Abstract: Attack continuations are detected by providing a central service configured to construct an execution graph based on activities monitored by a plurality of agents deployed on respective systems. A query initiated from a first one of the systems is identified by the central service, where the first system comprises a cloud-based instance and where the query comprises a request to a server for credentials associated with the cloud-based instance. An indication is received by the central service that the credentials were used to access a cloud-based service. A connection is formed between the first system and the cloud-based service in a global execution trail in the execution graph.

Abstract: Infrastructure attacks are identified by monitoring system level activities using software agents deployed on respective operating systems and constructing, based on the system level activities, an execution graph comprising a plurality of execution trails. A connection to a remote server executing on a first one of the operating systems is identified, where the connection is initiated by a remote execution function executing on a second one of the operating systems. A connection is formed between the first operating system and the second operating system in a global execution trail in the execution graph. A new process created on the first operating system is determined to be associated with a logon session resulting from the connection, and behavior exhibited from the logon session is attributed to the global execution trail in the execution graph.

Abstract: Infrastructure attacks involving lateral movement are identified by monitoring system level activities using software agents deployed on respective operating systems, and constructing, based on the system level activities, an execution graph comprising execution trails. A logon session between a remote connection client executing on a first operating system and a remote connection server executing on a second operating system is identified. Behavior exhibited from the logon session is attributed to a first global execution trail in the execution graph. A reconnection to the logon session between a remote connection client executing on a third operating system and the remote connection server is then identified, and, thereafter, behavior exhibited from the logon session is attributed to a second global execution trail in the execution graph.

Abstract: A novel enterprise security solution allows for precise interception and surgical response to attack progression, in real time, as it occurs across a distributed infrastructure. The solution includes a data monitoring and management framework that continually models system level host and network activities as mutually exclusive infrastructure wide execution sequences and bucketizes them into unique execution trails. A multimodal intelligent security middleware detects indicators of compromise in real-time on top of subsets of each unique execution trail using rule based behavioral analytics, machine learning based anomaly detection, and other sources. Each detection result dynamically contributes to aggregated risk scores at execution trail level granularities. These scores can be used to prioritize and identify highest risk attack trails to end users, along with steps that such end users can perform to mitigate further damage and progression of an attack.

Abstract: A novel enterprise security solution allows for precise interception and surgical response to attack progression, in real time, as it occurs across a distributed infrastructure. The solution includes a data monitoring and management framework that continually models system level host and network activities as mutually exclusive infrastructure wide execution sequences and bucketizes them into unique execution trails. A multimodal intelligent security middleware detects indicators of compromise in real-time on top of subsets of each unique execution trail using rule based behavioral analytics, machine learning based anomaly detection, and other sources. Each detection result dynamically contributes to aggregated risk scores at execution trail level granularities. These scores can be used to prioritize and identify highest risk attack trails to end users, along with steps that such end users can perform to mitigate further damage and progression of an attack.

Abstract: A novel enterprise security solution allows for precise interception and surgical response to attack progression, in real time, as it occurs across a distributed infrastructure. The solution includes a data monitoring and management framework that continually models system level host and network activities as mutually exclusive infrastructure wide execution sequences and bucketizes them into unique execution trails. A multimodal intelligent security middleware detects indicators of compromise in real-time on top of subsets of each unique execution trail using rule based behavioral analytics, machine learning based anomaly detection, and other sources. Each detection result dynamically contributes to aggregated risk scores at execution trail level granularities. These scores can be used to prioritize and identify highest risk attack trails to end users, along with steps that such end users can perform to mitigate further damage and progression of an attack.

Abstract: A novel enterprise security solution allows for precise interception and surgical response to attack progression, in real time, as it occurs across a distributed infrastructure. The solution includes a data monitoring and management framework that continually models system level host and network activities as mutually exclusive infrastructure wide execution sequences and bucketizes them into unique execution trails. A multimodal intelligent security middleware detects indicators of compromise in real-time on top of subsets of each unique execution trail using rule based behavioral analytics, machine learning based anomaly detection, and other sources. Each detection result dynamically contributes to aggregated risk scores at execution trail level granularities. These scores can be used to prioritize and identify highest risk attack trails to end users, along with steps that such end users can perform to mitigate further damage and progression of an attack.

Abstract: A novel enterprise security solution allows for precise interception and surgical response to attack progression, in real time, as it occurs across a distributed infrastructure. The solution includes a data monitoring and management framework that continually models system level host and network activities as mutually exclusive infrastructure wide execution sequences and bucketizes them into unique execution trails. A multimodal intelligent security middleware detects indicators of compromise in real-time on top of subsets of each unique execution trail using rule based behavioral analytics, machine learning based anomaly detection, and other sources. Each detection result dynamically contributes to aggregated risk scores at execution trail level granularities. These scores can be used to prioritize and identify highest risk attack trails to end users, along with steps that such end users can perform to mitigate further damage and progression of an attack.

Abstract: Embodiments are directed towards managing messages based on generated interest clusters. A message may be analyzed to determine one or more interest clusters associated with the message. The message may be automatically sent to members within the determined interest cluster(s), or if no members are in the interest cluster(s), to those identified in the sender's contact list. As recipients of the message respond to the message, the membership to the interest clusters may be revised. Responses used to revise the membership may include forwarding, reading, ignoring, or deleting the message. Subsequent revisions to the membership may be made based on responses to subsequent messages sent to the members of the interest cluster. Display of the message may be in a rank order based on a determined hop distance for the message. Third parties may use the interest cluster and/or sneezers to direct advertisements, or the like.

