Abstract: Devices and techniques are generally described for centralized data egress validation. In various examples, a request to send first data to a first destination may be received. In some examples, a first decoder that corresponds to a format of the first data may be determined. In further examples, a policy associated with the first decoder may be determined. In some examples, second data may be generated using the first decoder to parse the first data according to the policy. In various examples, the second data may be evaluated using the policy and a determination may be made whether the first data is permissible to send to the first destination.

Abstract: A computing device includes one or more processors, a memory and an encryption accelerator. The memory includes instructions that when executed on the processors cause a first networking session to be established between a pair of communication peers. Encryption of messages of the first session is enabled by a parameter of a security protocol of the session. The encryption accelerator obtains a key determined in the first session, and uses the key to encrypt messages of a second networking session established between the peers.

Abstract: Systems for providing a security assessment of a target computing resource, such as a virtual machine or an instance of a virtual machine, include a security assessments provisioning service that provisions third-party-authored rules packages and security assessments into the computing environment of the target computing resource. The third-party rules package includes rules that can operate on telemetry and configuration data of the target computing resource, produced by sensors that are native to the computing environment, but the sensor protocols, message format, and sensitive data are not exposed to the rules. The provisioning service can provide security assessments and/or rules packages that are “native” and are thus able to operate directly on the telemetry and configuration data.

Abstract: Systems for performing a security assessment of a target computing resource, such as a virtual machine or an instance of a virtual machine, include a security assessment service that enables the use of third-party-authored rules packages in the security assessment. The third-party rules package includes rules that can operate on telemetry and configuration data of the target computing resource, produced by sensors that are native to the computing environment, but the sensor protocols, message format, and sensitive data are not exposed to the rules. An interface, such as an ingest function, may be used to convert telemetry data in the form of sensor messages into assessment data objects. The assessment data objects contain the data elements the rules evaluate, and may also have corresponding retrieval methods that are exposed to the rules; the rules call the retrieval methods to extract parameter-value pairs from the data object.

Abstract: A graph of a plurality of resources in a computing environment is generated, with the graph associating a first resource of the plurality with a second resource of the plurality. Based at least in part on measurements obtained at a point in a test computing environment that corresponds to a point in the computing environment, a graph representing the relationship between the first resource and the second resource is generated. A threat model identifying potential risks to the computing environment is created from the graph.

Abstract: A honeypot resource management service receives a request to provision one or more honeypot resources. In response to the request, the service identifies at least one computing resource service that is to be used to present the one or more honeypot resources. The service generates configuration information that is transmitted to the at least one computing resource service to cause the computing resource service to present the one or more honeypot resources to users in accordance with a set of parameters specified in the configuration information.

Abstract: A graph of a plurality of resources in a computing environment is generated, with the graph associating a first resource of the plurality with a second resource of the plurality. Based at least in part on measurements obtained at a point in a test computing environment that corresponds to a point in the computing environment, a graph representing the relationship between the first resource and the second resource is generated. A threat model identifying potential risks to the computing environment is created from the graph.

Abstract: A graph of a plurality of resources in a computing environment is generated, with the graph associating a first resource of the plurality with a second resource of the plurality. Based at least in part on measurements obtained at a point in a test computing environment that corresponds to a point in the computing environment, an expected value or expected range of values is determined. An assessment of a security state of the computing environment is generated based at least in part on a comparison between a measurement obtained at the point in the computing environment and the expected value or expected range of values, and responsive to a determination that the assessment indicates a rule violation in the computing environment, a security action is performed.

Abstract: A graph of a plurality of resources in a computing environment is generated, with the graph associating a first resource of the plurality with a second resource of the plurality. Based at least in part on measurements obtained at a point in a test computing environment that corresponds to a point in the computing environment, an expected value or expected range of values is determined. An assessment of a security state of the computing environment is generated based at least in part on a comparison between a measurement obtained at the point in the computing environment and the expected value or expected range of values, and responsive to a determination that the assessment indicates a rule violation in the computing environment, a security action is performed.

Abstract: A system and method for threat detection and mitigation through run-time introspection. The system and method comprising receiving a request to monitor a computing environment. Based on the received request, the system and method further includes determining a set of introspection points for monitoring the computing environment. receive a request to monitor a computing environment, measuring at individual introspection points of the set of introspection points to obtain a set of measurements, generating a graph of a set of resources in the computing environment, wherein the graph correlates individual resources in the set of resources to other resources based on at based at least in part on the set of measurements, and determining whether to perform a security action based at least in part on whether an evaluation of the graph indicates a threat to the computing environment.

Abstract: A computer-implemented technique can include receiving, at a computing system including one or more processors, a translation model including a plurality of aligned pairs of phrases in first and second languages. The technique can include determining, at the computing system, one or more features for each of the plurality of pairs of phrases based on linguistic differences between the first and second languages to obtain a plurality of sets of features. The technique can include associating, at the computing system, the plurality of sets of features with the plurality of pairs of phrases, respectively, to obtain a modified translation model. The technique can also include performing, at the computing system, statistical machine translation from the first language to the second language using the modified translation model.

Abstract: A system for fuzzing requests and responses using a proxy includes a client that may include a client application, a server that may include a server application, and a proxy coupled between the client and the server. The proxy communicates message traffic between the client and the server related to testing the client application or the server application. The proxy is adapted to store a template resulting from the message traffic into a data store to facilitate later fuzzing of requests or responses contained in the message traffic. A user interface for presenting events resulting from the fuzzing is also described.

Abstract: Methods and systems for providing an extensible testing framework are provided. An extensible testing framework may use field objects to represent test data values of various data types, including char, int, string, and the like. The framework is extensible in that new field objects may be added as new data types are needed during testing. The extensible testing framework may use transport objects to communicate test values to and from the target software being tested, e.g., using TCP Client, TCP Server, UCP Client, and the like. The framework is extensible in that new transport objects can be added as new transport protocols are needed, e.g., for a command line interface. Each test executes under the control of a test manager, as defined by configuration information provided in a configuration file or via an external executable control application.