Abstract: An access configuration for an access control manager is generated. Access data including users, resources, and actions the users performed on the resources is received into a matrix. Clusters of the matrix are formed to produce ranges of the users and ranges of the resources having selected permission levels based on the actions. Administrator-modifiable security groups are created based on the ranges of users and administrator-modifiable resources groups based on the ranges of resources.

Abstract: A security configuration for a firewall is generated. Network traffic data, network reputation data, and endpoint protection data are received from a network environment. A reputation score for a network address is generated from the network traffic data and the network reputation data. An endpoint protection configuration is generated from a routine based on the network traffic data and the endpoint protection data. A set of security rules is provided from the endpoint configuration and the reputation score.

Abstract: Methods, systems, and apparatuses are provided for managing an execution of applications in a computing environment. A whitelist list of applications that are permitted to execute in a computing environment is obtained. For one or more of the applications on the whitelist, a temporal rule is assigned that specifies a time period in which the application is permitted to execute in the computing environment. For instance, the temporal rule may be obtained via a user input or may be determined automatically by analyzing an execution history of the application. Applications are permitted to execute in the computing environment during the time period specified by the temporal rule, and are prevented from executing outside of the time period. By restricting the time period in which an application can execute, the overall vulnerability to malware attacks in a computing environment may be reduced.

Abstract: Described technologies automatically detect candidate networks having external nodes which communicate with nodes of a local network; a candidate external network can be identified even when the external nodes are owned by a different entity than the local network's owner. A list of network addresses which communicated with local network nodes is culled to obtain addresses likely to communicate in the future. A graph of local and external nodes is built, and connection strengths are assessed. A candidate network is identified, based on criteria such as connection frequency and duration, domain membership, address stability, address proximity, and others, using cutoff values that are set by default or by user action. The candidate network identification is then utilized as a basis for improved security though virtual private network establishment, improved bandwidth allocation, improved traffic anomaly detection, or network consolidation, for example.

Abstract: A system and method of filtering input data to remove power line interference is disclosed. The system and method estimates the statistics of the input signal and include determining a value (R) from the ratio of a peak amplitude (Apeak) and a root-mean-square of the amplitudes of the interference harmonics (Arms), calculate a running histogram of the determined value (R) to determine a threshold value (THR), comparing the determined value (R) to the determined threshold value (THR) to make a decision about feature existence, and outputting a feature decision. The system and method include estimating the interference level to determine if interference is low level or high level. The system and method include estimating interference using the feature detection, amplitude and phase; and removing the estimated interference from the signal to result in a signal substantially free of power line interference.

Abstract: A system is provided for detecting creation of malicious user accounts. The system includes a processor, a memory, and an application including instructions configured to: collect data corresponding to creation of new user accounts, where the new user accounts are associated with at least two distinct organizations, at least two distinct subscriptions, or at least two distinct customers, and where each of the new user accounts has a user name; determine properties based on the data and for a group of similar ones of the user names; evaluate the properties of the new user accounts corresponding to the group of similar ones of the user names and determine whether a probability for the new user accounts to be created having the group of similar ones of the user names is less than a predetermined threshold, and generate an alert based on a result of the evaluation of the properties.

Abstract: A system for detecting a targeted attack by a first machine on a second machine is provided. The system includes an application including instructions to: according to first parameters, group alerts for attacking machines; each group of alerts corresponds to attacks performed by a respective one of the attacking machines, and each of the alerts is indicative of a possible attack performed by one of the attacking machines; according to second parameters, group metadata corresponding to attacked machines implementing cloud applications; based on the group of metadata corresponding to the second machine and one or more co-factors, evaluate one or more alerts corresponding to attacks performed by the first machine on the second machine relative to alerts associated with attacks performed by the first machine on other machines or attacks performed by the attacking machines; and alert the second machine of the targeted attack.

