Abstract: An email phishing detection mechanism is provided that utilizes machine learning algorithms. The machine learning algorithms are trained on phishing and non-phishing features extracted from a variety of data sets. Embodiments extract embedded URL-based and email body text-based feature sets for training and testing the machine learning algorithms. Embodiments determine the presence of a phishing message through a combination of examining an embedded URL and the body text of the message for the learned feature sets.

Abstract: An email phishing detection mechanism is provided that utilizes machine learning algorithms. The machine learning algorithms are trained on phishing and non-phishing features extracted from a variety of data sets. Embodiments extract embedded URL-based and email body text-based feature sets for training and testing the machine learning algorithms. Embodiments determine the presence of a phishing message through a combination of examining an embedded URL and the body text of the message for the learned feature sets.

Abstract: A method, system and computer-usable medium for providing security friction to a request for access to a resource based on whether the access request is atypical. In certain embodiments, a request to access the resource based on a user identity is received electronically. The system determines whether the request is typical or atypical. If the request is typical, access to the requested resource is granted. However, if the request is atypical, access to the requested resource is only allowed if the correct information is provided in response to one or more access control methods that provide an amount of security friction that would otherwise not have been asserted if the resource request was typical. In certain embodiments, an elapsed time between access requests based on the user identity is used to determine whether the access request is atypical.

Abstract: A method, system, and computer-usable medium are disclosed for, responsive to receipt at a security device of a connection request from a client to a server receiving a message from the client to the server, extracting from a memory associated with the client a secret for performing decryption of application messages communicated from the server to the client, and using the secret to decrypt the application messages to perform at least one of monitoring and inspection of the application messages as decrypted in accordance with a security policy, while allowing the client and the server to maintain an end-to-end connection without intermediate termination at the security device.

Abstract: A method, system and computer-usable medium for providing security friction to a request for access to a resource based on whether the access request is atypical. In certain embodiments, a request to access the resource based on a user identity is received electronically. The system determines whether the request is typical or atypical. If the request is typical, access to the requested resource is granted. However, if the request is atypical, access to the requested resource is only allowed if the correct information is provided in response to one or more access control methods that provide an amount of security friction that would otherwise not have been asserted if the resource request was typical. In certain embodiments, an elapsed time between access requests based on the user identity is used to determine whether the access request is atypical.

Abstract: A system S is defined which is capable of simulating a computer (virtual computer, VC) for the purpose of software performance monitoring. The system is implemented as a set of software modules (SM) that can be exchanged to change the behavior of the VC. The VC is driven by a CPU emulator, and can run any operating system (virtual operating system, VOS) that is supported by the available SM's. The system is designed to log accesses to system resources and the nature of these accesses. The system is particularly useful for determining whether an executable or file contains an unknown virus, with a very low risk of false positives. Detected viruses include encrypted, polymorphic, metamorphic and other virus types.

Abstract: A system S is defined which is capable of simulating a computer (virtual computer, VC) for the purpose of software performance monitoring. The system is implemented as a set of software modules (SM) that can be exchanged to change the behavior of the VC. The VC is driven by a CPU emulator, and can run any operating system (virtual operating system, VOS) that is supported by the available SM's. The system is designed to log accesses to system resources and the nature of these accesses. The system is particularly useful for determining whether an executable or file contains an unknown virus, with a very low risk of false positives. Detected viruses include encrypted, polymorphic, metamorphic and other virus types.

Abstract: A system S is defined which is capable of simulating a computer (virtual computer, VC) for the purpose of software performance monitoring. The system is implemented as a set of software modules (SM) that can be exchanged to change the behavior of the VC. The VC is driven by a CPU emulator, and can run any operating system (virtual operating system, VOS) that is supported by the available SM's. The system is designed to log accesses to system resources and the nature of these accesses. The system is particularly useful for determining whether an executable or file contains an unknown virus, with a very low risk of false positives. Detected viruses include encrypted, polymorphic, metamorphic and other virus types.

Abstract: A system S is defined which is capable of simulating a computer (virtual computer, VC) for the purpose of software performance monitoring. The system is implemented as a set of software modules (SM) that can be exchanged to change the behavior of the VC. The VC is driven by a CPU emulator, and can run any operating system (virtual operating system, VOS) that is supported by the available SM's. The system is designed to log accesses to system resources and the nature of these accesses. The system is particularly useful for determining whether an executable or file contains an unknown virus, with a very low risk of false positives. Detected viruses include encrypted, polymorphic, metamorphic and other virus types.