Abstract: A device that is configured to receive user activity information that includes information about user interactions with a network device for a plurality of users. The device is further configured to input the user activity information into a first machine learning model that is configured to receive user activity information and to output a set of bad actor candidates based on the user activity information. The device is further configured to filter the user activity information based on the set of bad actor candidates. The device is further configured to input the filtered user activity information into a second machine learning model that is configured to receive the filtered user activity information and to output system exposure information that identifies network security threats. The device is further configured to identify network security actions based on the network security threats and to execute the network security actions.

Abstract: A system is configured for associating a CVE with a particular device profile is disclosed. The system receives a request from a user to associate a CVE with a particular device profile. For each device profile from a plurality of device profiles stored in a memory, the system determines feature importance values for features of each device profile. The features of each device profile include at least an operating system and a CPU architecture. The feature importance value of a corresponding feature of a device profile associated with a CVE indicates a probability of the CVE to affect the device profile with respect to that feature. The system identifies a device profile that has features with a total feature importance value above a feature importance threshold value. The system identifies a particular CVE associated with the identified device profile. The system associates the particular CVE with the particular device profile.

Abstract: A device that is configured to receive user activity information from a network device. The user activity information includes information about user interactions with the network device for a plurality of users. The device is further configured to input the user activity information into a machine learning model. The machine learning model is configured to receive user activity information and to output a set of bad actor candidates based on the user activity information. The set of bad actor candidates identifies one or more users from among the plurality of users. The device is further configured to receive the set of bad actor candidates from the machine learning model and to output the set of bad actor candidates.

Abstract: A device that is configured to receive user activity information that includes information about user interactions with a network device for a plurality of users. The device is further configured to input the user activity information into a first machine learning model that is configured to receive user activity information and to output a set of bad actor candidates based on the user activity information. The device is further configured to filter the user activity information based on the set of bad actor candidates. The device is further configured to input the filtered user activity information into a second machine learning model that is configured to receive the filtered user activity information and to output system exposure information that identifies network security threats. The device is further configured to identify network security actions based on the network security threats and to execute the network security actions.

Abstract: A device that is configured to receive user activity information that includes information about user interactions with a network device for a plurality of users. The device is further configured to input the user activity information into a first machine learning model that is configured to receive user activity information and to output a set of bad actor candidates based on the user activity information. The device is further configured to filter the user activity information based on the set of bad actor candidates. The device is further configured to input the filtered user activity information into a second machine learning model that is configured to receive the filtered user activity information and to output system exposure information that identifies network security threats. The device is further configured to identify network security actions based on the network security threats and to execute the network security actions.

Abstract: A device that is configured to receive user activity information that includes information about user interactions with a network device for a plurality of users. The device is further configured to receive a set of bad actor candidates that identifies one or more users from among the plurality of users. The device is further configured to filter the user activity information based on the set of bad actor candidates. The device is further configured to input the filtered user activity information into a machine learning model. The machine learning model is configured to receive the filtered user activity information and to output system exposure information that identifies network security threats. The device is further configured to identify network security actions based on the network security threats and to execute the network security actions.

Abstract: A system for classifying a data item to communicate to authorized users extracts features from the data item, where the features comprise a responsibility feature and a sensitivity feature. The responsibility feature indicates a job responsibility associated with the data item. The sensitivity feature indicates a sensitivity level of the data item. The system determines, based on the responsibility feature, that the data item belongs to a particular responsibility class. The system determines, based on the sensitivity feature, that the data item belongs to a particular sensitivity class. The system determines whether a user to whom the data item is directed belongs to the particular responsibility class and sensitivity class to which the data item belongs. The system sends the data item to the user, if is it determined that the user belongs to the particular responsibility class and sensitivity class to which the data item belongs.

Abstract: A device that is configured to receive user activity information from a network device. The user activity information includes information about user interactions with the network device for a plurality of users. The device is further configured to input the user activity information into a machine learning model. The machine learning model is configured to receive user activity information and to output a set of bad actor candidates based on the user activity information. The set of bad actor candidates identifies one or more users from among the plurality of users. The device is further configured to receive the set of bad actor candidates from the machine learning model and to output the set of bad actor candidates.

Abstract: A device that is configured to receive user activity information that includes information about user interactions with a network device for a plurality of users. The device is further configured to receive a set of bad actor candidates that identifies one or more users from among the plurality of users. The device is further configured to filter the user activity information based on the set of bad actor candidates. The device is further configured to input the filtered user activity information into a machine learning model. The machine learning model is configured to receive the filtered user activity information and to output system exposure information that identifies network security threats. The device is further configured to identify network security actions based on the network security threats and to execute the network security actions.

Abstract: A device that is configured to receive user activity information that includes information about user interactions with a network device for a plurality of users. The device is further configured to input the user activity information into a first machine learning model that is configured to receive user activity information and to output a set of bad actor candidates based on the user activity information. The device is further configured to filter the user activity information based on the set of bad actor candidates. The device is further configured to input the filtered user activity information into a second machine learning model that is configured to receive the filtered user activity information and to output system exposure information that identifies network security threats. The device is further configured to identify network security actions based on the network security threats and to execute the network security actions.

Abstract: A system for classifying a data item to communicate to authorized users extracts features from the data item, where the features comprise a responsibility feature and a sensitivity feature. The responsibility feature indicates a job responsibility associated with the data item. The sensitivity feature indicates a sensitivity level of the data item. The system determines, based on the responsibility feature, that the data item belongs to a particular responsibility class. The system determines, based on the sensitivity feature, that the data item belongs to a particular sensitivity class. The system determines whether a user to whom the data item is directed belongs to the particular responsibility class and sensitivity class to which the data item belongs. The system sends the data item to the user, if is it determined that the user belongs to the particular responsibility class and sensitivity class to which the data item belongs.

Abstract: A system is configured for associating a CVE with a particular device profile is disclosed. The system receives a request from a user to associate a CVE with a particular device profile. For each device profile from a plurality of device profiles stored in a memory, the system determines feature importance values for features of each device profile. The features of each device profile include at least an operating system and a CPU architecture. The feature importance value of a corresponding feature of a device profile associated with a CVE indicates a probability of the CVE to affect the device profile with respect to that feature. The system identifies a device profile that has features with a total feature importance value above a feature importance threshold value. The system identifies a particular CVE associated with the identified device profile. The system associates the particular CVE with the particular device profile.