Abstract: Systems, methods, and non-transitory computer-readable media can receive a notification of a user request to securely process a first set of data. A time estimate is calculated, wherein the time estimate is indicative of an expected amount of time for a secure data processing application to process the first set of data. An actual utilization time required for a first instance of the secure data processing application to process the first set of data is measured. A determination is made as to whether the secure data processing application may be compromised based on a comparison of the time estimate and the actual utilization time. In various embodiments, a re-cryptor process is used to change the cryptographic keys accessed by the secure data processing application. In various embodiments, a re-credentialer is used to change the database access credentials the secure data processing application used to access the encrypted data.

Abstract: Textual indicators are extracted from an electronic document. A rule for monitoring information technology user behavior is generated from the extracted textual indicators.

Abstract: Systems, methods, and non-transitory computer-readable media can receive a notification of a user request to securely process a first set of data. A time estimate is calculated, wherein the time estimate is indicative of an expected amount of time for a secure data processing application to process the first set of data. An actual utilization time required for a first instance of the secure data processing application to process the first set of data is measured. A determination is made as to whether the secure data processing application may be compromised based on a comparison of the time estimate and the actual utilization time. In various embodiments, a re-cryptor process is used to change the cryptographic keys accessed by the secure data processing application. In various embodiments, a re-credentialer is used to change the database access credentials the secure data processing application used to access the encrypted data.

Abstract: In remediating a computer vulnerability, operations to be performed to correct the vulnerability are identified. Remediation processors are scheduled to perform the operations. Whether the vulnerability has been corrected is determined by: determining whether the operations have been performed successfully; and determining whether the operations have been performed by authorized remediation processors.

Abstract: To propagate compliance and governance (C&G) policies, a parser including natural language processing is used to deconstruct a set of organization C&G policies from a set of C&G documents to identify and record a parsed set of categorized C&G policies. A configuration parameter analyzer deconstructs and parses a plurality of C&G configuration parameters of an application program to identify and record a set of application C&G configuration parameters each comprising a purpose and a unit of measure. A reconciliation arranger receives the set of categorized C&G policies and the set of application C&G configuration parameters and maps the categorized C&G policies for the correct purpose and the unit of measure to the respective application C&G configuration parameters. The reconciliation arranger propagates and secures the application program with the respective set of mapped application C&G configuration parameters from mapped C&G policies.

Abstract: An input monitoring agent detects storage of a security record by a security scanning application, encrypts a copy of the security record, and deletes the security record. A secure transfer queue decrypts the encrypted security record, translates the security record for use by a security monitoring application, and encrypts the translated security record. An output monitoring agent predicts when a security monitoring application will attempt to import a new security file, decrypts and stores the encrypted translated security record as the new security file, and deletes the new security file when the security monitoring application has completed importation.

Abstract: Logging of enterprise service bus (ESB) activity includes receiving, from the ESB, information specific to an inter-application message. Control data, provided by an application communicating via the ESB that specifies how the information is to be encrypted for logging and what portions of the information is to be logged is extracted from the information. The information is encrypted in accordance with the control data, and the encrypted information is recorded.

Abstract: In one example, an Enterprise Service Bus (ESB) Sequencer may receive a request token that includes a plurality of ESB requests. The request token may be parsed into a plurality of service frames. Verification confirms a) each of the plurality of ESB requests are valid and corresponding services available and b) sufficient computing resources are available to complete each of the plurality of ESB requests. For each of the service frames an ESB may be called using a requested input source and format provided in the request token for the service frame. The respective output source from the ESB is received and stored. The respective output source may be used as an input source for one or more other service frames. One or more service frame output sources as requested by the request token may be sent to a calling application.

Abstract: Textual indicators are extracted from an electronic document. A rule for monitoring information technology user behavior is generated from the extracted textual indicators.

Abstract: To propagate compliance and governance (C&G) policies, a parser including natural language processing is used to deconstruct a set of organization C&G policies from a set of C&G documents to identify and record a parsed set of categorized C&G policies. A configuration parameter analyzer deconstructs and parses a plurality of C&G configuration parameters of an application program to identify and record a set of application C&G configuration parameters each comprising a purpose and a unit of measure. A reconciliation arranger receives the set of categorized C&G policies and the set of application C&G configuration parameters and maps the categorized C&G policies for the correct purpose and the unit of measure to the respective application C&G configuration parameters. The reconciliation arranger propagates and secures the application program with the respective set of mapped application C&G configuration parameters from mapped C&G policies.

