Abstract: Methods and systems for detecting and preventing malicious software activity are presented. In one embodiment, a method is presented that includes monitoring network communications on a network. The method may also include detect a suspect network communication associated with a suspect network activity and, in response, determine an originating machine based on the suspect network activity. The method may further suspend network communications for the originating machine. A forensics software agent may then be selected based on the suspect network activity. Then, the forensics software agent may be deployed on the originating machine. After deployment, the forensics software agent may fetch computer forensics data from the originating machine. Once the computer forensics data is fetched, a response action may be selected and executed based on said computer forensics data.

Abstract: Techniques and systems are described for enabling an identity provider to identify a computing device during authentication of a user that uses the computing device, and to do so in a manner that is independent of a browser and/or a client application and/or an operating system on the computing device. For example, upon receiving, from a first identity provider, redirection data to redirect an authentication request to a second identity provider, a security agent executing on the computing device may intercept the authentication request, retrieve data about the computing device, and send the authentication request with the device data to the second identity provider. Upon receiving, from the second identity provider, a signed response to the authentication request, the computing device may send the signed response to the first identity provider to receive a result of the authentication request from the first identity provider.

Abstract: The instant disclosure is directed to an attack/unwanted activity detecting firewall for use in protecting authentication-based network resources. The instant system is adapted for installation inline or in sniffer mode. In various embodiments, defined rules are applied to network traffic to determine whether certain types of attacks are occurring on the network resources. If one such attack is detected, the system provides for several potential responses, including for example disconnecting the attacking remote machine, requiring the user at that machine to re-authenticate, and/or requiring a second factor of authentication from the user at that machine. In some example embodiments, regardless of any activity required of a user at the remote machine suspected of malicious behavior, the disclosed system generates an alarm or other alert for presentation as appropriate, such as via a graphical user interface or a third-party system using an API.

Abstract: Methods and systems for detecting and preventing malicious software activity are presented. In one embodiment, a method is presented that includes monitoring network communications on a network. The method may also include detect a suspect network communication associated with a suspect network activity and, in response, determine an originating machine based on the suspect network activity. The method may further suspend network communications for the originating machine. A forensics software agent may then be selected based on the suspect network activity. Then, the forensics software agent may be deployed on the originating machine. After deployment, the forensics software agent may fetch computer forensics data from the originating machine. Once the computer forensics data is fetched, a response action may be selected and executed based on said computer forensics data.

Abstract: Methods and systems for detecting and preventing malicious software activity are presented. In one embodiment, a method is presented that includes monitoring network communications on a network. The method may also include detect a suspect network communication associated with a suspect network activity and, in response, determine an originating machine based on the suspect network activity. The method may further suspend network communications for the originating machine. A forensics software agent may then be selected based on the suspect network activity. Then, the forensics software agent may be deployed on the originating machine. After deployment, the forensics software agent may fetch computer forensics data from the originating machine. Once the computer forensics data is fetched, a response action may be selected and executed based on said computer forensics data.

Abstract: The instant disclosure is directed to an attack/unwanted activity detecting firewall for use in protecting authentication-based network resources. The instant system is adapted for installation inline or in sniffer mode. In various embodiments, defined rules are applied to network traffic to determine whether certain types of attacks are occurring on the network resources. If one such attack is detected, the system provides for several potential responses, including for example disconnecting the attacking remote machine, requiring the user at that machine to re-authenticate, and/or requiring a second factor of authentication from the user at that machine. In some example embodiments, regardless of any activity required of a user at the remote machine suspected of malicious behavior, the disclosed system generates an alarm or other alert for presentation as appropriate, such as via a graphical user interface or a third-party system using an API.

Abstract: The instant disclosure is directed to an attack/unwanted activity detecting firewall for use in protecting authentication-based network resources. The instant system is adapted for installation inline or in sniffer mode. In various embodiments, defined rules are applied to network traffic to determine whether certain types of attacks are occurring on the network resources. If one such attack is detected, the system provides for several potential responses, including for example disconnecting the attacking remote machine, requiring the user at that machine to re-authenticate, and/or requiring a second factor of authentication from the user at that machine. In some example embodiments, regardless of any activity required of a user at the remote machine suspected of malicious behavior, the disclosed system generates an alarm or other alert for presentation as appropriate, such as via a graphical user interface or a third-party system using an API.

Abstract: The instant disclosure is directed to an attack/unwanted activity detecting firewall for use in protecting authentication-based network resources. The instant system is adapted for installation inline or in sniffer mode. In various embodiments, defined rules are applied to network traffic to determine whether certain types of attacks are occurring on the network resources. If one such attack is detected, the system provides for several potential responses, including for example disconnecting the attacking remote machine, requiring the user at that machine to re-authenticate, and/or requiring a second factor of authentication from the user at that machine. In some example embodiments, regardless of any activity required of a user at the remote machine suspected of malicious behavior, the disclosed system generates an alarm or other alert for presentation as appropriate, such as via a graphical user interface or a third-party system using an API.