Abstract: Disclosed herein is a system and method for identifying a spam email message. To identify a spam message a similarity measurement hash and a sender hash is generated for each email message. Two or more previously received email messages are compared with an incoming email message. The incoming email message is identified as a spam message when the similarity measurement hash between incoming message and one of the received messages matches and the corresponding sender hash does not match. The system may integrate with other email servers through a DNS to identify spam emails across different organizations and locations. The system and method may further apply rules to particular match to whitelist a potential spam email.

Abstract: A method for modifying a user session lifecycle is provided. The method may include verifying a user session on a cloud service provider is valid. The method may also include monitoring a plurality of user behaviors exhibited during the verified user session. The method may further include determining a plurality of session data within an identity provider should be updated based on the monitored plurality of user behaviors and a policy within a database. The method may also include modifying the determined plurality of session data.

Abstract: Embodiments can provide a method for accessing an endpoint, including: receiving, from a privileged user, a request for accessing the endpoint; providing, by a user behavior analytics device, a risk score with respect to the privileged user, wherein the risk score is calculated based on at least one action performed by the privileged user. If the risk score is lower than a first predefined value, providing access to the endpoint for the privileged user. If the risk score is higher than a second predefined value, denying the request for accessing the endpoint. If the risk score is between the first predefined value and the second predefined value, performing at least one of: providing, by a privileged identity management server, a multi-factor authentication against the privileged user; and rerouting the request for accessing the endpoint for approval.

Abstract: Disclosed herein is a system and method for identifying a spam email message. To identify a spam message a similarity measurement hash and a sender hash is generated for each email message. Two or more previously received email messages are compared with an incoming email message. The incoming email message is identified as a spam message when the similarity measurement hash between incoming message and one of the received messages matches and the corresponding sender hash does not match. The system may integrate with other email servers through a DNS to identify spam emails across different organizations and locations. The system and method may further apply rules to particular match to whitelist a potential spam email.

Abstract: Disclosed herein is a system and method for identifying a spam email message. To identify a spam message a similarity measurement hash and a sender hash is generated for each email message. Two or more previously received email messages are compared with an incoming email message. The incoming email message is identified as a spam message when the similarity measurement hash between incoming message and one of the received messages matches and the corresponding sender hash does not match. The system may integrate with other email servers through a DNS to identify spam emails across different organizations and locations. The system and method may further apply rules to particular match to whitelist a potential spam email.

Abstract: Embodiments can provide a method for accessing an endpoint, including: receiving, from a privileged user, a request for accessing the endpoint; providing, by a user behavior analytics device, a risk score with respect to the privileged user, wherein the risk score is calculated based on at least one action performed by the privileged user. If the risk score is lower than a first predefined value, providing access to the endpoint for the privileged user. If the risk score is higher than a second predefined value, denying the request for accessing the endpoint. If the risk score is between the first predefined value and the second predefined value, performing at least one of: providing, by a privileged identity management server, a multi-factor authentication against the privileged user; and rerouting the request for accessing the endpoint for approval.

Abstract: A method for modifying a user session lifecycle is provided. The method may include verifying a user session on a cloud service provider is valid. The method may also include monitoring a plurality of user behaviors exhibited during the verified user session. The method may further include determining a plurality of session data within an identity provider should be updated based on the monitored plurality of user behaviors and a policy within a database. The method may also include modifying the determined plurality of session data.

Abstract: A method for modifying a user session lifecycle is provided. The method may include verifying a user session on a cloud service provider is valid. The method may also include monitoring a plurality of user behaviors exhibited during the verified user session. The method may further include determining a plurality of session data within an identity provider should be updated based on the monitored plurality of user behaviors and a policy within a database. The method may also include modifying the determined plurality of session data.

Abstract: Assessment of threat risks associated with a given mobile device application (app) on a device type specific basis, so that the threat assessment is specific to a particular device type that is suitable for running the given app. The assessed device-type-specific risk is represented as device-type-specific risk metadata, which is associated as metadata with the given app. For example, the metadata may be stored along with the given app in a common repository that includes many apps. In some embodiments, the device-type-specific risk metadata is generated and stored comprehensively for all apps and device types used in an enterprise. The device-type-specific risk assessment, and corresponding device-type-specific risk metadata, may be based upon run time behavior of the given app on a given device type.

