Abstract: Particular embodiments described herein provide for an electronic device that can be configured to allow for the mitigation of ransomware. For example, the system can determine that an application begins to execute, determine that the application attempts to modify a file, determine a file type for the file, and create a security event if the application is not authorized to modify the file type. In another example, the system determines an entropy value between the file and the attempted modification of the file, and create a security event if the entropy value satisfies a threshold or determine a system entropy value that includes a rate at which other files on the system are being modified by the application, and create a security event if the system entropy value satisfies a threshold.

Abstract: Methods, apparatus, systems, and articles of manufacture to provide and monitor efficacy of artificial intelligence models are disclosed. An example apparatus includes a model trainer to train an artificial intelligence (AI) model to classify malware using first training data; an interface to deploy the AI model to a processing device; a model implementor to locally apply second training data to the AI model to generate output classifications, the second training data generated after generation of the first training data; and a report generator to generate a report including an efficacy of the AI model based on the output classifications.

Abstract: Pairing of an external device using a random user action is disclosed herein. An example method includes restricting the external device from accessing a resource. A user input receivable from the external device is identified based on a type of the external device, the user input not included in a list of previously generated user actions. In response to receipt of the user input from the external device within a threshold time period, the external device is authorized to access the resource.

Abstract: A computing apparatus includes a hardware platform having a processor circuit and a memory; a network interface; and instructions encoded within the memory to instruct the processor circuit to: extract data from an object under analysis; compute a partial match value according to a partial match algorithm of the extracted data; send the partial match value to a remote service via the network interface; receive from the remote service, via the network interface, a list of candidate signatures that correspond to the partial match value, wherein the candidate signatures are a superset of true matches to the object under analysis; compare the object under analysis to the candidate signatures; and if the compare identifies one or more matching signature, classify the object under analysis as belonging to a same class as at least one second object that is a source of a matching signature.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to identify and report cloud-based security vulnerabilities. An example apparatus includes memory, instructions, and processor circuitry. The example processor circuitry is to execute the instructions to assess a first security vulnerability associated with an application programming interface (API) of a cloud compute network, the first security vulnerability corresponding to at least one call to the API that deviates from a baseline report, the baseline report based on at least one communication in the cloud compute network, and assess a second security vulnerability associated with identity and access management in the cloud compute network based on an entity in the cloud compute network permitted to access a service provided by the cloud compute network, the second security vulnerability corresponding to an unauthorized request to access at least one of a device of the cloud compute network or the service.

Abstract: There is disclosed in one example a computing apparatus, including: a processor and a memory; a uniform resource locator (URL) reputation store; a network interface; and instructions encoded within the memory to instruct the processor to: receive via the network interface a request for a reputation for a URL; query the URL reputation store and determine that the URL does not have a known reliable reputation; add the URL to a URL analysis queue; perform a rough analysis of the URL, and determine from the rough analysis that the URL potentially is for a phishing website; and move the URL ahead in the analysis queue.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to identify and report cloud-based security vulnerabilities. An apparatus comprising: a security vulnerability detector to, in response to a resource monitor monitoring a threshold amount of activity in a resource of a cloud computing environment, determine one or more security vulnerabilities associated with the resource and the cloud computing environment; a vulnerability processor to correlate the one or more security vulnerabilities with one or more kill chains to exploit at least one security vulnerability in the cloud computing environment; and a report generator to generate a report including a story graph indicating a subset of at least one of: (a) the one or more security vulnerabilities associated with the one or more kill chains, (b) one or more remediation actions to obviate the one or more security vulnerabilities, or (c) threat intelligence feeds associated with the one or more security vulnerabilities.

Abstract: Disclosed herein are distributed ledger systems and methods for efficiently creating and updating a query optimized distributed ledger. In particular, the present disclosure introduces methods and apparatuses for efficiently updating indexes when new blocks are added to the distributed ledger by using snapshots of data and appending new snapshot tables and indexes to previous snapshot tables and indexes.

Abstract: There is disclosed in one example a computing apparatus, including: a processor and a memory; a network interface to communicatively couple to a backup client; a storage to receive backup data from the client, including a plurality of versions and an associated reputation for each version, the associated reputation to indicate a probability that the version is valid; and instructions encoded within the memory to instruct the processor to: receive from the backup client a request to store a new version of the backup data; determine that the client has exceeded a backup threshold; identify a backup version having a lowest reputation for validity; and expunge the backup version having the lowest reputation for validity.

