Abstract: Disclosed are various embodiments for a social networking behavior-based identity system that employs social networking data that a user has elected to share through an opt-in procedure. An assertion of a user identity is received from a client. It is determined whether the assertion of the user identity specifies a correct security credential. Social networking data identifying a circle of friends is received. It is determined whether the user identity belongs to a user at the client based at least in part on a reputation of one or more members of the circle of friends and whether the assertion of the user identity specifies the correct security credential.

Abstract: A method and apparatus for device authentication are provided. In the method and apparatus, authentication data for a first device is received. The first device is then authenticated based at least in part on demonstrated access to authentication data prior to broadcast of the authentication data. One or more actions may be taken in response to the authentication of the first device based at least in part on the demonstrated access to the authentication data.

Abstract: A service provider or service of the service provider may generate authentication information based on information provided by a user. The information provided by the user may include a selection of a media object, information indicating a segment of the media object, and an indication of an action to be performed by the user. This information may be saved by the service provider and used at some point in time later to determine whether to provide access to restricted computing resources based at least in part on an authentication claim provided by the user. The authentication claim may be generated by a computing device operated by the user and may include information corresponding to the media object, the indicated segment of the media object, and the action performed by the user.

Abstract: Disclosed are various embodiments for providing a honeypot environment in response to incorrect security credentials being provided. An authentication request for an account to log into an application is received from a client. It is determined that the authentication request specifies an incorrect security credential for the account. The client is then provided with access to a honeypot environment in response to the authentication request. The honeypot environment is configured to mimic a successful login to the application via the account.

Abstract: A monitoring service receives, from a variety of hardware components of a set of computer systems, binary signals indicative of operation of these components. The monitoring service determines, based at least in part on these signals, a set of beat frequencies for pairings of hardware components of the set of computer systems. The monitoring service uses this set of beat frequencies, as well as information included in a profile for the set of computer systems, to determine whether there is any indication of anomalous behavior in operation of the set of computer systems. If so, the monitoring service generates one or more alerts indicating the anomalous behavior.

Abstract: A customer submits a request for assistance to a customer service. Accordingly, the customer service may access a customer database to obtain one or more customer preferences that can be used to select a service representative. If the customer database does not include these preferences, the customer service may utilize one or more customer attributes to calculate these one or more customer preferences. Subsequently, the customer service may access a service representative database and select a service representative based at least in part on the one or more customer preferences. The customer service may transmit the request to the selected service representative to enable the service representative to assist the customer.

Abstract: A service receives a request from a user of a group of users to perform one or more operations requiring group authentication in order for the operations to be performed. In response, the service provides a first user of the group with an image seed and an ordering of the group of users. Each user of the group applies a transformation algorithm to the seed to create an authentication claim. The service receives this claim and determines, based at least in part on the ordering of the group of users, an ordered set of transformations, which are used to create a reference image file. If the received claim matches the reference image file, the service enables performance of the requested one or more operations.

Abstract: Techniques for improving computer system security by detecting and responding to attacks on computer systems are described herein. A computer system monitors communications requests from external systems and, as a result of detecting one or more attacks on the computer system, the computer system responds to the attacks by analyzing the behavior of the attacker, relating that behavior to one or more attack profiles and creating a simulated environment to respond to the attack based in part on the attack profiles. The simulated environment responds to the attack by communicating with the attacker.

Abstract: Techniques are described for preventing a software module from executing in an unauthorized environment. A software module may be configured to collect context information that describes an environment in which the software module is executing. If the context information indicates that the environment is unauthorized for executing the software module, the software module may alter its behavior(s) or its binary signature to simulate a threat. Threat detection module(s), such as anti-virus software, anti-malware software, and so forth, may then identify the software module as a threat and disable its execution or perform other actions. In some cases, the analysis of the context information may be performed on server device(s), which may send a signal to cause the software module to alter its behavior(s) or its binary signature.

Abstract: Techniques for improving computer system security by detecting and responding to attacks on computer systems are described herein. A computer system monitors communications requests from external systems and, as a result of detecting one or more attacks on the computer system, the computer system responds to the attacks by analyzing the behavior of the attacker, relating that behavior to one or more attack profiles and creating a simulated environment to respond to the attack based in part on the attack profiles. The simulated environment responds to the attack by communicating with the attacker.

