Abstract: Techniques for providing data loss prevention, including data exfiltration prevention and crypto-ransomware prevention, are provided. In some embodiments, a slack-space file system is created by using a modified packing algorithm to increase and/or optimize an amount of slack space created by files stored in a standard file system. A program for accessing and indexing the slack-space file system may be stored, and requests by a user to store data on a storage medium of a computer system may cause the information to be stored in the slack-space file system, where it may be protected from destructive malware that operates solely on the standard file system. In some embodiments, sensitive information may be hidden by storing the information in an alternate data stream of a file and by replacing the information in the unnamed data stream of the file with non-sensitive information that may appear to be sensitive.

Abstract: Techniques for providing data loss prevention, including data exfiltration prevention and crypto-ransomware prevention, are provided. In some embodiments, a slack-space file system is created by using a modified packing algorithm to increase and/or optimize an amount of slack space created by files stored in a standard file system. A program for accessing and indexing the slack-space file system may be stored, and requests by a user to store data on a storage medium of a computer system may cause the information to be stored in the slack-space file system, where it may be protected from destructive malware that operates solely on the standard file system. In some embodiments, sensitive information may be hidden by storing the information in an alternate data stream of a file and by replacing the information in the unnamed data stream of the file with non-sensitive information that may appear to be sensitive.

Abstract: Techniques for providing network security and anomaly detection are disclosed. In some embodiments, network traffic may be monitored in order to create a model of network traffic over a first period of time. Based on the model of network traffic, one or more inflated files may be created and stored on a system, wherein the inflated files are of a sufficient file size such that attempts to exfiltrate one or more of the files may be detected based by network monitoring tools. The inflated files may further include one or more indicators of sensitivity, including indicators of the presence of sensitive information that is not actually included in the inflated files. Network traffic characteristics may then be repeatedly or continuously monitored in order to update the size of the one or more inflated files based on changes in network traffic characteristics.

Abstract: Techniques for providing data loss prevention, including data exfiltration prevention and crypto-ransomware prevention, are provided. In some embodiments, a slack-space file system is created by using a modified packing algorithm to increase and/or optimize an amount of slack space created by files stored in a standard file system. A program for accessing and indexing the slack-space file system may be stored, and requests by a user to store data on a storage medium of a computer system may cause the information to be stored in the slack-space file system, where it may be protected from destructive malware that operates solely on the standard file system. In some embodiments, sensitive information may be hidden by storing the information in an alternate data stream of a file and by replacing the information in the unnamed data stream of the file with non-sensitive information that may appear to be sensitive.

Abstract: Techniques for providing data loss prevention, including data exfiltration prevention and crypto-ransomware prevention, are provided. In some embodiments, a slack-space file system is created by using a modified packing algorithm to increase and/or optimize an amount of slack space created by files stored in a standard file system. A program for accessing and indexing the slack-space file system may be stored, and requests by a user to store data on a storage medium of a computer system may cause the information to be stored in the slack-space file system, where it may be protected from destructive malware that operates solely on the standard file system. In some embodiments, sensitive information may be hidden by storing the information in an alternate data stream of a file and by replacing the information in the unnamed data stream of the file with non-sensitive information that may appear to be sensitive.

Abstract: Techniques for providing data loss prevention, including data exfiltration prevention and crypto-ransomware prevention, are provided. In some embodiments, a slack-space file system is created by using a modified packing algorithm to increase and/or optimize an amount of slack space created by files stored in a standard file system. A program for accessing and indexing the slack-space file system may be stored, and requests by a user to store data on a storage medium of a computer system may cause the information to be stored in the slack-space file system, where it may be protected from destructive malware that operates solely on the standard file system. In some embodiments, sensitive information may be hidden by storing the information in an alternate data stream of a file and by replacing the information in the unnamed data stream of the file with non-sensitive information that may appear to be sensitive.

Abstract: Systems, apparatus, and methods for continuously authenticating individuals are provided. A continuous authentication system receives first biometric authentication information from an individual. The system compares the first biometric authentication information to stored first biometric information to identify the individual and links the identified individual to a device for obtaining second biometric authentication information. The device for obtaining second biometric authentication information continuously receives second biometric authentication information. The continuous authentication system compares the received second biometric authentication information to stored second biometric information that corresponds to the individual to determine if the received second biometric authentication information corresponds to the individual.

