Abstract: When a system tries to access a network (e.g., another system, an application, data, or the like) at least two-factor authentication may be used to validate the system. At least one authentication factor may include utilizing authentication credentials of the entity or system accessing the network. At least a second authentication factor may include using an environment hash of the system, which is a representation of the configuration (e.g., hardware, software, or the like) on the system trying to access the network. The environment hash may be compared to hash requirements (e.g., authorized environment hashes, unauthorized environment hashes, or the like) to aid in the validation. The system may only access the network when both the authentication credentials and the environment hashes meet requirements.

Abstract: A system for communicating email messages using tokens receives a request to send an email message to a receiver. The email message is associated with a sender's email address. The system determines whether the sender's email address is associated with a token from a plurality of tokens stored in a token-email address mapping table. The system generates a particular token for the sender's email address in response to determining that the sender's email address is not associated with a token, where the particular token uniquely identifies the sender's email address. The system sends the email message using the particular token instead of the sender's email address, such that the sender's email address remains anonymous from the perspective of the receiver.

Abstract: A system for communicating email messages using tokens receives a request to send an email message to a receiver. The email message is associated with a sender's email address. The system determines whether the sender's email address is associated with a token from a plurality of tokens stored in a token-email address mapping table. The system generates a particular token for the sender's email address in response to determining that the sender's email address is not associated with a token, where the particular token uniquely identifies the sender's email address. The system sends the email message using the particular token instead of the sender's email address, such that the sender's email address remains anonymous from the perspective of the receiver.

Abstract: A system for identifying email messages associated with phishing threats accesses an email message sent to a receiving computing device, where the email message is associated with a sender's email address. The system determines whether the sender's email address is associated with a token from a plurality of tokens stored in a token-email address mapping table. The system determines that the email message is associated with a phishing threat, in response to determining that the sender's email address is not associated with a token from a plurality of tokens from among a token-email mapping table.

Abstract: When a system tries to access a network (e.g., another system, an application, data, or the like) at least two-factor authentication may be used to validate the system. At least one authentication factor may include utilizing authentication credentials of the entity or system accessing the network. At least a second authentication factor may include using an environment hash of the system, which is a representation of the configuration (e.g., hardware, software, or the like) on the system trying to access the network. The environment hash may be compared to hash requirements (e.g., authorized environment hashes, unauthorized environment hashes, or the like) to aid in the validation. The system may only access the network when both the authentication credentials and the environment hashes meet requirements.

Abstract: According to certain embodiments, a network security device comprises a memory operable to store testing options for testing malware behavior and a processor operably coupled to the memory. The processor is configured to intercept probes sent by a malware application and to test a set of test responses, each test response corresponds to a respective one of the testing options that comprises information that the probe seeks to obtain. For each test response, the test determines a test result indicating whether the test response resulted in stopping detonation of the malware application. Information indicating the test result and the test response that yielded the test result is input into a machine learning model configured to determine a malware defense profile based on the test information and to output the malware defense profile.

Abstract: According to certain embodiments, a device comprises a memory operable to store a malware defense profile associated with a malware application. The device further comprises a processor operably coupled to the memory. The processor is configured to intercept a probe sent by an application. The probe seeks to obtain information associated with an environment in which the application runs. The processor is configured to determine that the application that sent the probe corresponds to the malware application and, in response, determine a response to send to the malware application. To determine the response, the processor is configured to obtain the malware defense profile associated with the malware application, select an attribute of the malware defense profile to include in the response, prepare the response comprising the selected attribute, and send the response to the malware application. The selected attribute comprises a type of information that the probe seeks to obtain.

Abstract: When a system tries to access a network (e.g., another system, an application, data, or the like) at least two-factor authentication may be used to validate the system. At least one authentication factor may include utilizing authentication credentials of the entity or system accessing the network. At least a second authentication factor may include using an environment hash of the system, which is a representation of the configuration (e.g., hardware, software, or the like) on the system trying to access the network. The environment hash may be compared to hash requirements (e.g., authorized environment hashes, unauthorized environment hashes, or the like) to aid in the validation. The system may only access the network when both the authentication credentials and the environment hashes meet requirements.

Abstract: A system for communicating email messages using tokens receives a request to send an email message to a receiver. The email message is associated with a sender's email address. The system determines whether the sender's email address is associated with a token from a plurality of tokens stored in a token-email address mapping table. The system generates a particular token for the sender's email address in response to determining that the sender's email address is not associated with a token, where the particular token uniquely identifies the sender's email address. The system sends the email message using the particular token instead of the sender's email address, such that the sender's email address remains anonymous from the perspective of the receiver.

Abstract: A system for identifying email messages associated with phishing threats accesses an email message sent to a receiving computing device, where the email message is associated with a sender's email address. The system determines whether the sender's email address is associated with a token from a plurality of tokens stored in a token-email address mapping table. The system determines that the email message is associated with a phishing threat, in response to determining that the sender's email address is not associated with a token from a plurality of tokens from among a token-email mapping table.

Abstract: A virtual environment system for validating executable data using authorized hash outputs is provided. In particular, the system may generate a virtual environment using a virtual environment device, where the virtual environment is logically and/or physically separated from other devices and/or environments within the network. The system may then open a specified set of executable data within the virtual environment and perform a set of commands or processes with respect to the executable data. If the system determines that the executable data is safe to run, the system may generate a hash output of the executable data and store the hash output in a database of approved executable data. In this way, the system may securely generate a repository of authorized hashes such that the system may ensure that only safely executable code is processed by the computing systems within the network environment.

