Abstract: A computer-implemented method for monitoring the security of a computing network which includes a plurality of hosts and a plurality of edges which link connected hosts. The method comprises capturing and storing first and second network state information at first and second times respectively. The method comprises comparing the first and second network state information to detect a change in the security of the network during the time window between the first and second times. The method further comprises storing security change data which is indicative of the change in the security of the network during the time window for a user to monitor the change in the security of the network.

Abstract: The presently disclosed technology provides a threat-specific network risk evaluation tailored to a client's security objectives. The present technology may include identifying a plurality of threats to a first component of a networked system and assigning a plurality of weighting values to the plurality of threats according to the client's security objectives. The present technology may include identifying a plurality of vulnerabilities of the first component and determining a set of relevant threats for the first vulnerability based on the nature of the vulnerability and the weighting values assigned to the plurality of threats. The set of relevant threats includes one or more of the plurality of threats. The present technology may include determining a set of relevant threats for each of the identified vulnerabilities of the first component and calculating a risk of the first component based on the sets of the relevant threats.

Abstract: The presently disclosed technology provides a threat-specific network risk evaluation tailored to a client's security objectives. The present technology may include identifying a plurality of threats to a first component of a networked system and assigning a plurality of weighting values to the plurality of threats according to the client's security objectives. The present technology may include identifying a plurality of vulnerabilities of the first component and determining a set of relevant threats for the first vulnerability based on the nature of the vulnerability and the weighting values assigned to the plurality of threats. The set of relevant threats includes one or more of the plurality of threats. The present technology may include determining a set of relevant threats for each of the identified vulnerabilities of the first component and calculating a risk of the first component based on the sets of the relevant threats.

Abstract: Certain embodiments may generally relate to controlling access to data held in the cloud. A method for controlling access to data held in the cloud may include determining, at a cloud server, the validity of user credentials received from a user device. The method may also include receiving context data related to the user device based on the validity of the user credentials. The method may further include synchronizing the context data with the cloud server. In addition, the method may include enforcing context-sensitive security checks on requests made by the user for resources based on the sensor data collected by the user device.

Abstract: Certain embodiments may generally relate to controlling access to data held in the cloud. A method for controlling access to data held in the cloud may include determining, at a cloud server, the validity of user credentials received from a user device. The method may also include receiving context data related to the user device based on the validity of the user credentials. The method may further include synchronizing the context data with the cloud server. In addition, the method may include enforcing context-sensitive security checks on requests made by the user for resources based on the sensor data collected by the user device.