Abstract: Systems, methods and computer-readable media for detecting a mobile device and identifying a user of the device are provided. A wireless signature or other unique identifier of a device may be detected. User information for the device may be obtained from a secondary source independent of the mobile device. Once a user is identified, user information may be retrieved and the user identity and user information may be associated with a mobile device. When the mobile device is then detected at a later time (e.g., after the information has been associated with the device), one or more offers may be generated based on the associated information and/or the location of the device at the time it is detected.

Abstract: Embodiments of the invention relate to systems, methods, and computer program products that provide for an employee security risk score. The security risk score is presented as an extensible composite vector that supports an arbitrary number of risk categories. The risk categories can be aggregated at any level in the business hierarchy or according to any employee parameter. The simplistic, highly normalized approach to employee security risk scoring reduces redundancies and dependencies and provides for real-time updates, As such, the employee security risk scoring system provides for easily identifiable recognition of employees who pose security threats and for a means to track and monitor security risks posed by the employee based on their security risk score.

Abstract: Methods, systems, and computer-readable media for enhancing information security using an information passport dashboard are presented. In one or more embodiments, a computing platform may receive, from a user computing device, a request for an information passport dashboard. Subsequently, the computing platform may load a listing of available dashboard content items from an information passport database. Then, the computing platform may select content items from the listing of available dashboard content items to promote one or more content items to the user of the user computing device based on user preferences information and further based on aggregate usage information. Thereafter, the computing platform may generate an information passport dashboard interface that includes information identifying the content items selected from the listing of available dashboard content items for the user of the user computing device.

Abstract: A computer system enables a business to reduce risks from phishing electronic messages. One or more original web links embedded in the electronic message may be replaced with a replacement web link. If the determined risk score for the original webpage is large enough webpage and the user clicks on the embedded web link, a user is directed to an intermediate webpage rather than to the original webpage. The intermediate webpage may provide details about the original webpage so that the user can make an informed choice whether to proceed to the original website. For example, the intermediate webpage may provide pertinent information to a user such as the actual domain of the remote site, the country the site is hosted in, how long the site has been online, and a rendered screen capture of the remote website, and/or a confidence score.

Abstract: Systems and methods are disclosed for responding to security events in real time. The disclosed systems and methods utilize the vast amount of risk and asset knowledge collected in a security data warehouse and aggregated in a security information manager, without the expense and latency associated with performing such calculations in real time. The disclosed systems and methods, thereby, significantly extend the time intervals feasible for temporal analysis.

Abstract: A computer system enables a business to reduce risks from phishing electronic messages. One or more original web links embedded in the electronic message may be replaced with a replacement web link. If the determined risk score for the original webpage is large enough webpage and the user clicks on the embedded web link, a user is directed to an intermediate webpage rather than to the original webpage. The intermediate webpage may provide details about the original webpage so that the user can make an informed choice whether to proceed to the original website. For example, the intermediate webpage may provide pertinent information to a user such as the actual domain of the remote site, the country the site is hosted in, how long the site has been online, and a rendered screen capture of the remote website, and/or a confidence score.

Abstract: Methods, systems, and computer-readable media for enhancing information security using an information passport dashboard are presented. In one or more embodiments, a computing platform may receive, from a user computing device, a request for an information passport dashboard. Subsequently, the computing platform may load a listing of available dashboard content items from an information passport database. Then, the computing platform may select content items from the listing of available dashboard content items to promote one or more content items to the user of the user computing device based on user preferences information and further based on aggregate usage information. Thereafter, the computing platform may generate an information passport dashboard interface that includes information identifying the content items selected from the listing of available dashboard content items for the user of the user computing device.

Abstract: Aspects of this disclosure relate to an identity level generating computer which may include a processor and memory storing computer executable instructions that, when executed, cause the computer to generate identity levels for users of a business. Generating identity levels for users of a business may include electronically receiving user data regarding at least one of: an identity of the user, a behavior of the user, a propensity of a user and a risk associated with the user's identity and determining one or more individual characteristic levels based on the electronically received information. Determining the one or more individual characteristic levels may include comparing the customer data regarding the at least one of the identity of the user, the behavior of the user, the propensity of the user and the risk associated with the user's identity with a list predetermined criteria and calculating an identity level based on the comparison of the user data with the list predetermined criteria.

Abstract: A computer system enables a business to reduce risks from phishing electronic messages. One or more original web links embedded in the electronic message may be replaced with a replacement web link. If the determined risk score for the original webpage is large enough webpage and the user clicks on the embedded web link, a user is directed to an intermediate webpage rather than to the original webpage. The intermediate webpage may provide details about the original webpage so that the user can make an informed choice whether to proceed to the original website. For example, the intermediate webpage may provide pertinent information to a user such as the actual domain of the remote site, the country the site is hosted in, how long the site has been online, and a rendered screen capture of the remote website, and/or a confidence score.

Abstract: Methods, systems, computer-readable media, and apparatuses for providing dynamic incident response using advanced analytics are presented. In some embodiments, a computing device may determine that an incident has occurred. The computing device then may load a predefined response template that includes parameters for responding to the incident. Subsequently, the computing device may utilize a big data platform to identify one or more potential responders for the incident based on the predefined response template. In some additional embodiments, the computing device also may contact the identified potential responders and subsequently monitor communications by the identified potential responders that are responsive to the contact. The computing device may also update historical interaction data based on the monitoring, and this historical interaction data may be used to subsequently determine the likelihood that at least one potential responder will respond to a future incident.

