Abstract: An approach is provided that identifies Internet of Things (IoT) network anomalies. The approach receives IoT endpoint device data at an attestation entity included in the network. The data is logged to a secured ledger and analyzed. Conditions pertaining to the IoT endpoint devices are analyzed with the analysis being based on a set of network policy data. Based on the analysis, the approach detects network anomalies that correspond to the IoT endpoint devices. These network anomalies and their corresponding IoT endpoint devices are then reported.

Abstract: An approach is provided that enhances computer system security. In the approach, a set of users is authorized to be notified when any of a selected set of activities occurs on the user's account. When the system detects that one of the activities has occurred on the account, a notification is sent to the set of authorized users. The set of users may individually send a responsive security response to protect the user's account. Responsive to receiving the security response from one of the set of users, a security action is performed that is anticipated to protect the user's account.

Abstract: One or more processors mark a set of data fields associated with a first trigger in a first trigger-action pair with a taint, where a trigger event triggers an action event in a trigger-action pair. One or more processors mark a first action associated with the first trigger-action pair with the taint, and detect a second trigger associated with a second trigger-action pair. One or more processors then propagate the taint from the first trigger-action pair to the second trigger, and prevent a second action associated with the second trigger-action pair in response to detecting the taint in the second trigger.

Abstract: An approach is provided that provides data protection in a mobile device. The approach monitors a set of sensor data at the mobile device to determine a current context of the mobile device. Sensor data can include data pertaining to the external environment as well as to the user's current interaction with the device. In response to determining a negative current context of the mobile device, the approach deletes an encryption/decryption key from the mobile device rendering the encrypted data on the device inaccessible to malevolent users and data thieves.

Abstract: An approach is provided that enhances computer system security. In the approach, a set of users is authorized to be notified when any of a selected set of activities occurs on the user's account. When the system detects that one of the activities has occurred on the account, a notification is sent to the set of authorized users. The set of users may individually send a responsive security response to protect the user's account. Responsive to receiving the security response from one of the set of users, a security action is performed that is anticipated to protect the user's account.

Abstract: An approach is provided that enhances computer system security. In the approach, a set of users is authorized to be notified when any of a selected set of activities occurs on the user's account. When the system detects that one of the activities has occurred on the account, a notification is sent to the set of authorized users. The set of users may individually send a responsive security response to protect the user's account. Responsive to receiving the security response from one of the set of users, a security action is performed that is anticipated to protect the user's account.

Abstract: An approach is provided that identifies Internet of Things (IoT) network anomalies. The approach receives IoT endpoint device data at an attestation entity included in the network. The data is logged to a secured ledger and analyzed. Conditions pertaining to the IoT endpoint devices are analyzed with the analysis being based on a set of network policy data. Based on the analysis, the approach detects network anomalies that correspond to the IoT endpoint devices. These network anomalies and their corresponding IoT endpoint devices are then reported.

Abstract: Mechanisms are provided to detect a potentially fraudulent voice conversation. The mechanisms process a corpus of electronic information to extract a fraud feature representative of at least one fraudulent activity, receive a first voice input from a user, and convert the first voice input into a textual representation of the first voice input and a set of behavioral speech characteristics associated with the user. The mechanisms generate a speech model for the user based on the textual representation and the behavioral speech characteristics, receive a second voice input from an entity requesting access to resources associated with the user, and evaluate the second voice input based on the speech model for the user and the fraud feature. The mechanisms generate an output indicating whether or not the entity is the user based on results of the evaluation.

Abstract: One or more processors mark a set of data fields associated with a first trigger in a first trigger-action pair with a taint, where a trigger event triggers an action event in a trigger-action pair. One or more processors mark a first action associated with the first trigger-action pair with the taint, and detect a second trigger associated with a second trigger-action pair. One or more processors then propagate the taint from the first trigger-action pair to the second trigger, and prevent a second action associated with the second trigger-action pair in response to detecting the taint in the second trigger.

Abstract: Dynamic risk communication associated with a computer device may include automatically detecting one or more security risk factors for the computer device based on current context information associated with the computer device. Whether an attempt is being made via the computer device to manipulate the one or more risk factors in an attempt to reduce a security level of a computer-implemented authentication procedure may be determined. Responsive to determining that the attempt is being made to manipulate the one or more risk factors, a new challenge for additional identification may be communicated for presentation on a user interface device of the computer device while suppressing one or more security risk factors from being presented on the user interface device. Responsive to determining that an attempt is not being made to manipulate the one or more risk factors, the new challenge and one or more security risk factors may be communicated.

Abstract: An approach is provided that receives audible signals from a microphone at a device. The approach compares the received audible signals to an expected audio signal, with the expected audio signal being a first segment playing at the device. A determination is made whether, based on the comparison, the first segment was played at an audible level at the device. If the first segment was audibly played, then the approach plays additional audible content (a second segment, etc.). On the other hand, if the first segment was inaudible, then the approach inhibits further playing of audible content, such as the second segment.