Abstract: Devices, systems, and methods are directed towards ranking of messages based on a hop distance a forwarded message travels through a social network. As a message is forwarded by a member of the social network the hop distance increases. As the message is forwarded, recipients and/or senders may view the hop distance in real-time. The hop distance may reflect a number of times the message is forwarded to reach a recipient, or the maximum number of times the message is forwarded. The message may be displayed to a member in a rank ordering based on the hop distance, and messages with hop distances below a defined value may be deleted from a displayed list after a period of time. In one embodiment, a message may be forwarded anonymously to, for example, encourage members to forward the message.

Abstract: A method, system, and apparatus are directed to sharing information over a network. A request to share a multimedia object may be received. A relevance measure may be retrieved based on an identity of the multimedia object. Sharing the network of the multimedia object between an originating sharing member and a plurality of members of a social network may be enabled. A combination of the relevance measure and a hop distance for the shared multimedia object may be provided.

Abstract: Devices, systems, and methods are directed towards ranking of messages based on a hop distance a forwarded message travels through a social network. As a message is forwarded by a member of the social network the hop distance increases. As the message is forwarded, recipients and/or senders may view the hop distance in real-time. The hop distance may reflect a number of times the message is forwarded to reach a recipient, or the maximum number of times the message is forwarded. The message may be displayed to a member in a rank ordering based on the hop distance, and messages with hop distances below a defined value may be deleted from a displayed list after a period of time. In one embodiment, a message may be forwarded anonymously to, for example, encourage members to forward the message.

Abstract: Devices, systems, and methods are directed towards ranking of messages based on a hop distance a forwarded message travels through a social network. As a message is forwarded by a member of the social network the hop distance increases. As the message is forwarded, recipients and/or senders may view the hop distance in real-time. The hop distance may reflect a number of times the message is forwarded to reach a recipient, or the maximum number of times the message is forwarded. The message may be displayed to a member in a rank ordering based on the hop distance, and messages with hop distances below a defined value may be deleted from a displayed list after a period of time. In one embodiment, a message may be forwarded anonymously to, for example, encourage members to forward the message.

Abstract: A method, system, and apparatus are directed to sharing information over a network. A drag-and-drop of a selection of a portion of content may be received at a sharing area. A sharing message may be generated based on a type of the portion. If the type of the portion indicates storage, the sharing message may comprise a hyperlink to a storage. The sharing message may be useable for providing the portion on at least one client device associated with at least one of a plurality of members of a social network. Sharing over the network of the portion between an originating sharing member and the plurality of members of the social network may be enabled. The portion may be shared for a customizable project. A hop distance may be provided for the shared portion.

Abstract: Devices, systems, and methods are directed towards ranking of messages based on a hop distance a forwarded message travels through a social network. As a message is forwarded by a member of the social network the hop distance increases. As the message is forwarded, recipients and/or senders may view the hop distance in real-time. The hop distance may reflect a number of times the message is forwarded to reach a recipient, or the maximum number of times the message is forwarded. The message may be displayed to a member in a rank ordering based on the hop distance, and messages with hop distances below a defined value may be deleted from a displayed list after a period of time. In one embodiment, a message may be forwarded anonymously to, for example, encourage members to forward the message.

Abstract: Devices, systems, and methods are directed towards ranking of messages based on a hop distance a forwarded message travels through a social network. As a message is forwarded by a member of the social network the hop distance increases. As the message is forwarded, recipients and/or senders may view the hop distance in real-time. The hop distance may reflect a number of times the message is forwarded to reach a recipient, or the maximum number of times the message is forwarded. The message may be displayed to a member in a rank ordering based on the hop distance, and messages with hop distances below a defined value may be deleted from a displayed list after a period of time. In one embodiment, a message may be forwarded anonymously to, for example, encourage members to forward the message.

Abstract: A method, system, and apparatus are directed to sharing information over a network. A request to share a multimedia object may be received. A relevance measure may be retrieved based on an identity of the multimedia object. Sharing the network of the multimedia object between an originating sharing member and a plurality of members of a social network may be enabled. A combination of the relevance measure and a hop distance for the shared multimedia object may be provided.

Abstract: A method, system, and apparatus are directed to sharing information over a network. A drag-and-drop of a selection of a portion of content may be received at a sharing area. A sharing message may be generated based on a type of the portion. If the type of the portion indicates storage, the sharing message may comprise a hyperlink to a storage. The sharing message may be useable for providing the portion on at least one client device associated with at least one of a plurality of members of a social network. Sharing over the network of the portion between an originating sharing member and the plurality of members of the social network may be enabled. The portion may be shared for a customizable project. A hop distance may be provided for the shared portion.

Abstract: Embodiments are directed towards managing messages based on generated interest clusters. A message may be analyzed to determine one or more interest clusters associated with the message. The message may be automatically sent to members within the determined interest cluster(s), or if no members are in the interest cluster(s), to those identified in the sender's contact list. As recipients of the message respond to the message, the membership to the interest clusters may be revised. Responses used to revise the membership may include forwarding, reading, ignoring, or deleting the message. Subsequent revisions to the membership may be made based on responses to subsequent messages sent to the members of the interest cluster. Display of the message may be in a rank order based on a determined hop distance for the message. Third parties may use the interest cluster and/or sneezers to direct advertisements, or the like.

Abstract: Devices, systems, and methods are directed towards ranking of messages based on a hop distance a forwarded message travels through a social network. As a message is forwarded by a member of the social network the hop distance increases. As the message is forwarded, recipients and/or senders may view the hop distance in real-time. The hop distance may reflect a number of times the message is forwarded to reach a recipient, or the maximum number of times the message is forwarded. The message may be displayed to a member in a rank ordering based on the hop distance, and messages with hop distances below a defined value may be deleted from a displayed list after a period of time. In one embodiment, a message may be forwarded anonymously to, for example, encourage members to forward the message.