Abstract: A firewall rule evaluation service scores firewall rules based on characteristics of logical objects that fall within ranges of Internet Protocol (IP) addresses corresponding to the firewall rules. Firewall rule scoring criteria may cause scores to be assigned to individual firewall rules based on an inverse relationship to quantities of discrete Autonomous Systems as well as aggregate numbers of and/or severity scores for threat intelligence flagged IP addresses granted access by individual firewall rules. The firewall rule evaluation service may further determine firewall rule recommendations for replacing firewall rules spanning multiple IP prefixes for different Autonomous Systems with more narrowly defined firewall rules that precisely encompass IP prefixes corresponding to single autonomous systems or multiple related Autonomous Systems (e.g., Autonomous Systems operated by a single trustworthy entity).

Abstract: A firewall rule evaluation service scores firewall rules based on characteristics of logical objects that fall within ranges of Internet Protocol (IP) addresses corresponding to the firewall rules. Firewall rule scoring criteria may cause scores to be assigned to individual firewall rules based on an inverse relationship to quantities of discrete Autonomous Systems as well as aggregate numbers of and/or severity scores for threat intelligence flagged IP addresses granted access by individual firewall rules. The firewall rule evaluation service may further determine firewall rule recommendations for replacing firewall rules spanning multiple IP prefixes for different Autonomous Systems with more narrowly defined firewall rules that precisely encompass IP prefixes corresponding to single autonomous systems or multiple related Autonomous Systems (e.g., Autonomous Systems operated by a single trustworthy entity).

Abstract: Generally discussed herein are devices, systems, and methods for computer or other network device security. A method can include identifying a profile associated with event data regarding an operation performed on a cloud resource, determining whether the event data is associated with anomalous customer interaction with the cloud resource, in response to determining the event data is associated with anomalous customer interaction, identifying whether another cloud resource of the cloud resources with a lower granularity profile that is associated with the profile of the cloud resource has previously been determined to be a target of an anomalous operation, and providing a single alert to a client device indicating the anomalous behavior on the cloud resource in response to determining both the event data is associated with anomalous customer interaction and the another cloud resource is determined to be the target of the anomalous operation.

Abstract: A system includes identification of a data source of a production environment, the data source storing authentic data, generation of simulated data of the data source, reception of a request for data of the data source from a requesting system in the production environment and, in response to the received request, providing of the simulated data to the requesting system. In some aspects, the simulated data is provided to the requesting system if it is determined that the request is related to an electronic attack, and the authentic data of the data source is provided to the requesting system if it is not determined that the request is related to an electronic attack.

Abstract: Generally discussed herein are devices, systems, and methods for computer or other network device security. A method can include identifying a profile associated with event data regarding an operation performed on a cloud resource, determining whether the event data is associated with anomalous customer interaction with the cloud resource, in response to determining the event data is associated with anomalous customer interaction, identifying whether another cloud resource of the cloud resources with a lower granularity profile that is associated with the profile of the cloud resource has previously been determined to be a target of an anomalous operation, and providing a single alert to a client device indicating the anomalous behavior on the cloud resource in response to determining both the event data is associated with anomalous customer interaction and the another cloud resource is determined to be the target of the anomalous operation.

Abstract: Identifying suspicious activity at a database of a multi-database system. A global evaluation of a plurality of interactions associated with a plurality of databases included within the multi-database system may be performed. A local evaluation of a plurality of interactions associated with a particular database of the plurality of databases may also be performed. The plurality of interactions associated with the particular database may comprise a subset of the plurality of interactions associated with the plurality of databases. A combination of both the global evaluation and the local evaluation may be analyzed to thereby identify one or more suspicious activities occurring at the particular database. Based on the analysis of the combination of the global evaluation and the local evaluation, one or more suspicious activities occurring at the particular database may then be identified.

Abstract: A system includes identification of a data source of a production environment, the data source storing authentic data, generation of simulated data of the data source, reception of a request for data of the data source from a requesting system in the production environment and, in response to the received request, providing of the simulated data to the requesting system. In some aspects, the simulated data is provided to the requesting system if it is determined that the request is related to an electronic attack, and the authentic data of the data source is provided to the requesting system if it is not determined that the request is related to an electronic attack.

Abstract: Identifying suspicious activity at a database of a multi-database system. A global evaluation of a plurality of interactions associated with a plurality of databases included within the multi-database system may be performed. A local evaluation of a plurality of interactions associated with a particular database of the plurality of databases may also be performed. The plurality of interactions associated with the particular database may comprise a subset of the plurality of interactions associated with the plurality of databases. A combination of both the global evaluation and the local evaluation may be analyzed to thereby identify one or more suspicious activities occurring at the particular database. Based on the analysis of the combination of the global evaluation and the local evaluation, one or more suspicious activities occurring at the particular database may then be identified.

Abstract: Authenticating a client device to a service to allow the client device to access a resource provided by the service. A client device obtains a secondary credential that is associated with a primary credential and that is generated as being usable by a particular set of devices including the client device to indirectly gain access to the service through the primary credential. While outside of an enterprise network, the client device requests access to the service, including sending the secondary credential to an enterprise gateway. Based at least on sending the secondary credential to the enterprise gateway, the client device receives a resource from the service. The resource is received based at least on the enterprise gateway having forwarded the primary credential to the service after verifying that the secondary credential is valid and that the client device is in the particular set of client devices.

Abstract: Authenticating a client device to a service to allow the client device to access a resource provided by the service. A client device obtains a secondary credential that is associated with a primary credential and that is generated as being usable by a particular set of devices including the client device to indirectly gain access to the service through the primary credential. While outside of an enterprise network, the client device requests access to the service, including sending the secondary credential to an enterprise gateway. Based at least on sending the secondary credential to the enterprise gateway, the client device receives a resource from the service. The resource is received based at least on the enterprise gateway having forwarded the primary credential to the service after verifying that the secondary credential is valid and that the client device is in the particular set of client devices.

Abstract: Authenticating a user to a first service to allow the user to access a resource provided by the first service. The resource is a protected resource requiring a general purpose credential (e.g. a user name and/or password) to access the resource. The method includes receiving at a second service, from the device, an ad-hoc credential. The ad-hoc credential is a credential that is particular to the device. The ad-hoc credential can be used to authenticate both the user and the device, but cannot be directly used to as authentication at the first service for the user to access the resource. The method further includes, at the second service, substituting the general purpose credential for the ad-hoc credential and forwarding the general purpose credential to the first service. As such the first service can provide the resource to the user at the device.

Abstract: Authenticating a user to a first service to allow the user to access a resource provided by the first service. The resource is a protected resource requiring a general purpose credential (e.g. a user name and/or password) to access the resource. The method includes receiving at a second service, from the device, an ad-hoc credential. The ad-hoc credential is a credential that is particular to the device. The ad-hoc credential can be used to authenticate both the user and the device, but cannot be directly used to as authentication at the first service for the user to access the resource. The method further includes, at the second service, substituting the general purpose credential for the ad-hoc credential and forwarding the general purpose credential to the first service. As such the first service can provide the resource to the user at the device.