Abstract: Techniques for providing data loss prevention, including data exfiltration prevention and crypto-ransomware prevention, are provided. In some embodiments, a slack-space file system is created by using a modified packing algorithm to increase and/or optimize an amount of slack space created by files stored in a standard file system. A program for accessing and indexing the slack-space file system may be stored, and requests by a user to store data on a storage medium of a computer system may cause the information to be stored in the slack-space file system, where it may be protected from destructive malware that operates solely on the standard file system. In some embodiments, sensitive information may be hidden by storing the information in an alternate data stream of a file and by replacing the information in the unnamed data stream of the file with non-sensitive information that may appear to be sensitive.

Abstract: Techniques for providing network security and anomaly detection are disclosed. In some embodiments, network traffic may be monitored in order to create a model of network traffic over a first period of time. Based on the model of network traffic, one or more inflated files may be created and stored on a system, wherein the inflated files are of a sufficient file size such that attempts to exfiltrate one or more of the files may be detected based by network monitoring tools. The inflated files may further include one or more indicators of sensitivity, including indicators of the presence of sensitive information that is not actually included in the inflated files. Network traffic characteristics may then be repeatedly or continuously monitored in order to update the size of the one or more inflated files based on changes in network traffic characteristics.

Abstract: Systems, apparatus, and methods for continuously authenticating individuals are provided. A continuous authentication system receives first biometric authentication information from an individual. The system compares the first biometric authentication information to stored first biometric information to identify the individual and links the identified individual to a device for obtaining second biometric authentication information. The device for obtaining second biometric authentication information continuously receives second biometric authentication information. The continuous authentication system compares the received second biometric authentication information to stored second biometric information that corresponds to the individual to determine if the received second biometric authentication information corresponds to the individual.

Abstract: Systems, apparatus, and methods for continuously authenticating individuals are provided. A continuous authentication system receives first biometric authentication information from an individual. The system compares the first biometric authentication information to stored first biometric information to identify the individual and links the identified individual to a device for obtaining second biometric authentication information. The device for obtaining second biometric authentication information continuously receives second biometric authentication information. The continuous authentication system compares the received second biometric authentication information to stored second biometric information that corresponds to the individual to determine if the received second biometric authentication information corresponds to the individual.

Abstract: Systems, apparatus, and methods for continuously authenticating individuals are provided. A continuous authentication system receives first biometric authentication information from an individual. The system compares the first biometric authentication information to stored first biometric information to identify the individual and links the identified individual to a device for obtaining second biometric authentication information. The device for obtaining second biometric authentication information continuously receives second biometric authentication information. The continuous authentication system compares the received second biometric authentication information to stored second biometric information that corresponds to the individual to determine if the received second biometric authentication information corresponds to the individual.

Abstract: A multispectral iris recognition system includes a multispectral camera adapted to acquire spatially registered iris images simultaneously in at least three wavelengths and a database adapted to store the acquired iris images. A texture analysis section identifies an area within each acquired iris image having a maximum texture at each of the wavelengths. The identified areas are combined to generate an enhanced iris image. Additionally, a visible light iris image is acquired and stored along with a set of transformation mappings in a database. The acquired visible light iris image is modeled in a texture model, which clusters textures from the acquired visible light iris image. A mapping is selected from the database for each of the clusters. The selected mappings are applied to the acquired visible light iris image to generate a Near-Infrared equivalent.

Abstract: A multispectral iris recognition system includes a multispectral camera adapted to acquire spatially registered iris images simultaneously in at least three wavelengths and a database adapted to store the acquired iris images. A texture analysis section identifies an area within each acquired iris image having a maximum texture at each of the wavelengths. The identified areas are combined to generate an enhanced iris image. Additionally, a visible light iris image is acquired and stored along with a set of transformation mappings in a database. The acquired visible light iris image is modeled in a texture model, which clusters textures from the acquired visible light iris image. A mapping is selected from the database for each of the clusters. The selected mappings are applied to the acquired visible light iris image to generate a Near-Infrared equivalent.