Abstract: Systems and methods for anonymizing personal information are provided. A set of data may be received that includes a first subset of data that corresponds to a unique identifier, a second subset of data that corresponds to a timestamp, and a third subset of data that corresponds to a personal identifiable information (PII) record. The PII record may include a plurality of fields, one or more of which may include values. The set of data may be pre-processed. A respective embedding may be generated, for each value of a respective field, of the plurality of fields, that includes a value. The pre-processed set of data may be anonymized to generate an anonymized set of data, in the form of a graph structure. The graph structure may be stored in a database, and a fraud risk model may be trained, based on the database.

Abstract: Examples of the present disclosure describe systems and methods of providing real-time scanning of IP addresses. In aspects, input may be received by a real-time IP scanning system. The system may generate one or more work orders based on the input. A scanner associated with the system may access a work order and attempt to communicate with one or more devices identified by the work order. If the attempted communication with a device is successful, a protocol analyzer may be used to provide a predefined payload to the device. If the response from the device matches an expected string, the device may be determined to be a safe and/or legitimate device. If the response from the device does not match an expected string, the device may be determined to be a malicious device.

Abstract: Examples of the present disclosure describe systems and methods of providing real-time scanning of IP addresses. In aspects, input may be received by a real-time IP scanning system. The system may generate one or more work orders based on the input. A scanner associated with the system may access a work order and attempt to communicate with one or more devices identified by the work order. If the attempted communication with a device is successful, a protocol analyzer may be used to provide a predefined payload to the device. If the response from the device matches an expected string, the device may be determined to be a safe and/or legitimate device. If the response from the device does not match an expected string, the device may be determined to be a malicious device.

Abstract: A method and system for controlling access to an Internet resource is disclosed herein. When a request for an Internet resource, such as a Web site, is transmitted by an end-user of a LAN, a security appliance for the LAN analyzes a reputation index for the Internet resource before transmitting the request over the Internet. The reputation index is based on a plurality of factors for the Internet resource. A client application's access to the Internet resource can be allowed or denied based on the reputation index of the Internet resource.

Abstract: A method and system for controlling access to an Internet resource is disclosed herein. When a request for an Internet resource, such as a Web site, is transmitted by an end-user of a LAN, a security appliance for the LAN analyzes a reputation index for the Internet resource before transmitting the request over the Internet. The reputation index is based on a reputation vector which includes a plurality of factors for the Internet resource such as country of domain registration, country of service hosting, country of an internet protocol address block, age of a domain registration, popularity rank, internet protocol address, number of hosts, to-level domain, a plurality of run-time behaviors, JavaScript block count, picture count, immediate redirect and response latency. If the reputation index for the Internet resource is at or above a threshold value established for the LAN, then access to the Internet resource is permitted.

Abstract: A firewall monitors network activity and stores information about that network activity in a network activity log. The network activity is analyzed to identify a potential threat. The potential threat is further analyzed to identify other potential threats that are related to the potential threat, and are likely to pose a future risk to a protected network. A block list is updated to include the potential threat and the other potential threats to protect the protected network from the potential threat and the other potential threats.

Abstract: Examples of the present disclosure describe systems and methods of providing real-time scanning of IP addresses. In aspects, input may be received by a real-time IP scanning system. The system may generate one or more work orders based on the input. A scanner associated with the system may access a work order and attempt to communicate with one or more devices identified by the work order. If the attempted communication with a device is successful, a protocol analyzer may be used to provide a predefined payload to the device. If the response from the device matches an expected string, the device may be determined to be a safe and/or legitimate device. If the response from the device does not match an expected string, the device may be determined to be a malicious device.

Abstract: Examples of the present disclosure describe systems and methods of providing real-time scanning of IP addresses. In aspects, input may be received by a real-time IP scanning system. The system may generate one or more work orders based on the input. A scanner associated with the system may access a work order and attempt to communicate with one or more devices identified by the work order. If the attempted communication with a device is successful, a protocol analyzer may be used to provide a predefined payload to the device. If the response from the device matches an expected string, the device may be determined to be a safe and/or legitimate device. If the response from the device does not match an expected string, the device may be determined to be a malicious device.

Abstract: A firewall monitors network activity and stores information about that network activity in a network activity log. The network activity is analyzed to identify a potential threat. The potential threat is further analyzed to identify other potential threats that are related to the potential threat, and are likely to pose a future risk to a protected network. A block list is updated to include the potential threat and the other potential threats to protect the protected network from the potential threat and the other potential threats.

Abstract: Examples of the present disclosure describe systems and methods of determining online identity reputation. In aspects, an online identity of an entity may engage in online interactions. The content provided by the online identity may be accessed and analyzed to determine interaction characteristics and reputation metrics for the online identity. Based on the reputation metrics, the online identity and/or entity (and content therefrom) may be filtered from further online interactions. In some aspects, interaction data may be stored in a data store. An interaction mapping component having access to the data store may analyze the data store data to determine mappings between online identities, entities and interactions. In at least one aspect, an opt-in certificate system may also be provided. The opt-in system may provide an online identity or entity a certificate to securely validate identity.