Abstract: Methods, systems, and computer-readable media for implementing a cleansing farm are presented. A cleansing farm may comprise of a computing device that filters customer requests directed to an organization before they are routed internal to the organization. A cleansing farm may receive customer requests and filter the requests based on a set of filtering rules. The cleansing farm may inspect the customer request in order to determine whether it should be filtered. In an example where the organization is a financial institution, the customer request may include confidential customer information. Accordingly, in this example, the cleansing farm may be administered by an entity that is permitted to access the confidential customer information. A visualization tool may be used to visualize a plurality of customer requests at a cleansing farm and to generate rules for filtering customer requests at a cleansing farm.

Abstract: Systems, methods and computer-readable media for detecting a mobile device and identifying a user of the device are provided. A wireless signature or other unique identifier of a device may be detected. User information for the device may be obtained from a secondary source independent of the mobile device. Once a user is identified, user information may be retrieved and the user identity and user information may be associated with a mobile device. When the mobile device is then detected at a later time (e.g., after the information has been associated with the device), one or more offers may be generated based on the associated information and/or the location of the device at the time it is detected.

Abstract: Systems and methods are disclosed for responding to security events in real time. The disclosed systems and methods utilize the vast amount of risk and asset knowledge collected in a security data warehouse and aggregated in a security information manager, without the expense and latency associated with performing such calculations in real time. The disclosed systems and methods, thereby, significantly extend the time intervals feasible for temporal analysis.

Abstract: A computer system enables a business to reduce risks from phishing electronic messages. One or more original web links embedded in the electronic message may be replaced with a replacement web link. If the determined risk score for the original webpage is large enough webpage and the user clicks on the embedded web link, a user is directed to an intermediate webpage rather than to the original webpage. The intermediate webpage may provide details about the original webpage so that the user can make an informed choice whether to proceed to the original website. For example, the intermediate webpage may provide pertinent information to a user such as the actual domain of the remote site, the country the site is hosted in, how long the site has been online, and a rendered screen capture of the remote website, and/or a confidence score.

Abstract: Methods, systems, computer-readable media, and apparatuses for providing dynamic incident response using advanced analytics are presented. In some embodiments, a computing device may determine that an incident has occurred. The computing device then may load a predefined response template that includes parameters for responding to the incident. Subsequently, the computing device may utilize a big data platform to identify one or more potential responders for the incident based on the predefined response template. In some additional embodiments, the computing device also may contact the identified potential responders and subsequently monitor communications by the identified potential responders that are responsive to the contact. The computing device may also update historical interaction data based on the monitoring, and this historical interaction data may be used to subsequently determine the likelihood that at least one potential responder will respond to a future incident.

Abstract: Embodiments of the invention relate to systems, methods, and computer program products for login initiated remote scanning of computer devices. The present invention detects login to the network via access management systems. The login data provides information that identifies the device so that the device can be checked against a scan database to determine if and when a previous scan occurred. Based on the findings in the scan database determinations are made as to whether to perform a scan. Additionally, the level of scanning can be determined based on previous scan dates and previous scan results, which may dictate customized scanning. In addition, the priority of the impending scan may be dictated by previous scan dates and results. Further embodiments provide for assessing risk, such as risk scoring or the like, concurrently or in near-real-time with the completion of the scan so that alerts may be communicated.

Abstract: Embodiments of the invention relate to systems, methods, and computer program products for login initiated remote scanning of computer devices. The present invention detects login to the network via access management systems. The login data provides information that identifies the device so that the device can be checked against a scan database to determine if and when a previous scan occurred. Based on the findings in the scan database determinations are made as to whether to perform a scan. Additionally, the level of scanning can be determined based on previous scan dates and previous scan results, which may dictate customized scanning. In addition, the priority of the impending scan may be dictated by previous scan dates and results. Further embodiments provide for assessing risk, such as risk scoring or the like, concurrently or in near-real-time with the completion of the scan so that alerts may be communicated.

Abstract: Embodiments of the invention relate to systems, methods, and computer program products for login initiated remote scanning of computer devices. The present invention detects login to the network via access management systems. The login data provides information that identifies the device so that the device can be checked against a scan database to determine if and when a previous scan occurred. Based on the findings in the scan database determinations are made as to whether to perform a scan. Additionally, the level of scanning can be determined based on previous scan dates and previous scan results, which may dictate customized scanning In addition, the priority of the impending scan may be dictated by previous scan dates and results. Further embodiments provide for assessing risk, such as risk scoring or the like, concurrently or in near-real-time with the completion of the scan so that alerts may be communicated.

Abstract: Embodiments of the invention relate to systems, methods, and computer program products that provide for an employee security risk score. The security risk score is presented as an extensible composite vector that supports an arbitrary number of risk categories. The risk categories can be aggregated at any level in the business hierarchy or according to any employee parameter. The simplistic, highly normalized approach to employee security risk scoring reduces redundancies and dependencies and provides for real-time updates, As such, the employee security risk scoring system provides for easily identifiable recognition of employees who pose security threats and for a means to track and monitor security risks posed by the employee based on their security risk score.

Abstract: Aspects of this disclosure relate to an identity level generating computer which may include a processor and memory storing computer executable instructions that, when executed, cause the computer to perform a method for generating identity levels for customers of a business. The method for generating identity levels for customers of a business may include electronically receiving customer data regarding at least one of: an identity of the customer, a behavior of the customer, a propensity of a customer and a risk associated with the customer's identity and determining one or more individual characteristic levels based on the electronically received information.