Abstract: Techniques described and suggested herein include the use of transformation parameters, such as mathematical and/or cryptographic operations, to permute various aspects of executables so as to control executable code authorized to run on one or more hosts. For example, a set of transformation parameters, such as a mathematical operation and a specified value upon which the mathematical operation may operate, are associated with a host or group of hosts. The set of transformation parameters may be applied to one or more runtime-related numerical locations associated with an executable that is intended to run on the specified hosts. At runtime, appropriately encoded executables are decoded by the specified hosts and operate normally, while differently encoded or unencoded executables are inoperable by the specified hosts.

Abstract: Disclosed are various embodiments for a social networking behavior-based identity system that employs social networking data that a user has elected to share through an opt-in procedure. An assertion of a user identity is received from a client. It is determined whether the assertion of the user identity specifies a correct security credential. Social networking data identifying a circle of friends is received. It is determined whether the user identity belongs to a user at the client based at least in part on a reputation of one or more members of the circle of friends and whether the assertion of the user identity specifies the correct security credential.

Abstract: Techniques are described for generating response recommendation information that describes one or more response profiles, each including one or more actions that may be performed to respond to a security risk present in a deployed software module. The response recommendation information may quantify, for each response profile, a cost and a benefit due to the performance of the action(s) included in the response profile. The cost may include lost revenues or other value lost due to the action(s). The benefit may include a mitigation of the security risk.

Abstract: Complex web applications may be susceptible to cyber-attacks that affect the security of customer sessions. Session theft and exploitation may be predicted and controlled by monitoring records of requests made to the web application and providing notifications of possible compromise of a session, session service or a machine using a session service.

Abstract: Disclosed are various embodiments for testing the security incident response of an organization through automated injection of a known indicator of compromise. A stream of event data generated by a network monitoring system of an organization is received. The stream of event data is modified to include data embodying a fabricated indicator of compromise. The stream of event data that has been modified is then provided to an intrusion detection system of the organization. Metrics are then generated that assess the response of the organization to the fabricated indicator of compromise.

Abstract: Disclosed are various embodiments for a social networking behavior-based identity system that employs social networking data that a user has elected to share through an opt-in procedure. First social networking data is stored in association with a user identity. An assertion of the user identity is received from a client after the first social networking data is stored. Second social networking data is received in response to receiving the assertion of the user identity. An identity confidence level as to whether the user identity belongs to a user at the client is generated based at least in part on a comparison of the second social networking data with the first social networking data.

Abstract: A method and apparatus for deterring exfiltration of data from are provided. In the method and apparatus, it is determined that data is to be inflated. A request for access to data is received and data responsive to the request is retrieved. Spurious data is also generated and provided together with the responsive data in response to the request.

Abstract: Disclosed are various embodiments that model a network security environment as a game. A data model corresponding to a network security environment is received. A gaming environment is generated based at least in part on the data model. The gaming environment represents a decontextualized version of the network security environment.

Abstract: Techniques are described for employing a crowdsourcing framework to analyze data related to the performance or operations of computing systems, or to analyze other types of data. A question is analyzed to determine data that is relevant to the question. The relevant data may be decontextualized to remove or alter contextual information included in the data, such as sensitive, personal, or business-related data. The question and the decontextualized data may then be presented to workers in a crowdsourcing framework, and the workers may determine an answer to the question based on an analysis or an examination of the decontextualized data. The answers may be combined, correlated, or otherwise processed to determine a processed answer to the question.

Abstract: The present disclosure relates to multifactor-based authentication systems. Multifactor authentication occurs during a communication session in response to detecting a trigger event, such as an anomalous condition. Historical metrics, such as performance metrics (e.g., rendering speeds), behavioral metrics (e.g., click-stream behavior), environmental metrics (e.g., noise), etc., can be used as a baseline to compare against metrics for a current communication session. An anomalous condition, such as a current session metric exceeding a threshold, can result in an authentication service transmitting a multifactor authentication request.