Abstract: A computer security system provides for auto-populating process-connection whitelists using process wildcarding and connection wildcarding. Process wildcarding involves grouping process-connection requests together in a process* group without regard to the presence of distinct process arguments; in contrast, some process-connection requests may be separated both by process and by argument into process?argument groups. The process-connection requests may then be analyzed on a group-by-group basis to determine which processes can be mapped to wildcarded connection in a respective process-connection whitelist.

Abstract: A security system for a customer computer site includes a cloud-based manager (CBM) and on-site components. The on-site components include a manager appliance, guest agents of the CBM installed within respective virtual machines, and host agents of the CBM installed on hypervisors on which the virtual machines. The guest agents have a many-to-one relationship with the host agents, which have a many-to-one relationship with the appliance. In a scenario, many guest agents may generate alarms and send them to the host agents. Each host agent consolidates alarms across the different virtual machines it hosts and pushes the consolidated alarms to the manager appliance. The appliance batch processes the consolidated alarms across host agents, and pushes the batched alarms to the CBM, which deduplicates the alarms and notifies an administrator.

Abstract: A security system for a distributed application obtains and, in effect, preserves provisioning information for the purpose of auto-populating whitelists used to protect the distributed application from intrusions. The provisioning information identifies allowable connections on a software-package level. Entries mapping processes to connection destinations are added to a whitelist if a process requesting a connection results from execution of an executable file installed as part of a software package for which the connection was allowed according to the provisioning information.

Abstract: A security system for a distributed application obtains and, in effect, preserves provisioning information for the purpose of auto-populating whitelists used to protect the distributed application from intrusions. The provisioning information identifies allowable connections on a software-package level. Entries mapping processes to connection destinations are added to a whitelist if a process requesting a connection results from execution of an executable file installed as part of a software package for which the connection was allowed according to the provisioning information.

Abstract: A computer security system provides for auto-populating process-connection whitelists using process wildcarding and connection wildcarding. Process wildcarding involves grouping process-connection requests together in a process* group without regard to the presence of distinct process arguments; in contrast, some process-connection requests may be separated both by process and by argument into process argument groups. The process-connection requests may then be analyzed on a group-by-group basis to determine which processes can be mapped to wildcarded connection in a respective process-connection whitelist.

Abstract: A security system for a customer computer site includes a cloud-based manager (CBM) and on-site components. The on-site components include a manager appliance, guest agents of the CBM installed within respective virtual machines, and host agents of the CBM installed on hypervisors on which the virtual machines. The guest agents have a many-to-one relationship with the host agents, which have a many-to-one relationship with the appliance. In a scenario, many guest agents may generate alarms and send them to the host agents. Each host agent consolidates alarms across the different virtual machines it hosts and pushes the consolidated alarms to the manager appliance. The appliance batch processes the consolidated alarms across host agents, and pushes the batched alarms to the CBM, which deduplicates the alarms and notifies an administrator.

Abstract: There is disclosed a method for use in authenticating a user. The method comprises obtaining a biometric input comprising a plurality of biometric attributes distinct to a user. Additionally, the method comprises selecting at least one biometric attribute in the obtained biometric input as a currently active biometric attribute. Furthermore, the method comprises based on the at least one selected currently active biometric attribute, creating a currently active biometric profile for the user for facilitating the authentication of the user.

Abstract: There is disclosed a method for use in authenticating a user. The method comprises obtaining, by an electronic apparatus, a biometric input from a user comprising a plurality of biometric attributes distinct to the user, wherein the biometric attributes comprise at least one currently active and at least one currently inactive biometric attribute for authentication at an authentication server. Additionally, the method comprises selecting, by the electronic apparatus, the at least one currently active biometric attribute for authenticating the user. Furthermore, the method comprises outputting, by the electronic apparatus, an authentication output including at least one biometric factor based on the at least one selected currently active biometric attribute, wherein the authentication output acts as an authentication input to a user authentication operation performed by the authentication server.

Abstract: A method is used in authenticating a mobile device user. An authentication invocation from a mobile device for access to computer resource is activated. Device unique identifiers and device forensic information are collected. The device unique identifiers and the device unique identifiers are forwarded to a gateway. An OTP is resolved into a unique device identifier using an authentication server. The device identifier is adaptively authenticated using multiple authentication factors.

Abstract: Event-based biometric authentication is provided using a mobile device of a user. A user attempting to access a protected resource is authenticated by receiving a request to access the protected resource; collecting biometric information from the user in response to the request using a mobile device of the user; performing biometric authentication of the user using the collected biometric information; and granting access to the protected resource based on the biometric authentication. The authentication optionally comprises an event-based authentication. The mobile device does not have to contain token generating material.