Abstract: Methods, apparatus, systems, and articles of manufacture to provide and monitor efficacy of artificial intelligence models are disclosed. An example apparatus includes a model trainer to train an artificial intelligence (AI) model to classify malware using first training data; an interface to deploy the AI model to a processing device; a model implementor to locally apply second training data to the AI model to generate output classifications, the second training data generated after generation of the first training data; and a report generator to generate a report including an efficacy of the AI model based on the output classifications.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform; and a storage medium having stored thereon executable instructions to provide an inference engine configured to: receive a new suspicious fragment object from a protected device; add the new suspicious fragment object to a rolling map configured to provide a temporal snapshot of suspicious fragment objects over a time span; determine a connection between the new suspicious fragment object and an existing suspicious fragment object within the rolling map; apply the connection to a connection map; and operate a map classifier to determine that the connection map represents a probable computer security threat.

Abstract: Particular embodiments described herein provide for a system that can be configured to communicate chat session data during a chat session to a first display of a first electronic device, communicate the chat session data during the chat session to a second display of a second electronic device, receive sensitive data during the chat session from the first electronic device, and protect the sensitive data from being displayed on the second display during the chat session without breaking continuity of the chat session.

Abstract: A collection of techniques is disclosed to allow for the detection of malware that leverages pattern recognition and machine learning to effectively provide “content-less” malware detection, i.e., detecting a process as being an ‘anomaly’ not based on its particular content, but instead based on comparisons of its behavior to known (and characterized) ‘trusted’ application behaviors, i.e., the trusted applications' “phenotypes” and/or the phenotypes of known malware applications. By analyzing the patterns of normal behavior performed by trusted applications as well as malware applications, one can build a set of sophisticated, content-agnostic behavioral models (i.e.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identifying a digital certificate associated with data and assigning a reputation to the digital certificate, where the digital certificate is classified as trusted if the digital certificate is included in an entry in a whitelist and the digital certificate is classified as untrusted if the digital certificate is included in an entry in a blacklist.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to identify and report cloud-based security vulnerabilities. An apparatus comprising: a security vulnerability detector to, in response to a resource monitor monitoring a threshold amount of activity in a resource of a cloud computing environment, determine one or more security vulnerabilities associated with the resource and the cloud computing environment; a vulnerability processor to correlate the one or more security vulnerabilities with one or more kill chains to exploit at least one security vulnerability in the cloud computing environment; and a report generator to generate a report including a story graph indicating a subset of at least one of: (a) the one or more security vulnerabilities associated with the one or more kill chains, (b) one or more remediation actions to obviate the one or more security vulnerabilities, or (c) threat intelligence feeds associated with the one or more security vulnerabilities.

Abstract: There is disclosed in one example a computing apparatus, including: a processor and a memory; a uniform resource locator (URL) reputation store; a network interface; and instructions encoded within the memory to instruct the processor to: receive via the network interface a request for a reputation for a URL; query the URL reputation store and determine that the URL does not have a known reliable reputation; add the URL to a URL analysis queue; perform a rough analysis of the URL, and determine from the rough analysis that the URL potentially is for a phishing website; and move the URL ahead in the analysis queue.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to allow for the mitigation of ransomware. For example, the system can determine that an application begins to execute, determine that the application attempts to modify a file, determine a file type for the file, and create a security event if the application is not authorized to modify the file type. In another example, the system determines an entropy value between the file and the attempted modification of the file, and create a security event if the entropy value satisfies a threshold or determine a system entropy value that includes a rate at which other files on the system are being modified by the application, and create a security event if the system entropy value satisfies a threshold.

Abstract: Particular embodiments described herein provide for a system that can be configured to communicate chat session data during a chat session to a first display of a first electronic device, communicate the chat session data during the chat session to a second display of a second electronic device, receive sensitive data during the chat session from the first electronic device, and protect the sensitive data from being displayed on the second display during the chat session without breaking continuity of the chat session.

Abstract: Particular embodiments described herein provide for a system that can be configured to communicate chat session data during a chat session to a first display of a first electronic device, communicate the chat session data during the chat session to a second display of a second electronic device, receive sensitive data during the chat session from the first electronic device, and protect the sensitive data from being displayed on the second display during the chat session without breaking continuity of the chat session.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to allow for the mitigation of ransomware. For example, the system can determine that an application begins to execute, determine that the application attempts to modify a file, determine a file type for the file, and create a security event if the application is not authorized to modify the file type. In another example, the system determines an entropy value between the file and the attempted modification of the file, and create a security event if the entropy value satisfies a threshold or determine a system entropy value that includes a rate at which other files on the system are being modified by the application, and create a security event if the system entropy value satisfies a threshold.