Abstract: Malware analysis and root-cause analysis, and information security insights based on Operating System sampled data. Sampled data includes structured logs, Operating System Snapshots, programs and/or processes and/or kernel crashes, crash dumps, memory dumps, stackshots, simulated crashes or samples. The sampled data contains payload for extraction for the purpose of detection, evaluation and reproduction of threats, infection vector, threat actors and persistence methods in the form of backdoors or Trojans or exploitable vulnerabilities used for initial infiltration or lateral movement.

Abstract: Methods and apparatuses for malware analysis and root-cause analysis, and information security insights based on Operating System sampled data such as structured logs, Operating System Snapshots, programs and/or processes and/or kernel crash dumps or samples containing payload for extraction for the purpose of detection and evaluation of threats, infection vector, threat actors and persistence methods in the form of backdoors or Trojans or unknown exploitable vulnerabilities used.

Abstract: A method for a wireless network. The network includes at least a server and a plurality of computer devices wirelessly connected to the server. At least one of the computer devices is under attack by an ‘attacker’ device. The method provides for detection and reporting of the attack as to the location of the attack. The method includes detecting an attack by one of the computer devices, using a zCore module and transmitting an ‘attack report’ to the server. The report includes at least the attack location. The method also includes notifying at least one of the plurality of computer devices and an external computer device that the network is compromised.

Abstract: A security system receives attribute samples from one or more devices configured to simulate one or more states (such as attack states). The attribute samples are aggregated, normalized to a common format, and quantized to lower the resolution of the attribute samples. Outlier attribute samples and attribute samples determined to not be correlated to the simulated states are removed to form a pruned set of attribute samples. A set of classifiers is generated based on a first portion of the pruned set of attribute samples, and the set of classifiers is tested based on a second portion of the pruned set of attribute samples. A subset of the classifiers can be provided to a device configured to monitor attributes associated with the subset of classifiers and to identify an attack state based on the monitor attributes.

Abstract: A method for providing an intrusion prevention system to prevent hacking into files located on enterprise users' endpoint devices functioning as mobile computing platforms. The method includes filtering low-level network packets for each of a plurality of received network packets, offloading the received packets to an inspecting processing module and marking suspicious packets based on at least one of a header and pattern of each of said received packets. The method also includes taking preventive measures by the system to ensure protection of the device and network, taking active steps by the system to block suspicious traffic and disconnecting the current connection by the system, when it detects suspicious traffic.

Abstract: A method for providing an intrusion prevention system to prevent hacking into files located on enterprise users' endpoint devices functioning as mobile computing platforms. The method includes filtering low-level network packets for each of a plurality of received network packets, offloading the received packets to an inspecting processing module and marking suspicious packets based on at least one of a header and pattern of each of said received packets. The method also includes taking preventive measures by the system to ensure protection of the device and network, taking active steps by the system to block suspicious traffic and disconnecting the current connection by the system, when it detects suspicious traffic.

Abstract: A method for a wireless network. The network includes at least a server and a plurality of computer devices wirelessly connected to the server. At least one of the computer devices is under attack by an ‘attacker’ device. The method provides for detection and reporting of the attack as to the location of the attack. The method includes detecting an attack by one of the computer devices, using a zCore module and transmitting an ‘attack report’ to the server. The report includes at least the attack location. The method also includes notifying at least one of the plurality of computer devices and an external computer device that the network is compromised.