Abstract: The invention relates to a system and method that relates to creation of a digital fingerprint library for storing information of a document containing protected information. The system mainly includes a fragment generator, a fingerprint value generator, and the digital fingerprint library. The fragment generator generates fragments of the document using a sliding window method. Fragment length is determined heuristically, can be hardcoded in the program or be a parameter in GUI. The fingerprint value generator generates a fingerprint value, e.g., its hash, for each fragment. The fingerprint value represents the information related to respective fragments. The digital fingerprint library then stores the fingerprint value. Fingerprint values of individual fragments serve as key values to provide a mechanism for comparing fragments of unknown files to the digital fingerprint library.

Abstract: A system and a method for automatically assigning a hierarchical security level to a source of data, e.g., a file or a database, that can be used as a source to generate, e.g., to calculate or to extract, fingerprints of fragments of a fixed size N using a digital fingerprint library that contains fingerprints of known fragments fixed size and their hierarchical security levels are disclosed herein. The method comprises assignment of an initial hierarchical security level to a source of data and further comparison of fingerprints of its fragments of fixed size to the fingerprints of fingerprints of fixed size and their related hierarchical security levels stored in the digital fingerprint library.

Abstract: A system and method for adding a fingerprint of a fragment of fixed size and hierarchical classification level to a digital fingerprint library containing information about fingerprints of fragments of fixed size and their hierarchical classification levels and used to identify files that contain known fragments of data in an environment with hierarchical information security classification.

Abstract: An automatic incident dispatcher calculates an incident signature of a new incident, calculates a degree of variance (DoV) of the new incident from an incident signature of the previously classified incident, compares the calculated DoV to a predetermined threshold, and determines that the new incident belongs to a same class as a class of the previously classified the new incident if the calculated DoV is less than or equal to the threshold.

Abstract: A system to optimize required resources at an endpoint needed to monitor a user behavior for abnormalities with the endpoint includes a processor processing a plurality of agents running at the endpoint to intercept network traffic metrics, intercept device access metrics, intercept app-specific user-mode metrics, parse intercepted data, and submit the intercepted data to a backend component at a server to collect the intercepted data from the endpoint, predict deviation from a normal profile, in which the backend component assesses available characteristics of a particular endpoint, calculates an endpoint user profile, calculates a degree of variance (DoV) between the user profile and the normal profile, compares the calculated DoV to a predetermined Variance Threshold (VT), and predicts, based on machine learning algorithms, a movement of a trend of the DoV within the VT, creates an adjusted metrics list, and distributes adjusted metrics to a related endpoint.

Abstract: A system to create an initial list of DLP policies and adjust a DLP policies list overtime includes a processor coupled to a memory storing instructions, the processor implementing the instructions to process a plurality of agents running at an endpoint to intercept a data transfer in a network traffic, intercept the data transfer in a device access, extract textual data from intercepted objects, analyze content for detection of sensitive data in an intercepted data, record justification of the data transfer, prevent the data transfer in case the data transfer is not allowed by rules, and create new data flow/DLP policy rule, and through cloud server side, storing a database of the DLP policy and logs, processing data received from endpoints, storing data classifier database and functions to update data classifier database, and managing and applying DLP policy rules and make system setup.

Abstract: A system for identifying of presence of protected data in an unknown file includes a processor coupled to a memory storing instructions, the processor being configured to implement the instructions to apply a sliding window process to generate one or more fragments of length, for each generated fragment, check whether information about the generated fragment exists in a library of known fragments of protected data, and if the information about the generated fragment from the unknown file exists in the library of known fragments of protected data, perform steps to reflect an existence of the information about the generated fragment.

Abstract: A system for automatic recognition of security incidents includes a processor coupled to a memory storing instructions, the processor being configured to implement the instructions for an automatic incident generator (AIG) with at least one type of events related to the system, and access to a repository of information about previously recorded incidents with the events related to these previously recorded incidents, to monitor a plurality of events, identify sequences of events including suspected signatures that are capable of constituting an incident, calculate a degree of variance (DoV) of the suspected signatures and at least one signature related to a previously recorded incident, compare the DoV to at least one threshold and, if the DoV is less (or less or equal) to the threshold, identify the incident and optionally initiate the workflow related to the identified incident.

Abstract: A system of automatically managing assignments of users to user groups comprises a processor to implement instructions for an automatic user group manage (AUGM) to access to two or more users and the assignments of the users to the user groups, observe activity of the users, calculate user behavior signatures for one of at least two users of the users, at least one user of the users and one group of the user groups, or at least two groups of the user groups, calculate a numeric degree of variance between at least two of the user behavior signatures, compare the calculated degree of variance to at least one threshold, and determine if a behavior of one of the at least two users, the at least one user and the one group, or the at least two groups are similar or different.

Abstract: A system of monitoring a user behavior for abnormalities compared to a group behavior includes a processor configured to implement instructions for a user to group behavior signature monitor (UGBSM) with at least one user, as a monitored user, and a group of one or more users, as baseline users, to access to certain characteristics of the monitored user and certain characteristics of the baseline users, calculate a user behavioral signature of the monitored user, calculate a group behavioral signature of the baseline users, calculate a degree of variance (DoV) between the user behavioral signature of the monitored user and the group behavioral signature of baseline users, and compare the calculated DoV to a variance threshold to determine whether the user behavioral signature of the monitored user is similar or is different from the group behavioral signature of the baseline users.