Abstract: In an aspect of the invention, the method includes one or more processors identifying events in the target environment that are associated with an indication of a security attack on the target environment. The method further includes composing rules based on the events and relating to an entity identifier that is fixed over a period of time in relation to an entity in the target environment. The method further includes weighting the rules according to a probability that the rule positively identifies a security attack. The method further correlating outputs of multiple activated rules relating to an entity identifier that are activated over time in response to events occurring in the target environment. The method further includes aggregating weightings from the multiple activated rules. The method further includes determining a score for an entity relating to the entity identifier based on the aggregated weightings.

Abstract: A method for modifying a user session lifecycle is provided. The method may include verifying a user session on a cloud service provider is valid. The method may also include monitoring a plurality of user behaviors exhibited during the verified user session. The method may further include determining a plurality of session data within an identity provider should be updated based on the monitored plurality of user behaviors and a policy within a database. The method may also include modifying the determined plurality of session data.

Abstract: In an aspect of the invention, the method includes one or more processors identifying events in the target environment that are associated with an indication of a security attack on the target environment. The method further includes composing rules based on the events and relating to an entity identifier that is fixed over a period of time in relation to an entity in the target environment. The method further includes weighting the rules according to a probability that the rule positively identifies a security attack. The method further correlating outputs of multiple activated rules relating to an entity identifier that are activated over time in response to events occurring in the target environment. The method further includes aggregating weightings from the multiple activated rules. The method further includes determining a score for an entity relating to the entity identifier based on the aggregated weightings.

Abstract: A computer-implemented method includes receiving a request to authenticate a user to remotely access a secure device and establishing, in response to the user being granted remote access to the secure device, a remote user session for the user. The computer-implemented method further includes identifying a plurality of actions performed during the remote user session. The computer-implemented method further includes comparing a first combination of actions in the plurality of actions to a plurality of policies for malicious intent. The computer-implemented method further includes determining a level of risk for malicious intent for the first combination of actions. The computer-implemented method further includes generating, in response to the level of risk of the first combination of actions exceeding a given threshold level, one or more preventive actions. A corresponding computer system and computer program product are also disclosed.

Abstract: Aspects of the present invention disclose a method, computer program product, and system for determining whether an endpoint meets compliance standards. The method includes one or more processors receiving an endpoint certificate associated with an endpoint device that is requesting to access a resource, wherein the endpoint certificate includes a device fingerprint. The method further includes one or more processors determining compliance level of the endpoint device. The method further includes one or more processors validating credentials of the endpoint device. The method further includes one or more processors determining whether the endpoint device meets compliance standards based on the endpoint certificate, the determined compliance level, and the credentials of the endpoint device.

Abstract: A method for modifying a user session lifecycle is provided. The method may include verifying a user session on a cloud service provider is valid. The method may also include monitoring a plurality of user behaviors exhibited during the verified user session. The method may further include determining a plurality of session data within an identity provider should be updated based on the monitored plurality of user behaviors and a policy within a database. The method may also include modifying the determined plurality of session data.

Abstract: Protecting application passwords using a secure proxy. A request is received by a proxy from a client to access a protected resource located on a target server. A secure session is initiated between the proxy and client. The access request is forwarded by the proxy to the target. A response is received from the target that is a credential form. The proxy server injects into each required credential field a credential field tag and is sent to the client computer. Target credentials mapped by the credential field tags are retrieved by the proxy server from a protected datastore. The form is completed and sent to the target. If the credentials are invalid, the target credentials are updated and stored in the protected data store without client computer intervention, and sent by the proxy server to the target. The client computer is then allowed to access the protected resource.

Abstract: A method for modifying a user session lifecycle is provided. The method may include verifying a user session on a cloud service provider is valid. The method may also include monitoring a plurality of user behaviors exhibited during the verified user session. The method may further include determining a plurality of session data within an identity provider should be updated based on the monitored plurality of user behaviors and a policy within a database. The method may also include modifying the determined plurality of session data.

Abstract: A computer-implemented method includes receiving a request to authenticate a user to remotely access a secure device and establishing, in response to the user being granted remote access to the secure device, a remote user session for the user. The computer-implemented method further includes identifying a plurality of actions performed during the remote user session. The computer-implemented method further includes comparing a first combination of actions in the plurality of actions to a plurality of policies for malicious intent. The computer-implemented method further includes determining a level of risk for malicious intent for the first combination of actions. The computer-implemented method further includes generating, in response to the level of risk of the first combination of actions exceeding a given threshold level, one or more preventive actions. A corresponding computer system and computer program product are also disclosed.

Abstract: Aspects of the present invention disclose a method, computer program product, and system for determining whether an endpoint meets compliance standards. The method includes one or more processors receiving an endpoint certificate associated with an endpoint device that is requesting to access a resource, wherein the endpoint certificate includes a device fingerprint. The method further includes one or more processors determining compliance level of the endpoint device. The method further includes one or more processors validating credentials of the endpoint device. The method further includes one or more processors determining whether the endpoint device meets compliance standards based on the endpoint certificate, the determined compliance level, and the credentials of the endpoint device.

