Abstract: Techniques are provided for processing authorization requests. In some embodiments, an authorization request specifying a non-hierarchical resource can be processed without having to sequentially process the various security policies configured for a collection of resources.

Abstract: Provided are systems, methods, and computer-readable medium for a simulation platform that can generate simulated activity data for testing a security monitoring and control system. In various examples, the simulation platform can parse the activity data from a cloud service to determine the fields associated with each action in the activity data. The simulation platform can then generate a template, where each entry in the template describes an action and the fields associated with the action. The simulation platform can further generate a configuration that describes a test scenario. The simulation platform can use the configuration and the template to generate the particular action, including randomizing some or all of the fields of the action. When input into the security monitoring and control system, the system can operate on the simulated activity data in the same way as when the system ingests live activity data.

Abstract: In various implementations, a security management and control system for monitoring and management of security for cloud services can include automated techniques for identifying the privileged users of a given cloud service. In various examples, the security management and control system can obtain activity logs from the cloud service, where the activity logs record actions performed by users of an organization in using the cloud service. In various examples, the security management and control system can identify actions in the activity logs that are privileged with respect to the cloud service. In these and other examples, the security management and control system can use the actions in the activity log to identify privileged users. Once the privileged users are identified, the security management and control system can monitor the privileged users with a higher degree of scrutiny.

Abstract: Systems and methods for contextual and cross application threat detection in cloud applications in accordance with embodiments of the invention are disclosed. In one embodiment, a method for detecting threat activity in a cloud application using past activity data from cloud applications includes receiving activity data concerning actions performed by a user account associated with a user within a monitored cloud application, receiving external contextual data about the user that does not concern actions performed using the user account within the monitored cloud application, where the external contextual data is retrieved from outside of the monitored cloud application, deriving a baseline user profile using the activity data and external contextual data and associating the baseline user profile with the user account, and determining the likelihood of anomalous activity using the baseline user profile.

Abstract: Systems and methods for cloud security monitoring and threat intelligence in accordance with embodiments of the invention are disclosed. In one embodiment, a process for monitoring and remediation of security threats includes generating a threat model using a first portion of activity data, identifying, based upon the threat model, a threat using a second portion of activity data, selecting a security policy to implement in response to the identified threat, identifying cloud security controls in a remotely hosted cloud application server system to modify in accordance with the selected security policy, establishing a secure connection to the remotely hosted cloud application server system using login credentials associated with a tenant account with the cloud application, and sending instructions to the remotely hosted cloud application server system to set the identified cloud security controls with respect to the tenant account in accordance with the selected security policy.

Abstract: Techniques for discovery and management of applications in a computing environment of an organization are disclosed. A security management system discovers use of applications within a computing environment to manage access to applications for minimizing security threats and risks in a computing environment of the organization. The security management system can obtain network data about network traffic to identify unique applications. The security management system can perform analysis and correlation, including use of one or more data sources, to determine information about an application. The system can compute a measure of security for an application (“an application risk score”) and a user (“a user risk score”). The score may be analyzed to determine a threat of security posed by the application based on use of the application. The security system can perform one or more instructions to configure access permitted by an application, whether access is denied or restricted.

Abstract: Systems and methods for cloud security monitoring and threat intelligence in accordance with embodiments of the invention are disclosed. In one embodiment, a process for monitoring and remediation of security threats includes generating a threat model using a first portion of activity data, identifying, based upon the threat model, a threat using a second portion of activity data, selecting a security policy to implement in response to the identified threat, identifying cloud security controls in a remotely hosted cloud application server system to modify in accordance with the selected security policy, establishing a secure connection to the remotely hosted cloud application server system using login credentials associated with a tenant account with the cloud application, and sending instructions to the remotely hosted cloud application server system to set the identified cloud security controls with respect to the tenant account in accordance with the selected security policy.

Abstract: Techniques are provided for processing authorization requests. In some embodiments, an authorization request specifying a non-hierarchical resource can be processed without having to sequentially process the various security policies configured for a collection of resources.

Abstract: Improved techniques are provided for processing authorization requests. In some embodiments, an authorization request specifying a non-hierarchical resource can be processed without having to sequentially process the various security policies configured for a collection of resources.

Abstract: Systems and methods for contextual and cross application threat detection in cloud applications in accordance with embodiments of the invention are disclosed. In one embodiment, a method for detecting threat activity in a cloud application using past activity data from cloud applications includes receiving activity data concerning actions performed by a user account associated with a user within a monitored cloud application, receiving external contextual data about the user that does not concern actions performed using the user account within the monitored cloud application, where the external contextual data is retrieved from outside of the monitored cloud application, deriving a baseline user profile using the activity data and external contextual data and associating the baseline user profile with the user account, and determining the likelihood of anomalous activity using the baseline user profile.

