Abstract: According to certain embodiments, a device comprises a memory operable to store a malware defense profile associated with a malware application. The device further comprises a processor operably coupled to the memory. The processor is configured to intercept a probe sent by an application. The probe seeks to obtain information associated with an environment in which the application runs. The processor is configured to determine that the application that sent the probe corresponds to the malware application and, in response, determine a response to send to the malware application. To determine the response, the processor is configured to obtain the malware defense profile associated with the malware application, select an attribute of the malware defense profile to include in the response, prepare the response comprising the selected attribute, and send the response to the malware application. The selected attribute comprises a type of information that the probe seeks to obtain.

Abstract: A system for communicating email messages using tokens receives a request to send an email message to a receiver. The email message is associated with a sender's email address. The system determines whether the sender's email address is associated with a token from a plurality of tokens stored in a token-email address mapping table. The system generates a particular token for the sender's email address in response to determining that the sender's email address is not associated with a token, where the particular token uniquely identifies the sender's email address. The system sends the email message using the particular token instead of the sender's email address, such that the sender's email address remains anonymous from the perspective of the receiver.

Abstract: A system for identifying email messages associated with phishing threats accesses an email message sent to a receiving computing device, where the email message is associated with a sender's email address. The system determines whether the sender's email address is associated with a token from a plurality of tokens stored in a token-email address mapping table. The system determines that the email message is associated with a phishing threat, in response to determining that the sender's email address is not associated with a token from a plurality of tokens from among a token-email mapping table.

Abstract: A system for preventing communications from detected phishing domains receives a communication associated with a particular domain. The system determines that the particular domain is a phishing domain. In response, in one embodiment, the system registers the particular domain in a Domain Name System (DNS) server to block the communication and future communications associated with the particular domain from being received at computing devices operably coupled with the DNS server. In another embodiment, the system registers the particular domain in the DNS server, such that the communication and future communications associated with the particular domain are re-routed to a particular server to monitor phishing activities implemented on the communications, where the phishing activities comprise attempting to obtain login credentials and private information associated with receivers of the communication and future communications.

Abstract: A system for phishing domain detection receives a communication associated with a particular domain. The system extracts a first set of features from the communication, the first set of features including a name of the sender, a name of the domain, a time of receipt, a sentiment message, and attachment file associated with the communication. The system compares the first set of features with a second set of features associated with a historical communication labeled with a phishing domain. In response to determining that the first set of features corresponds to the second set of features, the system determines that the particular domain is the phishing domain.

Abstract: A device that is configured to receive an authentication request for a first user. The authentication request includes a first authentication fingerprint and a first vital sign information. The device is further configured to identify a second authentication fingerprint from a memory that matches the first authentication fingerprint and to identify a second vital sign information that is associated with the second authentication fingerprint. The device is further configured to compare the first vital sign information from the authentication request to a tolerance threshold value. The device is further configured to generate an authentication response based on the comparison and to send the authentication response to a network device.

Abstract: A device that is configured to capture biometric information for a user using a first biometric sensor that is configured to capture biometric information that identifies physical characteristics of the user. The device is further configured to capture device information for a user device that is associated with the user. The device is further configured to generate an authentication fingerprint for the user based on a combination of the biometric information and the device information. The device is further configured to obtain vital sign information using a second biometric sensor that is configured to capture vital sign information that identifies a physical state of the user. The device is further configured to generate an authentication request that includes the authentication fingerprint and the vital sign information and to send the authentication request to a network device.

Abstract: Apparatus and methods for establishing a user Internet of Things (“IoT”) system is provided. The method may be performed by a central IoT hub run on a user's personal computing device. The method may include detecting user devices in electronic communication with the central IoT hub and onboarding, to the user IoT system, user devices determined to be in conformance with baseline security protocols and performance characteristics. The onboarded user device may be IoT nodes. The method may include monitoring enterprise data to pre-emptively identify and address probable failures of the IoT nodes prior to failure of the IoT nodes. The method may also include addressing known failures for each IoT node on the user IoT system.

Abstract: An apparatus includes a memory and a hardware processor. The memory stores identification information of a user. The processor receives from a device a request for the identification information of the user and in response to the request, appends a data element to the identification information to produce a protected message. The processor also encrypts the protected message to produce an encrypted message and communicates the encrypted message to the device. The data element executes in response to the encrypted message being decrypted, and the data element encrypts the identification information when the data element executes.

Abstract: A system for using artificial intelligence to generate a computing network architecture diagram based on user inputs, applicable vulnerability/cyber threat data and internal/external compliance/audit regulation data. In addition, machine-learning techniques may be used that leverage previously implemented computing network architectures. The computing network architecture diagram may be generated absent a baseline diagram or the user inputs may define at least a portion of an initial/baseline network architecture diagram that is modified based on the vulnerability/cyber threat data, the internal/external compliance/audit regulation data and/or the previously implemented computing network architectures. In additional embodiments of the invention, new/emerging vulnerabilities and cyber threats are detected, and in real-time response, adjustments to the computing network infrastructure and determined and implemented.

