Abstract: A system and method for detecting feature requests that pose a potential security risk, including: collecting the feature requests from providers; and analyzing the feature requests to assess whether features requested in the feature requests will pose a security risk to the system once created.

Abstract: A method for the efficient use of Large Language Models (LLMs) in malicious code detection, the method including: assessing code and assigning a probability level of being malicious; and running code assessed to be above a predetermined probability level through an LLM to determine if the code is malicious.

Abstract: A method for the efficient use of Large Language Models (LLMs) in malicious code detection, the method including: assessing code and assigning a probability level of being malicious; and running code assessed to be above a predetermined probability level through an LLM to determine if the code is malicious.

Abstract: A method for the efficient use of Large Language Models (LLMs) in malicious code detection, the method including: assessing code and assigning a probability level of being malicious; and running code assessed to be above a predetermined probability level through an LLM to determine if the code is malicious.

Abstract: A system and method for detecting feature requests that pose a potential security risk, including: collecting the feature requests from providers; and analyzing the feature requests to assess whether features requested in the feature requests will pose a security risk to the system once created.

Abstract: Systems and methods for determining a user's presence on a network of an enterprise are provided. Traffic is collected to a network from devices and, over a period of time, login and logoff information from a user is determined from the collected network traffic. Network sessions are determined from a user's login and logoff information and timetable is generated specific to the user that contains the network sessions. The time table identifies when the user was active and when the user was not active based on the login and logoff information and, therefore, present at a particular location over a period of time.

Abstract: A method and a system for modifying network connection access rules using multi factor authentication (MFA) are provided herein. The method may include the following steps: receiving, at a computer network, an access request from a client device; retrieving a user identification data associated with said client device; presenting a message over said client device, wherein the message contains details associated with said access request; responsive to the user confirmation of said details, initiating an MFA process, wherein the MFA process comprises presenting an authentication message over the client device; and only in a case that the user has been authenticated by the MFA process, establishing the requested connection access.

Abstract: A method and a system for modifying network connection access rules using multi factor authentication (MFA) are provided herein. The method may include the following steps: receiving, at a computer network, an access request from a client device; retrieving a user identification data associated with said client device; presenting a message over said client device, wherein the message contains details associated with said access request; responsive to the user confirmation of said details, initiating an MFA process, wherein the MFA process comprises presenting an authentication message over the client device; and only in a case that the user has been authenticated by the MFA process, establishing the requested connection access.

Abstract: A method and a system for modifying network connection access rules using multi factor authentication (MFA) are provided herein. The method may include the following steps: receiving, at a computer network, an access request from a client device; retrieving a user identification data associated with said client device; presenting a message over said client device, wherein the message contains details associated with said access request; responsive to the user confirmation of said details, initiating an MFA process, wherein the MFA process comprises presenting an authentication message over the client device; and only in a case that the user has been authenticated by the MFA process, establishing the requested connection access.

Abstract: A method and a system for modifying network connection access rules using multi factor authentication (MFA) are provided herein. The method may include the following steps: receiving, at a computer network, an access request from a client device; retrieving a user identification data associated with said client device; presenting a message over said client device, wherein the message contains details associated with said access request; responsive to the user confirmation of said details, initiating an MFA process, wherein the MFA process comprises presenting an authentication message over the client device; and only in a case that the user has been authenticated by the MFA process, establishing the requested connection access.

Abstract: Detection of abnormalities in multi-dimensional data is performed by processing the multi-dimensional data to obtain a reduced dimension embedding matrix, using the reduced dimension embedding matrix to form a lower dimension (of at least 2D) embedded space, applying an out-of-sample extension procedure in the embedded space to compute coordinates of a newly arrived data point and using the computed coordinates of the newly arrived data point and Euclidean distances to determine whether the newly arrived data point is normal or abnormal.