Abstract: Improved techniques are provided for processing authorization requests. In some embodiments, an authorization request specifying a hierarchical resource can be processed without having to sequentially process the various security policies configured for a collection of resources.

Abstract: Systems and methods for cloud security monitoring and threat intelligence in accordance with embodiments of the invention are disclosed. In one embodiment, a process for monitoring and remediation of security threats includes generating a threat model using a first portion of activity data, identifying, based upon the threat model, a threat using a second portion of activity data, selecting a security policy to implement in response to the identified threat, identifying cloud security controls in a remotely hosted cloud application server system to modify in accordance with the selected security policy, establishing a secure connection to the remotely hosted cloud application server system using login credentials associated with a tenant account with the cloud application, and sending instructions to the remotely hosted cloud application server system to set the identified cloud security controls with respect to the tenant account in accordance with the selected security policy.

Abstract: Improved techniques are provided for processing authorization requests. In some embodiments, an authorization request specifying a non-hierarchical resource can be processed without having to sequentially process the various security policies configured for a collection of resources.

Abstract: Improved techniques are provided for processing authorization requests. In some embodiments, an authorization request specifying a hierarchical resource can be processed without having to sequentially process the various security policies configured for a collection of resources.

Abstract: A system and method for policy based provisioning in a computing environment. In an example embodiment, the system is adapted to selectively allocate usage rights and access privileges to computing resources of a computing environment. The system includes a provisioning policy; a centralized resource provisioning module; one or more applications in communication with the centralized resource provisioning module; and software running on the resource provisioning module, wherein the software is adapted to initiate selective provisioning of computing resources offered by the one or more applications to a user in accordance with the provisioning policy.

Abstract: One embodiment of the present invention provides a system that provides access to an application-resource. During operation, the system receives a request to access an application-resource associated with an application, wherein the request is received at an application-server that hosts the application. The system then determines an authentication-level required to access the application-resource. Next, the system sends the required authentication-level to an authentication-server. In response, the system receives an authentication-response from the authentication-server. Next, the system determines if the authentication-response specifies that the user is authenticated to access the application-resource. If so, the system grants the user access to the application-resource. One embodiment of the present invention provides a system that provides an authentication-token associated with a lower authentication-level in response to an authentication-token associated with a higher authentication-level expiring.

Abstract: A system and method for policy based provisioning in a computing environment. In an example embodiment, the system is adapted to selectively allocate usage rights and access privileges to computing resources of a computing environment. The system includes a provisioning policy; a centralized resource provisioning module; one or more applications in communication with the centralized resource provisioning module; and software running on the resource provisioning module, wherein the software is adapted to initiate selective provisioning of computing resources offered by the one or more applications to a user in accordance with the provisioning policy.

Abstract: One embodiment of the present invention provides a system that performs single sign-on to web applications using dynamic directives. The system operates by first receiving a request at an application to provide content to a user. In response to the request, the application provides public content to the user. Upon receiving a request from the user to access private content, the application sends a dynamic directive to a web module that can access a single sign-on server on behalf of the application, wherein the dynamic directive specifies that an authentication credential is required from the user. Next, the application allows the web module to request the authentication credential from the single sign-on server on behalf of the application. When the authentication credential is received from the single sign-on server, the application provides the private content to the user.

Abstract: One embodiment of the present invention provides a system that provides access to an application-resource. During operation, the system receives a request to access an application-resource associated with an application, wherein the request is received at an application-server that hosts the application. The system then determines an authentication-level required to access the application-resource. Next, the system sends the required authentication-level to an authentication-server. In response, the system receives an authentication-response from the authentication-server. Next, the system determines if the authentication-response specifies that the user is authenticated to access the application-resource. If so, the system grants the user access to the application-resource. One embodiment of the present invention provides a system that provides an authentication-token associated with a lower authentication-level in response to an authentication-token associated with a higher authentication-level expiring.

Abstract: One embodiment of the present invention provides a system that facilitates single sign-on services in a wireless environment. The system operates by receiving a request at an application server from a wireless gateway to access a partner application on behalf of a user. The system then determines if the wireless gateway holds a token granting access to the partner application on behalf of the user. If the wireless gateway does not hold the token, the system redirects the request to a single sign-on server. The single sign-on server then requests user authentication credentials from the user through the wireless gateway. After receiving the user authentication credentials, the system determines if the user is authorized to access the partner application. If so, the single sign-on server issues a token to the wireless gateway. This token grants wireless gateway access to the partner application on behalf of the user.