Abstract: Providing network entities with notifications of attacks on the entities. A method includes collecting alerts from a plurality of network entities in a cluster computing environment. Alerts are grouped into heterogeneous groups of alerts. Each group includes a plurality of different types of alerts. Each alert has corresponding properties, including at least one property identifying the type of alert. Each group of alerts corresponds to a timeline of alerts for a particular entity. Groups of alerts that correspond to a valid cyber-kill chain are identified. Different groups of alerts that correspond to a valid cyber-kill chain are correlated into clusters of groups of alerts by correlating the types of alerts and corresponding properties. At least one cluster is identified as having some characteristic of interest. Entities corresponding to groups of alerts in the cluster are notified of the characteristic of interest.

Abstract: A computing system for generating allowed lists of applications for machines is provided. The system, for each machine, identifies a set of executed applications that were executed by that machine. The system then clusters the machines based on similarity between the sets of executed applications so that machines with similar sets are in the same cluster. The system then, for each cluster of machines, creates an allowed list of applications for the cluster that includes the applications in the sets of executed applications of the machines of the cluster. An allowed list for a cluster indicates that only applications in the allowed list are allowed to be executed by a machine in the cluster. The system then distributes the allowed list for a cluster to the machines of that cluster so that the machines execute only applications in the allowed list for their cluster.

Abstract: Controlling device security includes obtaining a set of device activity data indicating current device activity on a device and a set of user activity data indicating a current activity state of one or more legitimate users of the device. It is determined whether the indicated current activity state of the users indicates that a legitimate user is in an active state on the device, or that none of the legitimate users is in an active state on the device. A statistical fit of the indicated current device activity on the device, with the indicated current activity state of the one or more legitimate users, is determined, by a comparison with at least one of the models that are generated via supervised learning. A security alert action may be initiated, based on a result of the determination of the statistical fit indicating a compromised state of the device.

Abstract: In a method and a machine tool for machining metallic workpieces, a cooling device is provided to supply a cryogenic coolant to a first tool and a precooling device is provided to supply the cryogenic coolant to a second tool. The first tool is held in a first chuck and processes a workpiece, with the first tool during processing being cooled via the cryogenic coolant. The second tool is held in a second chuck and will subsequently be used for processing the workpiece. The second tool is supplied via the precooling device with the cryogenic coolant and thus cooled to the operating temperature required for processing. Due to the fact that the second tool is precooled to the required processing temperature, after the change of tools, the processing of the workpiece can be continued immediately. By precooling the second tool during the primary processing time, the total processing time of the workpiece is reduced, providing the machine tool with higher productivity.

Abstract: A tool turret for machining workpieces has a housing and with a part that can be rotated around an axis of rotation into several rotary positions. On the rotating part, several tool holders are mounted on the circumference for holding tools to which a cryogenic cooling medium can be fed by means of a first feed line and a respective second feed line. The first feed line can be moved in a linear manner in at least some sections by a linear actuator whereby the first feed line is connected in a first position with the second feed line belonging to the tool in work position and in a second position is disconnected from the second feed lines for changing the rotary position of the rotating part. The tool turret enables the cryogenic cooling medium to be fed to the tools in a simple and reliable manner.

Abstract: A tool turret for machining workpieces has a housing and with a part that can be rotated around an axis of rotation into several rotary positions. On the rotating part, several tool holders are mounted on the circumference for holding tools to which a cryogenic cooling medium can be fed by means of a first feed line and a respective second feed line. The first feed line can be moved in a linear manner in at least some sections by a linear actuator whereby the first feed line is connected in a first position with the second feed line belonging to the tool in work position and in a second position is disconnected from the second feed lines for changing the rotary position of the rotating part. The tool turret enables the cryogenic cooling medium to be fed to the tools in a simple and reliable manner.