Abstract: Determining impossible travel for a specific user entity associated with an on-premises site. A method includes identifying an estimated location of an on-premises site associated with an organization network. Identifying the estimated location of an on-premises site comprises aggregating connection information of remote devices, remote from the on-premises site connecting to the on-premises site. Information related to an on-premises connection event is identified including the estimated location, time information, and a first user identification for an entity. Information is identified related to a different connection event. The information comprises location information, time information and a second user identification for the entity. The information related to the on-premises connection event and the information related to the different connection event are used to detect impossible travel for the entity. An alert indicating an impossible travel condition is provided.

Abstract: The present disclosure provides for improved computational efficiency and security in a network by determining the physical location of network connected components, without requiring the components to self-locate. The locations of devices remotely connected to a site within the network are geolocated so that the physical location of that site may be inferred from a centralized point to the remote devices' locations. This calculate site location may be compared against a known site location to improve a generalized algorithm for determining the calculated location of a site with an unknown location, and may be applied to devices that are locally connected to the network, which may be otherwise incapable of being geolocated.

Abstract: Detection of abnormalities in multi-dimensional data is performed by processing the multi-dimensional data to obtain a reduced dimension embedding matrix, using the reduced dimension embedding matrix to form a lower dimension (of at least 2D) embedded space, applying an out-of-sample extension procedure in the embedded space to compute coordinates of a newly arrived data point and using the computed coordinates of the newly arrived data point and Euclidean distances to determine whether the newly arrived data point is normal or abnormal.

Abstract: Brute force attacks on a given account with various password attempts are a common threat to computer security. When a suspected brute force on an account is detected, systems may lock the account from access, which is frustrating to users and time consuming for administrators in the event of a false positive. To reduce the number of false positives, brute force counterattacks are taught in the present disclosure. A brute force counterattack is used to learn whether the login attempts change the passwords attempted, and are to be classified as malicious, or keep the attempted password the same in multiple attempts, and are to be classified as benign.

Abstract: The present disclosure is directed to systems, methods and devices for determining computer ownership in a distributed computer network associated with a directory service. Username similarity between username textual attributes and a computer's associated account management name may be determined. Network traffic information and event logs may be analyzed and determinations regarding local behavior and user behavior relating to a plurality of computers on a distributed computer network may be made. Local user data and an owner candidate list may be generated therefrom. Directory service data, including ownership attributes, may be analyzed to determine whether a user is the owner of a computer.

Abstract: Determining impossible travel for a specific user entity associated with an on-premises site. A method includes identifying an estimated location of an on-premises site associated with an organization network. Identifying the estimated location of an on-premises site comprises aggregating connection information of remote devices, remote from the on-premises site connecting to the on-premises site. Information related to an on-premises connection event is identified including the estimated location, time information, and a first user identification for an entity. Information is identified related to a different connection event. The information comprises location information, time information and a second user identification for the entity. The information related to the on-premises connection event and the information related to the different connection event are used to detect impossible travel for the entity. An alert indicating an impossible travel condition is provided.

Abstract: Systems and methods for determining a user's presence on a network of an enterprise are provided. Traffic is collected to a network from devices and, over a period of time, login and logoff information from a user is determined from the collected network traffic. Network sessions are determined from a user's login and logoff information and timetable is generated specific to the user that contains the network sessions. The time table identifies when the user was active and when the user was not active based on the login and logoff information and, therefore, present at a particular location over a period of time.

Abstract: The present disclosure provides for improved computational efficiency and security in a network by determining the physical location of network connected components, without requiring the components to self-locate. The locations of devices remotely connected to a site within the network are geolocated so that the physical location of that site may be inferred from a centralized point to the remote devices' locations. This calculate site location may be compared against a known site location to improve a generalized algorithm for determining the calculated location of a site with an unknown location, and may be applied to devices that are locally connected to the network, which may be otherwise incapable of being geolocated.

Abstract: Detection of abnormalities in multi-dimensional data is performed by processing the multi-dimensional data to obtain a reduced dimension embedding matrix, using the reduced dimension embedding matrix to form a lower dimension (of at least 2D) embedded space, applying an out-of-sample extension procedure in the embedded space to compute coordinates of a newly arrived data point and using the computed coordinates of the newly arrived data point and Euclidean distances to determine whether the newly arrived data point is normal or abnormal.