Abstract: This disclosure describes many innovations including but not limited to systems, methods, and non-transitory computer readable media containing instructions for managing permission policies.

Abstract: Systems, methods, and non-transitory computer readable media including instructions for determining utilized permissions in a cloud computing environment.

Abstract: Transparently identifying users using a shared VPN tunnel uses an innovative method to detect a user of a shared VPN tunnel, after authenticating the user, using an assigned userid (that may be a virtual IP). The virtual IP is used as a cookie in each request made by the user. This cookie is an authentication token used by the gateway to detect the user behind a specific request for an Internet resource (such as an http/s request). The cookie is stripped by the gateway so the cookie is not sent to the resource.

Abstract: Detecting and preventing phishing attacks in real-time features protection of users from feeding sensitive data to phishing sites, educating users for theft awareness, and protecting enterprise credentials. A requested document traversing a gateway is embedded with a detection module. When a user accesses the document, the embedded detection module is executed in the context of the document, checks if the document is prompting the user for sensitive information, determining if the document is part of a phishing attack, and initiates mitigation, warning, and/or education techniques.

Abstract: Methods and systems provide mechanisms for inspection devices, such as firewalls and servers and computers associated therewith, to selectively manipulate files, for which a download has been requested. The manipulation is performed in a manner which is transparent to the requesting user.

Abstract: Transparently identifying users using a shared VPN tunnel uses an innovative method to detect a user of a shared VPN tunnel, after authenticating the user, using an assigned userid (that may be a virtual IP). The virtual IP is used as a cookie in each request made by the user. This cookie is an authentication token used by the gateway to detect the user behind a specific request for an Internet resource (such as an http/s request). The cookie is stripped by the gateway so the cookie is not sent to the resource.

Abstract: Cyber security protection from, and avoiding inspection bypass, in network communication connections, in particular due to DNS poisoning or HTTP HOST header spoofing includes receiving a request for a resource. Typically, the request is received by a proxy from a web browser on a client for a web page on a server. The request is communicated via transport layer security (TLS) protocol. The TLS protocol includes a server name indication (SNI) extension and the SNI extension includes a first location of the resource. A connection is initiated, by the proxy, to the first location (included in said SNI extension), ignoring a second location in the original request.

Abstract: Actively and passively monitoring current network security threats and impact, to evaluate and maintain cyber security includes using an innovative combination of threat feed, impact assessment, client profile, security policy, and vulnerability report to determine impact of malware, evaluate and maintain security policy, decrease vulnerability, and dynamically implement solutions to prevent malware attacks. Constantly re-evaluating the customer's cyber security implementation facilitates dynamic tuning of cyber security implementation.

Abstract: Methods and systems provide mechanisms for inspection devices, such as firewalls and servers and computers associated therewith, to modify HTTP requests, without requiring the inspection device to terminate the connections at the TCP (Transport Control Protocol) level, as occurs with contemporary web proxies, e.g., web proxy servers—either explicit or implicit proxies.

Abstract: Detecting and preventing phishing attacks in real-time features protection of users from feeding sensitive data to phishing sites, educating users for theft awareness, and protecting enterprise credentials. A requested document traversing a gateway is embedded with a detection module. When a user accesses the document, the embedded detection module is executed in the context of the document, checks if the document is prompting the user for sensitive information, determining if the document is part of a phishing attack, and initiates mitigation, warning, and/or education techniques.

Abstract: Detecting and preventing phishing attacks in real-time features protection of users from feeding sensitive data to phishing sites, educating users for theft awareness, and protecting enterprise credentials. A requested document traversing a gateway is embedded with a detection module. When a user accesses the document, the embedded detection module is executed in the context of the document, checks if the document is prompting the user for sensitive information, determining if the document is part of a phishing attack, and initiates mitigation, warning, and/or education techniques.

Abstract: Methods and systems provide mechanisms for inspection devices, such as firewalls and servers and computers associated therewith, to selectively manipulate files, for which a download has been requested. The manipulation is performed in a manner which is transparent to the requesting user.

Abstract: Methods and systems provide mechanisms for inspection devices, such as firewalls and servers and computers associated therewith, to modify HTTP requests, without requiring the inspection device to terminate the connections at the TCP (Transport Control Protocol) level, as occurs with contemporary web proxies, e.g., web proxy servers—either explicit or implicit proxies.

Abstract: Methods and systems for blocking reception of digital content elements by devices are disclosed. These methods and systems comprise elements of hardware and software for, receiving an electronic communication including at least one digital document; determining the content type of the at least one digital document; based on the content type of the at least one digital document, modifying the digital content of the digital document so as to selectively disable functionality of the digital document; and, enabling the subsequent processing of the electronic communication including the at least one digital document with the modified digital content.

Abstract: A computer-readable storage medium has embedded thereon non-transient computer-readable code for controlling access to a protected computer network, by intercepting packets that are being exchanged between a computer system and the protected network, and then, for each intercepted packet, identifying the associated application that is running on the computer system, determining whether the application is trusted, for example according to a white list or according to a black list, and disposing of the packet accordingly.

Abstract: A user device generates a key for encrypting and decrypting data of an application suite, uses a long secret to encrypt the key, and stores the key locally only as encrypted. The key is stored, along with a user-provided short secret, in a non-volatile memory of a server. Preferably, the key is generated only if an indication is received from the server that the long secret is identical to a reference long secret. The user obtains the key either by presenting the short secret to the server or by presenting the long secret to the user device to enable the user device to decrypt the encrypted key.

Abstract: A computer-readable storage medium has embedded thereon non-transient computer-readable code for controlling access to a protected computer network, by intercepting packets that are being exchanged between a computer system and the protected network, and then, for each intercepted packet, identifying the associated application that is running on the computer system, determining whether the application is trusted, for example according to a white list or according to a black list, and disposing of the packet accordingly.

Abstract: A method for securing a server undergoing data communication with a remote client computer in a client/server network. The method includes requesting an application by a user of the remote client computer. In response to the request, the server transmits a module which runs on the remote client computer. When run, the module collects client information regarding the client computer and based on the collected client information selects one or more security mechanisms, preferably including one encryption mechanism and runs the security mechanisms on the remote client computer.