Abstract: In one example, an Enterprise Service Bus (ESB) Sequencer may receive a request token that includes a plurality of ESB requests. The request token may be parsed into a plurality of service frames. Verification confirms a) each of the plurality of ESB requests are valid and corresponding services available and b) sufficient computing resources are available to complete each of the plurality of ESB requests. For each of the plurality of service frames an ESB may be called using a requested input source and format provided in the request token for the service frame. The respective output source from the ESB is received and stored. The respective output source may be used as an input source for one or more other service frames. One or more service frame output sources as requested by the request token may be sent to a calling application.

Abstract: Logging of enterprise service bus (ESB) activity includes receiving, from the ESB, information specific to an inter-application message. Control data, provided by an application communicating via the ESB that specifies how the information is to be encrypted for logging and what portions of the information is to be logged is extracted from the information. The information is encrypted in accordance with the control data, and the encrypted information is recorded.

Abstract: An input monitoring agent detects storage of a security record by a security scanning application, encrypts a copy of the security record, and deletes the security record. A secure transfer queue decrypts the encrypted security record, translates the security record for use by a security monitoring application, and encrypts the translated security record. An output monitoring agent predicts when a security monitoring application will attempt to import a new security file, decrypts and stores the encrypted translated security record as the new security file, and deletes the new security file when the security monitoring application has completed importation.

Abstract: In remediating a computer vulnerability, operations to be performed to correct the vulnerability are identified. Remediation processors are scheduled to perform the operations. Whether the vulnerability has been corrected is determined by: determining whether the operations have been performed successfully; and determining whether the operations have been performed by authorized remediation processors.

Abstract: In one embodiment, a method of implementing trusted compliance operations inside secure computing boundaries comprises receiving, in a secure computing environment, a data envelope from an application operating outside the secure computing environment, the data envelope comprising data and a compliance operation command, verifying, in the secure computing environment, a signature associated with the data envelope, authenticating, in the secure computing environment, the data envelope, notarizing, in the secure computing environment, the application of the command to the data in the envelope, executing the compliance operation in the secure environment; and confirming a result of the compliance operation to a client via trusted communication tunnel.

Abstract: Systems, methods, and apparatus are provided for policy protected cryptographic Application Programming Interfaces (APIs) that are deployed in secure memory. One embodiment is a method of software execution. The method includes executing an application in a first secure memory partition; formatting a request to comply with a pre-defined secure communication protocol; transmitting the request from the application to a cryptographic application programming interface (API) of the application, the API being in a second secure memory partition that is separate and secure from the first secure memory partition; and verifying, in the second secure memory partition, that the request complies with a security policy before executing the request.

Abstract: In one embodiment a secure computer system comprises a processor and a memory module including logic instructions stored on a computer readable medium which. When executed by the processor, the logic instructions configure the processor to receive, in a secure computing environment, a portion of a data log from an application operating outside the secure computing environment, and when the portion of the data log exceeds a size threshold, to assign a timestamp to the portion of the data log, assign an identifier to the portion of the data log, create a digital signature load block comprising the portion of the data log, the timestamp, and the identifier, and store the digital signature load block in a memory module.

Abstract: In one embodiment a secure computer system comprises a processor and a memory module including logic instructions stored on a computer readable medium which. When executed by the processor, the logic instructions configure the processor to receive, in a secure computing environment, a portion of a data log from an application operating outside the secure computing environment, and when the portion of the data log exceeds a size threshold, to assign a timestamp to the portion of the data log, assign an identifier to the portion of the data log, create a digital signature load block comprising the portion of the data log, the timestamp, and the identifier, and store the digital signature load block in a memory module.

Abstract: In one embodiment, a method of implementing trusted compliance operations inside secure computing boundaries comprises receiving, in a secure computing environment, a data envelope from an application operating outside the secure computing environment, the data envelope comprising data and a compliance operation command, verifying, in the secure computing environment, a signature associated with the data envelope, authenticating, in the secure computing environment, the data envelope, notarizing, in the secure computing environment, the application of the command to the data in the envelope, executing the compliance operation in the secure environment; and confirming a result of the compliance operation to a client via trusted communication tunnel.

Abstract: Systems, methods, and apparatus are provided for policy protected cryptographic Application Programming Interfaces (APIs) that are deployed in secure memory. One embodiment is a method of software execution. The method includes executing an application in a first secure memory partition; formatting a request to comply with a pre-defined secure communication protocol; transmitting the request from the application to a cryptographic application programming interface (API) of the application, the API being in a second secure memory partition that is separate and secure from the first secure memory partition; and verifying, in the second secure memory partition, that the request complies with a security policy before executing the request.