Abstract: Systems and methods for testing Signature Pattern Matching (SPM) for a new signature associated with a cloud-based security system with a plurality of nodes and a testing node include operating the testing node with a same management software and SPM library as the plurality of nodes; obtaining a new signature derived to detect malicious content; compiling the new signature in the SPM library for the testing node; implementing one or more test cases related to the malicious content to analyze behavior of the testing node with the SPM library containing the new signature; and, responsive to success in the one or more test cases, providing the SPM library to the plurality of nodes for detection of the malicious content.

Abstract: Systems and method implemented through a distributed security system for determining and addressing risk of users, groups of users, locations, and/or companies include obtaining log data from the distributed security system; analyzing the log data to obtain a risk score for an entity associated with the distributed security system, wherein the entity comprises one of a user, a group of users, a location, and a company, and wherein the risk score is a weighted combination of pre-infection behavior, post-infection behavior, and suspicious behavior; performing one or more remedial actions for the entity; and subsequently obtaining updated log data and analyzing the updated log data to obtain an updated risk score to determine efficacy of the one or more remedial actions.

Abstract: Systems and methods for testing Signature Pattern Matching (SPM) for a new signature associated with a cloud-based security system with a plurality of nodes and a testing node include operating the testing node with a same management software and SPM library as the plurality of nodes; obtaining a new signature derived to detect malicious content; compiling the new signature in the SPM library for the testing node; implementing one or more test cases related to the malicious content to analyze behavior of the testing node with the SPM library containing the new signature; and, responsive to success in the one or more test cases, providing the SPM library to the plurality of nodes for detection of the malicious content.

Abstract: Systems and method are implemented by one or more servers associated with a cloud-based security system, for determining security risks of entities including users or groups of users associated with the cloud-based security system and optimizing remediation based thereon. The method includes maintaining logs of transactions through the cloud-based security system; obtaining a plurality of attributes from the transactions while excluding impossible comparison items from the transactions; performing empirical scoring on normalizing the plurality of attributes for ranking risky entities; identifying the risky entities based on one of the empirical scoring and analytics; and updating policies and/or monitoring in the cloud-based system based on the identifying.

Abstract: Systems and method implemented through a distributed security system for determining and addressing risk of users, groups of users, locations, and/or companies include obtaining log data from the distributed security system; analyzing the log data to obtain a risk score for an entity associated with the distributed security system, wherein the entity comprises one of a user, a group of users, a location, and a company, and wherein the risk score is a weighted combination of pre-infection behavior, post-infection behavior, and suspicious behavior; performing one or more remedial actions for the entity; and subsequently obtaining updated log data and analyzing the updated log data to obtain an updated risk score to determine efficacy of the one or more remedial actions.

Abstract: Systems and method are implemented by one or more servers associated with a cloud-based security system, for determining security risks of entities including users or groups of users associated with the cloud-based security system and optimizing remediation based thereon. The method includes maintaining logs of transactions through the cloud-based security system; obtaining a plurality of attributes from the transactions while excluding impossible comparison items from the transactions; performing empirical scoring on normalizing the plurality of attributes for ranking risky entities; identifying the risky entities based on one of the empirical scoring and analytics; and updating policies and/or monitoring in the cloud-based system based on the identifying.