Abstract: Cybersecurity is improved by automatically finding underutilized access capabilities. Some embodiments obtain an access capability specification, gather access attempt data, and computationally determine that the access capability has not been exercised sufficiently, based on an access capability exercise sufficiency criterion. Security is then enhanced by automatically producing a recommendation to harden a guarded computing system by reducing, disabling, or deleting the insufficiently exercised access capability. In some cases, security enhancement is performed by automatically hardening the guarded computing system. Access capability exercise sufficiency determination may be based on fixed, statistical, or learned time period thresholds or activity level thresholds, or on a combination thereof using confidence levels. Thresholds are compared to a detected time period value or a detected activity level value that is derived from the access attempt data, to determine exercise sufficiency.

Abstract: Cybersecurity is improved by automatically finding underutilized access capabilities. Some embodiments obtain an access capability specification, gather access attempt data, and computationally determine that the access capability has not been exercised sufficiently, based on an access capability exercise sufficiency criterion. Security is then enhanced by automatically producing a recommendation to harden a guarded computing system by reducing, disabling, or deleting the insufficiently exercised access capability. In some cases, security enhancement is performed by automatically hardening the guarded computing system. Access capability exercise sufficiency determination may be based on fixed, statistical, or learned time period thresholds or activity level thresholds, or on a combination thereof using confidence levels. Thresholds are compared to a detected time period value or a detected activity level value that is derived from the access attempt data, to determine exercise sufficiency.

Abstract: Systems, methods, and computer-readable storage media are provided for authenticating users to secure services or apps utilizing reversed, hands-free and/or continuous two-factor authentication. When a user desires to access a secure service or app for which s/he is already registered, the user, having a registered mobile computing device in proximity to his or her presence, comes within a threshold distance of a computing device that includes the desired secure service or app. The computing device authenticates the particular mobile computing device as associated with the particular registered user that utilized that mobile device during registration. Subsequent to such device authentication, the user is able to login to the service or app by simply providing his or her user credentials at a login form associated therewith. Two-factor authentication in accordance with embodiments hereof is more secure and more efficient that traditional authentication methodologies.

Abstract: A system for detecting a targeted attack by a first machine on a second machine is provided. The system includes an application including instructions to: according to first parameters, group alerts for attacking machines; each group of alerts corresponds to attacks performed by a respective one of the attacking machines, and each of the alerts is indicative of a possible attack performed by one of the attacking machines; according to second parameters, group metadata corresponding to attacked machines implementing cloud applications; based on the group of metadata corresponding to the second machine and one or more co-factors, evaluate one or more alerts corresponding to attacks performed by the first machine on the second machine relative to alerts associated with attacks performed by the first machine on other machines or attacks performed by the attacking machines; and alert the second machine of the targeted attack.

Abstract: A system for detecting a targeted attack by a first machine on a second machine is provided. The system includes an application including instructions to: according to first parameters, group alerts for attacking machines; each group of alerts corresponds to attacks performed by a respective one of the attacking machines, and each of the alerts is indicative of a possible attack performed by one of the attacking machines; according to second parameters, group metadata corresponding to attacked machines implementing cloud applications; based on the group of metadata corresponding to the second machine and one or more co-factors, evaluate one or more alerts corresponding to attacks performed by the first machine on the second machine relative to alerts associated with attacks performed by the first machine on other machines or attacks performed by the attacking machines; and alert the second machine of the targeted attack.

Abstract: Systems, methods, and computer-readable storage media are provided for authenticating users to secure services or apps utilizing reversed, hands-free and/or continuous two-factor authentication. When a user desires to access a secure service or app for which s/he is already registered, the user, having a registered mobile computing device in proximity to his or her presence, comes within a threshold distance of a computing device that includes the desired secure service or app. The computing device authenticates the particular mobile computing device as associated with the particular registered user that utilized that mobile device during registration. Subsequent to such device authentication, the user is able to login to the service or app by simply providing his or her user credentials at a login form associated therewith. Two-factor authentication in accordance with embodiments hereof is more secure and more efficient that traditional authentication methodologies.