical results pertaining to data protocol, user-behavior and packet content are combined to establish a baseline for the data. Subsequent incoming data is then scored and compared against the baseline to detect any security anomalies. A set of metadata layers related to the analysis are also maintained. The techniques are also applicable for detecting performance issues indicative of a system malfunction or deterioration.

Abstract: Data surveillance techniques are presented for the detection of security issues, especially of the kind where privileged data may be stolen by steganographic, data manipulation or any form of exfiltration attempts. Such attempts may be made by rogue users or admins from the inside of a network, or from outside hackers who are able to intrude into the network and impersonate themselves as legitimate users. The system and methods use a triangulation process whereby analytical results pertaining to data protocol, user-behavior and packet content are combined to establish a baseline for the data. Subsequent incoming data is then scored and compared against the baseline to detect any security anomalies. A centroid representing the normal population of the data packets is identified. The design allows establishing the context of various events of interest in the organization, thus enabling dynamic management of security policies.

Abstract: Data surveillance techniques are presented for the detection of security issues, especially of the kind where privileged data may be stolen by steganographic, data manipulation or any form of exfiltration attempts. Such attempts may be made by rogue users or admins from the inside of a network, or from outside hackers who are able to intrude into the network and impersonate themselves as legitimate users. The system and methods use a triangulation process whereby analytical results pertaining to data protocol, user-behavior and packet content are combined to establish a baseline for the data. Subsequent incoming data is then scored and compared against the baseline to detect any security anomalies. A set of metadata layers related to the analysis are also maintained. The techniques are also applicable for detecting performance issues indicative of a system malfunction or deterioration.

Abstract: Data surveillance techniques are presented for the detection of security issues, especially of the kind where privileged data may be stolen by steganographic, data manipulation or any form of exfiltration attempts. Such attempts may be made by rogue users or admins from the inside of a network, or from outside hackers who are able to intrude into the network and impersonate themselves as legitimate users. The system and methods use a triangulation process whereby analytical results pertaining to data protocol, user-behavior and packet content are combined to establish a baseline for the data. Subsequent incoming data is then scored and compared against the baseline to detect any security anomalies. The techniques are also applicable for detecting performance issues indicative of a system malfunction or deterioration.