Abstract: A firewall monitors network activity and stores information about that network activity in a network activity log. The network activity is analyzed to identify a potential threat. The potential threat is further analyzed to identify other potential threats that are related to the potential threat, and are likely to pose a future risk to a protected network. A block list is updated to include the potential threat and the other potential threats to protect the protected network from the potential threat and the other potential threats.

Abstract: Examples of the present disclosure describe systems and methods of providing real-time scanning of IP addresses. In aspects, input may be received by a real-time IP scanning system. The system may generate one or more work orders based on the input. A scanner associated with the system may access a work order and attempt to communicate with one or more devices identified by the work order. If the attempted communication with a device is successful, a protocol analyzer may be used to provide a predefined payload to the device. If the response from the device matches an expected string, the device may be determined to be a safe and/or legitimate device. If the response from the device does not match an expected string, the device may be determined to be a malicious device.

Abstract: Examples of the present disclosure describe systems and methods of providing real-time scanning of IP addresses. In aspects, input may be received by a real-time IP scanning system. The system may generate one or more work orders based on the input. A scanner associated with the system may access a work order and attempt to communicate with one or more devices identified by the work order. If the attempted communication with a device is successful, a protocol analyzer may be used to provide a predefined payload to the device. If the response from the device matches an expected string, the device may be determined to be a safe and/or legitimate device. If the response from the device does not match an expected string, the device may be determined to be a malicious device.

Abstract: Examples of the present disclosure describe systems and methods for generating dynamic sensors. In aspects, a device may be detected on a network. If the device is not recognized by the network, a generic container may be created. If the device is recognized by the network, a device-specific container may be created, and device-specific threat protection and/or a device-specific machine model may be loaded into the container. In either case, a threat intelligence model and/or an ecosystem-specific machine model may also be loaded into the container. The container may then be deployed to one or more networks. In aspects, the container may be used to analyze network traffic to sense potential threats for ecosystems comprising varying devices and topologies.

Abstract: Examples of the present disclosure describe systems and methods of determining online identity reputation. In aspects, an online identity of an entity may engage in online interactions. The content provided by the online identity may be accessed and analyzed to determine interaction characteristics and reputation metrics for the online identity. Based on the reputation metrics, the online identity and/or entity (and content therefrom) may be filtered from further online interactions. In some aspects, interaction data may be stored in a data store. An interaction mapping component having access to the data store may analyze the data store data to determine mappings between online identities, entities and interactions. In at least one aspect, an opt-in certificate system may also be provided. The opt-in system may provide an online identity or entity a certificate to securely validate identity.

Abstract: Examples of the present disclosure describe systems and methods for generating dynamic sensors. In aspects, a device may be detected on a network. If the device is not recognized by the network, a generic container may be created. If the device is recognized by the network, a device-specific container may be created, and device-specific threat protection and/or a device-specific machine model may be loaded into the container. In either case, a threat intelligence model and/or an ecosystem-specific machine model may also be loaded into the container. The container may then be deployed to one or more networks. In aspects, the container may be used to analyze network traffic to sense potential threats for ecosystems comprising varying devices and topologies.

Abstract: Examples of the present disclosure describe systems and methods of providing real-time scanning of IP addresses. In aspects, input may be received by a real-time IP scanning system. The system may generate one or more work orders based on the input. A scanner associated with the system may access a work order and attempt to communicate with one or more devices identified by the work order. If the attempted communication with a device is successful, a protocol analyzer may be used to provide a predefined payload to the device. If the response from the device matches an expected string, the device may be determined to be a safe and/or legitimate device. If the response from the device does not match an expected string, the device may be determined to be a malicious device.

Abstract: A method and system a method for compressing and searching a plurality of strings. The method includes inputting a plurality of strings into a compression engine. The method also includes converting each of the plurality of strings into a new, prefix-preserving compressed string, using the compression engine. For every string P that is a strict prefix of a string S, P's resulting compressed string is a strict prefix of S's resulting compressed string.

Abstract: A method and system a method for compressing and searching a plurality of strings. The method includes inputting a plurality of strings into a compression engine. The method also includes converting each of the plurality of strings into a new, prefix-preserving compressed string, using the compression engine. For every string P that is a strict prefix of a string S, P's resulting compressed string is a strict prefix of S's resulting compressed string.

Abstract: A firewall monitors network activity and stores information about that network activity in a network activity log. The network activity is analyzed to identify a potential threat. The potential threat is further analyzed to identify other potential threats that are related to the potential threat, and are likely to pose a future risk to a protected network. A block list is updated to include the potential threat and the other potential threats to protect the protected network from the potential threat and the other potential threats.