Abstract: Mechanisms are provided to detect a potentially fraudulent voice conversation. The mechanisms process a corpus of electronic information to extract a fraud feature representative of at least one fraudulent activity, receive a first voice input from a user, and convert the first voice input into a textual representation of the first voice input and a set of behavioral speech characteristics associated with the user. The mechanisms generate a speech model for the user based on the textual representation and the behavioral speech characteristics, receive a second voice input from an entity requesting access to resources associated with the user, and evaluate the second voice input based on the speech model for the user and the fraud feature. The mechanisms generate an output indicating whether or not the entity is the user based on results of the evaluation.

Abstract: An approach is provided that enhances computer system security. In the approach, a set of users is authorized to be notified when any of a selected set of activities occurs on the user's account. When the system detects that one of the activities has occurred on the account, a notification is sent to the set of authorized users. The set of users may individually send a responsive security response to protect the user's account. Responsive to receiving the security response from one of the set of users, a security action is performed that is anticipated to protect the user's account.

Abstract: Embodiments include a network data collection and response system for enhancing security in an enterprise network providing a user-supplied computing device with access to the network. A network data collection and response system tracks network activity of the device and maintains a device inventory recording the device type and configuration information for the device along with a resource utilization profile for the device. The network data collection and response system detects high-risk or unauthorized network activity involving the device through passive monitoring without utilization of a data monitoring agent installed on the device and implements a response action to mitigate the high-risk or unauthorized network.

Abstract: Generating a behavior profile is provided. A newness score is calculated for a data point corresponding to a context of an access request to a resource made by a user of a client device. Newness scores for a plurality of data points corresponding to contexts of a plurality of access requests are aggregated to form an aggregated newness score. In response to determining that the aggregated newness score is greater than or equal to a pre-defined newness score threshold, data points stored in a data point cache and a long-term storage are used to generate a new behavior profile for the user or update an existing behavior profile for the user.

Abstract: An approach is provided that provides data protection in a mobile device. The approach monitors a set of sensor data at the mobile device to determine a current context of the mobile device. Sensor data can include data pertaining to the external environment as well as to the user's current interaction with the device. In response to determining a negative current context of the mobile device, the approach deletes an encryption/decryption key from the mobile device rendering the encrypted data on the device inaccessible to malevolent users and data thieves.

Abstract: Dynamic risk communication associated with a computer device may include automatically detecting one or more security risk factors for the computer device based on current context information associated with the computer device. Whether an attempt is being made via the computer device to manipulate the one or more risk factors in an attempt to reduce a security level of a computer-implemented authentication procedure may be determined. Responsive to determining that the attempt is being made to manipulate the one or more risk factors, a new challenge for additional identification may be communicated for presentation on a user interface device of the computer device while suppressing one or more security risk factors from being presented on the user interface device. Responsive to determining that an attempt is not being made to manipulate the one or more risk factors, the new challenge and one or more security risk factors may be communicated.

Abstract: Dynamic risk communication associated with a computer device may include automatically detecting one or more security risk factors for the computer device based on current context information associated with the computer device. Whether an attempt is being made via the computer device to manipulate the one or more risk factors in an attempt to reduce a security level of a computer-implemented authentication procedure may be determined. Responsive to determining that the attempt is being made to manipulate the one or more risk factors, a new challenge for additional identification may be communicated for presentation on a user interface device of the computer device while suppressing one or more security risk factors from being presented on the user interface device. Responsive to determining that an attempt is not being made to manipulate the one or more risk factors, the new challenge and one or more security risk factors may be communicated.

Abstract: Dynamic risk communication associated with a computer device may include automatically detecting one or more security risk factors for the computer device based on current context information associated with the computer device. Whether an attempt is being made via the computer device to manipulate the one or more risk factors in an attempt to reduce a security level of a computer-implemented authentication procedure may be determined. Responsive to determining that the attempt is being made to manipulate the one or more risk factors, a new challenge for additional identification may be communicated for presentation on a user interface device of the computer device while suppressing one or more security risk factors from being presented on the user interface device. Responsive to determining that an attempt is not being made to manipulate the one or more risk factors, the new challenge and one or more security risk factors may be communicated.

Abstract: Generating a behavior profile is provided. A newness score is calculated for a data point corresponding to a context of an access request to a resource made by a user of a client device. Newness scores for a plurality of data points corresponding to contexts of a plurality of access requests are aggregated to form an aggregated newness score. In response to determining that the aggregated newness score is greater than or equal to a pre-defined newness score threshold, data points stored in a data point cache and a long-term storage are used to generate a new behavior profile for the user or update an existing behavior profile for the user.