Abstract: A system for real-time authenticated obfuscation of electronic data provides real-time visual obfuscation of the data by transforming displayed data into undecipherable data when viewed by an unauthorized user while maintaining access for an authorized user. The system may further provide application-level obfuscation of electronic data via cryptographic keys such that only authorized applications may decrypt the encrypted data. In this way, the system provides secure access control of electronic data within a networked environment.

Abstract: Systems, computer program products, and methods are described herein for tracking user eye focus for adjusting interactions with a user. The present invention may be configured to receive, from a user device, image data associated with an item and receive, from the user device, eye-tracking data associated with eye movements of a user while the user is viewing the item. The present invention may be further configured to determine, based on the eye-tracking data, whether the user focused on the item and receive outcome data comprising an action, performed by the user, regarding the item. The present invention may be further configured to determine, based on the outcome data and based on whether the user focused on the item, an attribute of the action by determining whether the user understood the item, whether the user took the action regarding the item impulsively, and/or the like.

Abstract: A system for real-time authenticated obfuscation of electronic data provides real-time visual obfuscation of the data by transforming displayed data into undecipherable data when viewed by an unauthorized user while maintaining access for an authorized user. The system may further provide application-level obfuscation of electronic data via cryptographic keys such that only authorized applications may decrypt the encrypted data. In this way, the system provides secure access control of electronic data within a networked environment.

Abstract: Apparatus and methods for establishing a user Internet of Things (“IoT”) system is provided. The method may be performed by a central IoT hub run on a user's personal computing device. The method may include detecting user devices in electronic communication with the central IoT hub and onboarding, to the user IoT system, user devices determined to be in conformance with baseline security protocols and performance characteristics. The onboarded user device may be IoT nodes. The method may include monitoring enterprise data to pre-emptively identify and address probable failures of the IoT nodes prior to failure of the IoT nodes. The method may also include addressing known failures for each IoT node on the user IoT system.

Abstract: Information technology/cyber security for computer-related processes in which vulnerabilities are identified and, those vulnerabilities which are technology-related are automatically remediated by determining and executing network-based tasks. The most granular level of computer-related process assessment in made possible by reliance on a critical function/process taxonomy this is automatically generated and, as such, the present invention, identifies both technology and non-technology-related vulnerabilities.

Abstract: Information technology/cyber security for computer-related processes in which vulnerabilities are identified and, those vulnerabilities which are technology-related are automatically remediated by determining and executing network-based tasks. The most granular level of computer-related process assessment in made possible by reliance on a critical function/process taxonomy this is automatically generated and, as such, the present invention, identifies both technology and non-technology-related vulnerabilities.

Abstract: Embodiments of the invention are directed to a system, method, or computer program product for integration with a wearable device for impetus resource distribution process confirmation and authentication. In this way, the invention coordinates with a wearable device and resource distribution vehicles of a user. Upon activation of a resource distribution vehicle, the system reviews metrics from the wearable device to identify discrepancies between the real-time metrics and a baseline for the user. The invention triggers tiered confirmation requests for authentication prior to allowing processing of the resource distribution for impetus distribution prevention.

Abstract: Systems for analyzing and controlling cyber events are provided. In some examples, indicator or compromise (IOC) data may be received. The system may parse the data to identify one or more IOC parameters within the IOC data. In some examples, the IOC parameters may be compared to known IOC parameters to determine whether the IOC parameters are known. If not, the newly identified IOC parameters may be stored in a database. The identified IOC parameters may be evaluated to identify one or more linkages associated with the IOC parameters. For instance, each IOC parameters may be evaluated to identify one or more other parameters associated with each parameter. Those linkages may indicate a threat or potential threat. Based on the evaluation, the system may generate, update and/or execute one or more blocks. For instance, access to one or more domain name, email address, or the like, may be locked based on the identified IOC parameters, linkages, and the like.

Abstract: A system for using artificial intelligence to generate a computing network architecture diagram based on user inputs, applicable vulnerability/cyber threat data and internal/external compliance/audit regulation data. In addition, machine-learning techniques may be used that leverage previously implemented computing network architectures. The computing network architecture diagram may be generated absent a baseline diagram or the user inputs may define at least a portion of an initial/baseline network architecture diagram that is modified based on the vulnerability/cyber threat data, the internal/external compliance/audit regulation data and/or the previously implemented computing network architectures. In additional embodiments of the invention, new/emerging vulnerabilities and cyber threats are detected, and in real-time response, adjustments to the computing network infrastructure and determined and implemented.

Abstract: Arrangements for automatically authenticating a user based on a signals-based footprint of the user are provided. In some examples, an authentication device may continuously scan a predefined area surrounding the authentication device. Upon detecting a user device, a determination may be made as to whether the device is detected for at least a threshold amount of time. If so, user data may be requested. In some examples, the user data may be requested from, for example, a mobile device of a user and may include biometric signature data, such as heart rate, respiratory rate, and the like. User response data may be received and compared to pre-stored data and, if the user response data meets or exceeds a threshold confidence level, the user may be automatically authenticated. If not, additional user authentication information, such as a username and password, personal identification number (PIN), or the like, may be requested to authenticate the user.