Abstract: A system and method for performing IP to name resolution in organizational environments. IP addresses are determined for devices utilizing the corporate network. An IP address is resolved to a first device name and then the same IP address is subsequently resolved to a second device name. A profile is generated such as a timeline for the IP address including both the first and second device names. The timeline may be queried to determine whether the first device name or the second device name was associated with the IP address during a period of time.

Abstract: Brute force attacks on a given account with various password attempts are a common threat to computer security. When a suspected brute force on an account is detected, systems may lock the account from access, which is frustrating to users and time consuming for administrators in the event of a false positive. To reduce the number of false positives, brute force counterattacks are taught in the present disclosure. A brute force counterattack is used to learn whether the login attempts change the passwords attempted, and are to be classified as malicious, or keep the attempted password the same in multiple attempts, and are to be classified as benign.

Abstract: A system and method for performing IP to name resolution in organizational environments. IP addresses are determined for devices utilizing the corporate network. An IP address is resolved to a first device name and then the same IP address is subsequently resolved to a second device name. A profile is generated such as a timeline for the IP address including both the first and second device names. The timeline may be queried to determine whether the first device name or the second device name was associated with the IP address during a period of time.

Abstract: Brute force attacks on a given account with various password attempts are a common threat to computer security. When a suspected brute force on an account is detected, systems may lock the account from access, which is frustrating to users and time consuming for administrators in the event of a false positive. To reduce the number of false positives, brute force counterattacks are taught in the present disclosure. A brute force counterattack is used to learn whether the login attempts change the passwords attempted, and are to be classified as malicious, or keep the attempted password the same in multiple attempts, and are to be classified as benign.

Abstract: A method, system and computer program for recoupling Kerberos Authentication and Authorization requests, the method including the steps of: (a) extracting authorization information, including a copy of a Ticket Granting Ticket (TGT), from an authorization request; (b) retrieving authentication information including the TGT, the authentication information having been previously extracted from an authentication transaction and stored; (c) cross-referencing the extracted authorization information with the retrieved authentication information, such that a discrepancy between the cross-referenced information invokes a security event alert.

Abstract: A method, system and computer program for recoupling Kerberos Authentication and Authorization requests, the method including the steps of (a) extracting authorization information, including a copy of a Ticket Granting Ticket (TGT), from an authorization request; (b) retrieving authentication information including the TOT, the authentication information having been previously extracted from an authentication transaction and stored; (c) cross-referencing the extracted authorization information with the retrieved authentication information, such that a discrepancy between the cross-referenced information invokes a security event alert.

Abstract: A method system and computer program product for protecting Directory Services (DS) by monitoring traffic to the DS; deciding to block a client access request in the monitored traffic originating from a network client; synthesizing an error message based at least in part on the client access request; and sending the synthesized error message to the network client, causing the network client to abort access request process such as an authentication process or an authorization process.