Abstract: A system already on a network may be analyzed when the system takes an action or may be periodically reviewed. The analysis of the system may include the creation of an environment hash for the system, which is a representation of the configuration (e.g., hardware, software, or the like) of the system, and a comparison with hash requirements. The hash requirements may be stored authorized hashes, stored unauthorized hashes, past hashes for the same system, hashes for other systems with the same or similar configurations, or the like. When the environment hash of the system meets hash requirements, the system may be allowed to continue to operate on the system or may be allowed to take the action on the network. When the hash of the system fails to meet a hash requirement, the system may be isolated from the network and investigated for a non-compliant configuration.

Abstract: A virtual environment system for validating executable data using authorized hash outputs is provided. In particular, the system may generate a virtual environment using a virtual environment device, where the virtual environment is logically and/or physically separated from other devices and/or environments within the network. The system may then open a specified set of executable data within the virtual environment and perform a set of commands or processes with respect to the executable data. If the system determines that the executable data is unsafe to run, the system may generate a hash output of the executable data and store the hash output in a database of unauthorized executable data. In this way, the system may securely generate a repository of authorized and unauthorized hashes such that the system may ensure that unsafe executable data is blocked from being processed within a network environment.

Abstract: A centralized network environment is provided for processing validated executable data based on authorized hash outputs. In particular, the system may generate cryptographic hash outputs of code or software that has been evaluated (e.g., within a virtual environment). The system may then store the hash outputs within a hash database which may be accessible by multiple entity networks, where multiple entities may upload hash output values to and/or retrieve hash output values from the hash database. Based on the data within the hash database, each entity may efficiently identify code that may be safe or unsafe to execute on certain computing systems within its network environment. The system may further comprise an artificial intelligence-powered component which may be configured to detect patterns within code that has been identified by the system as unsafe and provide notifications containing systems likely to be affected and recommended countermeasures.

Abstract: A virtual environment system for validating using accelerated time-based process execution is provided. In particular, the system may generate a virtual environment using a virtual environment device, where the virtual environment is logically and/or physically separated from other devices and/or environments within the network. The system may then open a specified set of executable data within the virtual environment and perform a set of commands or processes with respect to the executable data. The set of commands or processes may be executed on an accelerated-time basis such that processes that would be executed on a longer timeline may be executed at a greater speed (e.g., a shorter timeline). In this way, the system may securely detect the presence of latent defects or issues that may arise from executing the code on a long-term basis.

Abstract: A centralized network environment is provided for processing validated executable data based on authorized hash outputs. In particular, the system may generate cryptographic hash outputs of code or software that has been evaluated (e.g., within a virtual environment). The system may then store the hash outputs within a hash database which may be accessible by multiple entity networks, where multiple entities may upload hash output values to and/or retrieve hash output values from the hash database. Based on the data within the hash database, each entity may efficiently identify code that may be safe or unsafe to execute on certain computing systems within its network environment. The system may further comprise an artificial intelligence-powered component which may be configured to detect patterns within code that has been identified by the system as unsafe and provide notifications containing systems likely to be affected and recommended countermeasures.

Abstract: A virtual environment system for validating executable data using authorized hash outputs is provided. In particular, the system may generate a virtual environment using a virtual environment device, where the virtual environment is logically and/or physically separated from other devices and/or environments within the network. The system may then open a specified set of executable data within the virtual environment and perform a set of commands or processes with respect to the executable data. If the system determines that the executable data is safe to run, the system may generate a hash output of the executable data and store the hash output in a database of approved executable data. In this way, the system may securely generate a repository of authorized hashes such that the system may ensure that only safely executable code is processed by the computing systems within the network environment.

Abstract: When a system tries to access a network (e.g., another system, an application, data, or the like) at least two-factor authentication may be used to validate the system. At least one authentication factor may include utilizing authentication credentials of the entity or system accessing the network. At least a second authentication factor may include using an environment hash of the system, which is a representation of the configuration (e.g., hardware, software, or the like) on the system trying to access the network. The environment hash may be compared to hash requirements (e.g., authorized environment hashes, unauthorized environment hashes, or the like) to aid in the validation. The system may only access the network when both the authentication credentials and the environment hashes meet requirements.

Abstract: A virtual environment system for validating executable data using authorized hash outputs is provided. In particular, the system may generate a virtual environment using a virtual environment device, where the virtual environment is logically and/or physically separated from other devices and/or environments within the network. The system may then open a specified set of executable data within the virtual environment and perform a set of commands or processes with respect to the executable data. If the system determines that the executable data is unsafe to run, the system may generate a hash output of the executable data and store the hash output in a database of unauthorized executable data. In this way, the system may securely generate a repository of authorized and unauthorized hashes such that the system may ensure that unsafe executable data is blocked from being processed within a network environment.

Abstract: A system already on a network may be analyzed when the system takes an action or may be periodically reviewed. The analysis of the system may include the creation of an environment hash for the system, which is a representation of the configuration (e.g., hardware, software, or the like) of the system, and a comparison with hash requirements. The hash requirements may be stored authorized hashes, stored unauthorized hashes, past hashes for the same system, hashes for other systems with the same or similar configurations, or the like. When the environment hash of the system meets hash requirements, the system may be allowed to continue to operate on the system or may be allowed to take the action on the network. When the hash of the system fails to meet a hash requirement, the system may be isolated from the network and investigated for a non-compliant configuration.