Abstract: Embodiments describing an approach to receiving user data, and monitoring a user data transaction. Monitoring a user data transaction. Identifying a plurality of attribute elements associated with the user data and the user data transaction. Creating benchmark data based on one or more identified attributes and user data gathered from a user data transaction, and storing, by the one or more processors, benchmark data.

Abstract: Protecting application passwords using a secure proxy. A request is received by a proxy from a client to access a protected resource located on a target server. A secure session is initiated between the proxy and client. The access request is forwarded by the proxy to the target. A response is received from the target that is a credential form. The proxy server injects into each required credential field a credential field tag and is sent to the client computer. Target credentials mapped by the credential field tags are retrieved by the proxy server from a protected datastore. The form is completed and sent to the target. If the credentials are invalid, the target credentials are updated and stored in the protected data store without client computer intervention, and sent by the proxy server to the target. The client computer is then allowed to access the protected resource.

Abstract: Embodiments describing an approach to receiving user data, and monitoring a user data transaction. Monitoring a user data transaction. Identifying a plurality of attribute elements associated with the user data and the user data transaction. Creating benchmark data based on one or more identified attributes and user data gathered from a user data transaction, and storing, by the one or more processors, benchmark data.

Abstract: Embodiments describing an approach to receiving user data, and monitoring a user data transaction. Monitoring a user data transaction. Identifying a plurality of attribute elements associated with the user data and the user data transaction. Creating benchmark data based on one or more identified attributes and user data gathered from a user data transaction, and storing, by the one or more processors, benchmark data.

Abstract: Protecting application passwords using a secure proxy. A request is received by a proxy from a client to access a protected resource located on a target server. A secure session is initiated between the proxy and client. The access request is forwarded by the proxy to the target. A response is received from the target that is a credential form. The proxy server injects into each required credential field a credential field tag and is sent to the client computer. Target credentials mapped by the credential field tags are retrieved by the proxy server from a protected datastore. The form is completed and sent to the target. If the credentials are invalid, the target credentials are updated and stored in the protected data store without client computer intervention, and sent by the proxy server to the target. The client computer is then allowed to access the protected resource.

Abstract: Protecting application passwords using a secure proxy. A request is received by a proxy from a client to access a protected resource located on a target server. A secure session is initiated between the proxy and client. The access request is forwarded by the proxy to the target. A response is received from the target that is a credential form. The proxy server injects into each required credential field a credential field tag and is sent to the client computer. Target credentials mapped by the credential field tags are retrieved by the proxy server from a protected datastore. The form is completed and sent to the target. If the credentials are invalid, the target credentials are updated and stored in the protected data store without client computer intervention, and sent by the proxy server to the target. The client computer is then allowed to access the protected resource.

Abstract: Protecting application passwords using a secure proxy. A request is received by a proxy from a client to access a protected resource located on a target server. A secure session is initiated between the proxy and client. The access request is forwarded by the proxy to the target. A response is received from the target that is a credential form. The proxy server injects into each required credential field a credential field tag and is sent to the client computer. Target credentials mapped by the credential field tags are retrieved by the proxy server from a protected datastore. The form is completed and sent to the target. If the credentials are invalid, the target credentials are updated and stored in the protected data store without client computer intervention, and sent by the proxy server to the target. The client computer is then allowed to access the protected resource.

Abstract: A computer-implemented method, computer program product, and system for tagging and replacing tagged credentials with target credentials unknown to a client. The method includes; receiving an access request from a client to access a protected resource on a target server, injecting credential field tags into a credential form used to access the protected resource, auto-submitting the credential form on the client computer, replace tagged credentials with target credentials, submitting the target credentials to the target server, and updating the target credentials if the target credentials are invalid or expired without intervention by the client.

Abstract: A method for modifying a user session lifecycle is provided. The method may include verifying a user session on a cloud service provider is valid. The method may also include monitoring a plurality of user behaviors exhibited during the verified user session. The method may further include determining a plurality of session data within an identity provider should be updated based on the monitored plurality of user behaviors and a policy within a database. The method may also include modifying the determined plurality of session data.

Abstract: Protecting application passwords using a secure proxy. A request is received by a proxy from a client to access a protected resource located on a target server. A secure session is initiated between the proxy and client. The access request is forwarded by the proxy to the target. A response is received from the target that is a credential form. The proxy server injects into each required credential field a credential field tag and is sent to the client computer. Target credentials mapped by the credential field tags are retrieved by the proxy server from a protected datastore. The form is completed and sent to the target. If the credentials are invalid, the target credentials are updated and stored in the protected data store without client computer intervention, and sent by the proxy server to the target. The client computer is then allowed to access the protected resource.