Abstract: A mechanism is provided for sending a password to a terminal. A password send request is received. The status of each of a plurality of terminals coupled to the information processing device via a network is acquired. On the basis of the acquired statuses, at least one item is selected from a group comprising the terminal serving as a destination for the password, the communication method with the terminal, or the method for inputting the password in the terminal. The password is then sent to the selected terminal via a network.

Abstract: A request for a first resource by a user is received. In response to receiving the request for a first resource, a second resource is determined based on the first resource and a resource usage pattern of the user. A response to the request for the first resource is provided. The response includes the first resource and the second resource.

Abstract: Embodiments describing an approach to receiving user data, and monitoring a user data transaction. Monitoring a user data transaction. Identifying a plurality of attribute elements associated with the user data and the user data transaction. Creating benchmark data based on one or more identified attributes and user data gathered from a user data transaction, and storing, by the one or more processors, benchmark data.

Abstract: Embodiments describing an approach to receiving user data, and monitoring a user data transaction. Monitoring a user data transaction. Identifying a plurality of attribute elements associated with the user data and the user data transaction. Creating benchmark data based on one or more identified attributes and user data gathered from a user data transaction, and storing, by the one or more processors, benchmark data.

Abstract: A mechanism is provided for authenticating a second terminal based on information sensed by a first terminal. Responsive to receiving an authentication request, a first output request is sent to a second terminal instructing the second terminal to generate information able to be sensed by a sensor in a first terminal. An authentication of the authentication request is performed based on a condition that the sensor in the first terminal has sensed the information generated by the second terminal.

Abstract: A policy enforcement point includes fraud prevention information associated with devices and/or users which is collected from: (i) many cloud fraud services located in the cloud; and/or (ii) authorization processing of users and/or devices. The policy enforcement point is consulted when a user/device undergoes authorization processing for a transaction with an application (for example, an application that serves protected content such as financial records, email, etc.). Fraud prevention information is added to session data, associated with the attempted authorization to the application, for the user/device as the user/device proceeds its attempted authorization to the application. In some cases, the authorization to the application may be refused based on the data added to the session data by the policy enforcement point or the policy enforcement point will propagate fraud prevention information to the application to make the decision.

Abstract: A policy enforcement point includes fraud prevention information associated with devices and/or users which is collected from: (i) many cloud fraud services located in the cloud; and/or (ii) authorization processing of users and/or devices. The policy enforcement point is consulted when a user/device undergoes authorization processing for a transaction with an application (for example, an application that serves protected content such as financial records, email, etc.). Fraud prevention information is added to session data, associated with the attempted authorization to the application, for the user/device as the user/device proceeds its attempted authorization to the application. In some cases, the authorization to the application may be refused based on the data added to the session data by the policy enforcement point or the policy enforcement point will propagate fraud prevention information to the application to make the decision.

Abstract: A first user request may be received to access a particular resource. A first authentication credential from a first client device may be received based on a first authentication challenge being issued to a user of the first client device. A second client device of the user may be notified to prompt the user to provide a second authentication credential to complete at least a second authentication challenge. The access to the particular resource may require at least successfully completing the first authentication challenge on the first client device and the second authentication challenge on the second client device.

Abstract: Monitoring across multiple-channels, used by multiple devices, to determine which email messages being sent to a user are solicited by the user. A broad spectrum of network and telephony access records are analyzed to determine whether an email message is likely being sent as a result of legitimate services access by the user.

Abstract: A management component of a computing system evaluates end-users, end-user devices, and user accounts for access to provisioned-resources of the computing system. The management component utilizes device compliance attributes to form a device risk vector associated with an end-user device. The management component further utilizes resource compliance attributes to form a resource risk vector associated with a provisioned-resource. The management component forms a policy vector utilizing compliance attributes included in a compliance policy. The management component compares the device and resource risk vectors to the policy vector to determine a threat vector, and uses the threat vector to evaluate the end-users, end-user devices, and user accounts for risk of security breach, damage to, and/or loss of components of the computing system.

Abstract: Embodiments describing an approach to receiving user data, and monitoring a user data transaction. Monitoring a user data transaction. Identifying a plurality of attribute elements associated with the user data and the user data transaction. Creating benchmark data based on one or more identified attributes and user data gathered from a user data transaction, and storing, by the one or more processors, benchmark data.