Abstract: In a method and a machine tool for machining metallic workpieces, a cooling device is provided to supply a cryogenic coolant to a first tool and a precooling device is provided to supply the cryogenic coolant to a second tool. The first tool is held in a first chuck and processes a workpiece, with the first tool during processing being cooled via the cryogenic coolant. The second tool is held in a second chuck and will subsequently be used for processing the workpiece. The second tool is supplied via the precooling device with the cryogenic coolant and thus cooled to the operating temperature required for processing. Due to the fact that the second tool is precooled to the required processing temperature, after the change of tools, the processing of the workpiece can be continued immediately. By precooling the second tool during the primary processing time, the total processing time of the workpiece is reduced, providing the machine tool with higher productivity.

Abstract: A tool turret for machining workpieces has a housing and with a part that can be rotated around an axis of rotation into several rotary positions. On the rotating part, several tool holders are mounted on the circumference for holding tools to which a cryogenic cooling medium can be fed by means of a first feed line and a respective second feed line. The first feed line can be moved in a linear manner in at least some sections by linear actuator whereby the first feed line is connected in a first position with the second feed line belonging to the tool in work position and in a second position is disconnected from the second feed lines for changing the rotary position of the rotating part. The tool turret enables the cryogenic cooling medium to be fed to the tools in a simple and reliable manner.

Abstract: In a method and a machine tool for machining metallic workpieces, a cooling device is provided to supply a cryogenic coolant to a first tool and a precooling device is provided to supply the cryogenic coolant to a second tool. The first tool is held in a first chuck and processes a workpiece, with the first tool during processing being cooled via the cryogenic coolant. The second tool is held in a second chuck and will subsequently be used for processing the workpiece. The second tool is supplied via the precooling device with the cryogenic coolant and thus cooled to the operating temperature required for processing. Due to the fact that the second tool is precooled to the required processing temperature, after the change of tools, the processing of the workpiece can be continued immediately. By precooling the second tool during the primary processing time, the total processing time of the workpiece is reduced, providing the machine tool with higher productivity.

Abstract: A method of wireless communication uses a fiber composite structure including a first conductive fiber composite layer comprising carbon fiber, a second conductive fiber composite layer comprising carbon fiber, and an insulating layer electrically isolating the first composite layer from the second composite layer. Communication devices such as transceivers are connected to the first and second composite layers and signals may be communicated to and from the communication devices through the composite layers. An AC or DC voltage may be applied to the first and second composite layers to conduct electrical power to the electrical devices without the requirement of separate wires.

Abstract: A machining device for machining crankshafts has a rotationally driven disk-shaped base body with blade inserts arranged peripherally thereon. A first supply line for a cryogenic cooling medium is arranged concentrically with the axis of rotation and is thermally insulated in at least some sections. The tool has a plurality of second supply lines for the cryogenic cooling medium running across the axis of rotation and leading to the blade inserts, the second supply lines each being thermally insulated in at least some sections. A distributor unit connects the first supply line to at least one of the second supply lines for supplying the cryogenic cooling medium to at least one of the blade inserts. The cryogenic cooling medium can be conducted directly to the blade inserts which are engaged with the crankshaft that is to be machined.

Abstract: A machining installation for workpieces comprises a workpiece positioning device comprising a workpiece holder pivot unit as well as a tool positioning device comprising a tool holder pivot unit. The workpiece holder pivot unit is designed such that a workpiece holder is pivotable about at least three and no more than four workpiece holder pivot axes. Moreover, the tool holder pivot unit is designed such that a tool holder is pivotable about no more than two tool holder pivot axes. The machining installation has a simple design and ensures flexible and accurate machining of workpieces.

Abstract: A machine tool for achieving a high degree of flexibility during workpiece processing comprises a machine bed with side walls arranged thereon, which respectively comprise a basic body with a front overhanging projection arranged thereon. On the side walls a tool spindle is arranged to be linearly movable by means of slides. Underneath the front overhanging projections a processing space is formed for the workpiece processing, in which a workpiece positioning unit is arranged. The processing space underneath the front overhanging projections is freely accessible, whereby depending on the processing task different workpiece positioning units can be arranged therein.