Abstract: A method for classifying a suspicious text is disclosed. The method includes intercepting a suspicious text message having information data sent between a first and second user device. The method includes applying a hashing function to the information data to generate hashed information data, and storing the hashed information data in one or more of a plurality of network nodes in a blockchain network, where the plurality of network nodes form a distributed network configured to maintain a blockchain, and where each network node of the blockchain network comprises a blockchain processor configured to distribute the hashed information data among the plurality of network nodes. The method includes comparing the hashed information data to known hashed sensitive data stored in a database, and classifying the information data associated with the suspicious text message as containing sensitive data based on the comparison.

Abstract: A method for classifying a suspicious text message on a user device is disclosed. The method includes communicating between a classification processor and a user device, where the classification processor receives the suspicious text message from the user device, the suspicious text message having information data. The method includes applying a hashing function to the information data to generate hashed information data. The method includes storing the hashed information data in one or more of a plurality of network nodes in a blockchain network, and comparing the hashed information data to known hashed malicious data stored on a database. The method includes classifying the information data as containing malicious data based on the comparison.

Abstract: Embodiments of the invention are directed to systems, methods, and computer program products for utilizing machine learning to predict future deceitful domain names and determine preferred security responses. As such, the system allows for use of a machine learning engine to collect new domain name registration information from a plurality of sources and predict future name registrations associated with said sources. A single user may register deceitful domain names through a plurality of domain name registration systems. By collecting data from multiple servers, the system may identify data trends and generate predictions of future domain names independently of any individual server. Thus, the system may benefit a number of entities, by providing real-time data analysis that would not be obtainable by any one entity operating alone.

Abstract: A method includes determining a first number of logs of a first log type that are generated by a first data store at a first time for a first time interval. A first baseline number and a first threshold value are determined for the first data store. The first baseline number is an expected number of logs of the first log type generated by the first data store at the first time for the first time interval. In response to determining that the first number of logs differs from the first baseline number by more than the first threshold value, the first data store and the first log type are identified as degraded. A report is generated. The report includes an identification that the first data store is degraded and an identification that the first log type is degraded.

Abstract: A system determines baseline deployment properties of operating system deployments stored by a deployment repository and endpoint deployment properties of a deployed operating system executed by an endpoint device. An artificial intelligence model is configured to determine a security response based at least in part on the endpoint deployment properties of the endpoint device. By providing the endpoint deployment properties to the artificial intelligence model, a mismatch value is determined that corresponds to an amount that the endpoint deployment properties are different than the baseline deployment properties. Based on the mismatch value, an action is determined to improve security of the deployed operating system executed by the endpoint device. The determined action is executed to improve security of the deployed operating system.

Abstract: Embodiments of the invention are directed to systems, methods, and computer program products for utilizing machine learning to predict future deceitful domain names and determine preferred security responses. As such, the system allows for use of a machine learning engine to collect new domain name registration information from a plurality of sources and predict future name registrations associated with said sources. A single user may register deceitful domain names through a plurality of domain name registration systems. By collecting data from multiple servers, the system may identify data trends and generate predictions of future domain names independently of any individual server. Thus, the system may benefit a number of entities, by providing real-time data analysis that would not be obtainable by any one entity operating alone.

Abstract: A system determines baseline deployment properties of operating system deployments stored by a deployment repository and endpoint deployment properties of a deployed operating system executed by an endpoint device. An artificial intelligence model is configured to determine a security response based at least in part on the endpoint deployment properties of the endpoint device. By providing the endpoint deployment properties to the artificial intelligence model, a mismatch value is determined that corresponds to an amount that the endpoint deployment properties are different than the baseline deployment properties. Based on the mismatch value, an action is determined to improve security of the deployed operating system executed by the endpoint device. The determined action is executed to improve security of the deployed operating system.

Abstract: Embodiments of the invention are directed to systems, methods and computer program products for automated collection of user-specified forensic data from a target computer associated with a case. In particular, embodiments herein disclosed provide for a system that is configured to provide a user interface to allow a user to select a target computer within a network, select one or more user profiles associated with the target computer, and specify one or more types of forensic data to be collected from the target computer. The system is also configured to create a subfolder in a folder linked to the case and one or more files in the subfolder for storing the user-specified data; connect the computer apparatus to the target computer; and collect the specified data and save the collected data to the files.

Abstract: Embodiments of the invention are directed to systems, methods and computer program products for automated collection of user-specified forensic data from a target computer associated with a case. In particular, embodiments herein disclosed provide for a system that is configured to provide a user interface to allow a user to select a target computer within a network, select one or more user profiles associated with the target computer, and specify one or more types of forensic data to be collected from the target computer. The system is also configured to create a subfolder in a folder linked to the case and one or more files in the subfolder for storing the user-specified data; connect the computer apparatus to the target computer; and collect the specified data and save the collected data to the files.