Abstract: Using physiological cues to measure data sensitivity and implement security on a user device. The method may include obtaining data associated with a first physiological state of a user engaged in a first activity on a user device, obtaining data associated with a second physiological state of the user engaged in a second activity on the user device, where the second activity is determined to be more sensitive to the user than the first activity, and where the second physiological state indicates the user's emotional response to the second activity, and implementing a security action on the user device based on the second physiological state of the user engaged in the second activity.

Abstract: The disclosed computer-implemented method for verifying connection integrity may include (i) receiving a request from a client to initiate a connection to a server via a middlebox, (ii) receiving, from the client, via a side protocol executing in parallel with a transport layer security protocol, a request for a certificate for the middlebox, (iii) sending, to the client, via the side protocol, the certificate, (iv) receiving, from the client, via the side protocol, a request for an additional certificate from a device upstream of the middlebox, (v) requesting, from the device upstream of the middlebox, via the side protocol, the additional certificate, (vi) receiving, from the device upstream of the middlebox, via the side protocol, the additional certificate, (vii) sending, to the client, via the side protocol, the additional certificate, and (viii) relaying data via the connection. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for providing event driven notifications are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for providing event driven notifications comprising monitoring an electronic media feed for an event associated with a specified criteria, identifying, using at least one computer processor, a plurality of events in the electronic media feed, filtering the plurality of events, identifying an event of the plurality of events matching a specified location, and providing a notification associated with the identified event.

Abstract: A computer-implemented method for managing access may include (1) identifying an attempt to perform, within a computing environment, an action that involves a specific entity, (2) determining that the attempted action is anomalous for the specific entity, (3) identifying a quota of allowed anomalous actions for the specific entity, (4) determining that the attempted action causes a count of anomalous actions to exceed the quota of allowed anomalous actions, and (5) performing a security action based on the determination that the attempted action causes the count of anomalous actions to exceed the quota of allowed anomalous actions. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for using event-correlation graphs to detect attacks on computing systems may include (1) detecting a suspicious event involving a first actor within a computing system, (2) constructing an event-correlation graph that includes a first node that represents the first actor, a second node that represents a second actor, and an edge that interconnects the first node and the second node and represents a suspicious event involving the first actor and the second actor, (3) calculating, based at least in part on the additional suspicious event, an attack score for the event-correlation graph, (4) determining that the attack score is greater than a predetermined threshold, and (5) determining, based at least in part on the attack score being greater than the predetermined threshold, that the suspicious event may be part of an attack on the computing system. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for neutralizing file-format-specific exploits contained within electronic communications may include (1) identifying an electronic communication, (2) identifying at least one file contained within the electronic communication, and then (3) neutralizing any file-format-specific exploits contained within the file. In one example, neutralizing any file-format-specific exploits contained within the file may include applying at least one file-format-conversion operation to the file. Additionally or alternatively, neutralizing any file-format-specific exploits contained within the file may include constructing a sterile version of the file that selectively omits at least a portion of any exploitable content contained within the file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for using event-correlation graphs to detect attacks on computing systems may include (1) detecting a suspicious event involving a first actor within a computing system, (2) constructing an event-correlation graph that includes a first node that represents the first actor, a second node that represents a second actor, and an edge that interconnects the first node and the second node and represents a suspicious event involving the first actor and the second actor, (3) calculating, based at least in part on the additional suspicious event, an attack score for the event-correlation graph, (4) determining that the attack score is greater than a predetermined threshold, and (5) determining, based at least in part on the attack score being greater than the predetermined threshold, that the suspicious event may be part of an attack on the computing system. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for enforcing data-loss-prevention policies using mobile sensors may include (1) detecting an attempt by a user to access sensitive data on a mobile computing device, (2) collecting, via at least one sensor of the mobile computing device, sensor data that indicates an environment in which the user is attempting to access the sensitive data, (3) determining, based at least in part on the sensor data, a privacy level of the environment, and (4) restricting, based at least in part on the privacy level of the environment, the attempt by the user to access the sensitive data according to a DLP policy. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computing device executing a data loss prevention (DLP) system tracks bait data on at least one of the computing device or a network. The DLP system identifies a potential security threat in response to detecting unscripted activity associated with the bait data. The DLP system performs an action in response to identifying the potential security threat.