Abstract: A data security system, including a security manager computer making network application programming interface (API) calls to a cloud-based service that performs data exchange transactions among end users, the API calls remotely controlling the cloud-based service so that the security manager computer accesses transactions that have entered the cloud-based service, whereby an end user may forward a transaction received through the cloud-based service to a central authority as being a potentially harmful or deceptive transaction, and a data inspector operative to analyze a transaction as being indeed harmful or deceptive, by applying machine learning, wherein the security manager computer controls the cloud-based service so as to transmit to the security manager transactions forwarded to the central authority, instead of or in addition to transmitting these transactions to the central authority, for analysis by the data inspector.

Abstract: A data security system, including a security manager computer making network application programming interface (API) calls to a cloud-based service that (i) performs data exchange transactions for end users, and (ii) includes a mechanism for an end user to invoke in order to report a transaction received by the end user to a central authority as being a potentially harmful or deceptive transaction, the API calls remotely controlling the cloud-based service so that the security manager computer accesses transactions that have entered the cloud-based service, and a data inspector operative to analyze a transaction as being harmful or deceptive, by applying machine learning, wherein the security manager computer controls the cloud-based service so as to transmit transactions reported by the mechanism to the security manager, instead of or in addition to the central authority, for analysis by the data inspector.

Abstract: Disclosed is a method of transparently detecting authentication status of endpoint devices in a network. This method may be used for differentiating guest or rogue endpoints from enterprise endpoints.

Abstract: Disclosed is a method of transparently detecting authentication status of endpoint devices in a network. This method may be used for differentiating guest or rogue endpoints from enterprise endpoints.

Abstract: A data security system, including a security manager computer making network application programming interface (API) calls to a cloud-based service that performs data exchange transactions among end users, the API calls remotely controlling the cloud-based service so that the security manager computer accesses transactions that have entered the cloud-based service, whereby an end user may forward a transaction received through the cloud-based service to a central authority as being a potentially harmful or deceptive transaction, and a data inspector operative to analyze a transaction as being indeed harmful or deceptive, by applying machine learning, wherein the security manager computer controls the cloud-based service so as to transmit to the security manager transactions forwarded to the central authority, instead of or in addition to transmitting these transactions to the central authority, for analysis by the data inspector.

Abstract: A data security system, including a security manager computer making network application programming interface (API) calls to a cloud-based service that (i) performs data exchange transactions for end users, and (ii) includes a mechanism for an end user to invoke in order to report a transaction received by the end user to a central authority as being a potentially harmful or deceptive transaction, the API calls remotely controlling the cloud-based service so that the security manager computer accesses transactions that have entered the cloud-based service, and a data inspector operative to analyze a transaction as being harmful or deceptive, by applying machine learning, wherein the security manager computer controls the cloud-based service so as to transmit transactions reported by the mechanism to the security manager, instead of or in addition to the central authority, for analysis by the data inspector.

Abstract: A data security system, including a security manager computer making network API calls to a service that performs data-exchange transactions for end users, the API calls remotely controlling the service so that the security manager computer accesses an outgoing transaction that has already entered the cloud-based service, by generating one or more security platform rules that are applied by the service and cause the service to automatically transmit the outgoing transaction to an inspection location prior to transmission of the outgoing transaction to a destination, and a data inspector operative to inspect data of the outgoing transaction in the inspection location for data leakage, wherein the security manager computer further controls the service so as to transmit the outgoing transaction to the destinations when the data inspector clears the data, and to perform a remedial action regarding the outgoing transaction when the data inspector does not clear the data.

Abstract: A system for shadow IT discovery, including a message monitor monitoring an enterprise messaging service that provides communication between users belonging to the enterprise and cloud services, and discovering a message relating to a specific cloud service, a message analyzer analyzing the message discovered by the message monitor to determine (i) the nature of the specific cloud service, and (ii) one or more enterprise users who use the specific cloud service, and a reporter reporting the results of the message analyzer to an administrator of the enterprise.

Abstract: A data security system, including a security manager remotely controlling, via a network application programming interface, a cloud-based service that performs data-exchange transactions for end users, operative to cause the service to prevent end user access to incoming transactions so that the security manager accesses the incoming transactions prior to end users being able to access the incoming transactions, and a data inspector operative to inspect data of incoming transactions for security clearance by invoking one or more content scanners, wherein the security manager is further operative to cause the service to restore end user access to the incoming transactions, when the security inspector clears the data, and to cause the service to perform a remedial action vis-à-vis the incoming transactions, when the security inspector does not the data.

Abstract: A data security system, including a security manager computer making network API calls to a service that performs data-exchange transactions for end users, the API calls remotely controlling the service so that the security manager computer accesses an outgoing transaction that has already entered the cloud-based service, by generating one or more security platform rules that are applied by the service and cause the service to automatically transmit the outgoing transaction to an inspection location prior to transmission of the outgoing transaction to a destination, and a data inspector operative to inspect data of the outgoing transaction in the inspection location for data leakage, wherein the security manager computer further controls the service so as to transmit the outgoing transaction to the destinations when the data inspector clears the data, and to perform a remedial action regarding the outgoing transaction when the data inspector does not clear the data.

Abstract: A data security system, including a security manager remotely controlling, via a network application programming interface, a cloud-based service that performs data-exchange transactions for end users, operative to cause the service to prevent end user access to incoming transactions so that the security manager accesses the incoming transactions prior to end users being able to access the incoming transactions, and a data inspector operative to inspect data of incoming transactions for security clearance by invoking one or more content scanners, wherein the security manager is further operative to cause the service to restore end user access to the incoming transactions, when the security inspector clears the data, and to cause the service to perform a remedial action vis-à-vis the incoming transactions, when the security inspector does not the data.

Abstract: A system for shadow IT discovery, including a message monitor monitoring an enterprise messaging service that provides communication between users belonging to the enterprise and cloud services, and discovering a message relating to a specific cloud service, a message analyzer analyzing the message discovered by the message monitor to determine (i) the nature of the specific cloud service, and (ii) one or more enterprise users who use the specific cloud service, and a reporter reporting the results of the message analyzer to an administrator of the enterprise.

Abstract: Disclosed is a method of transparently detecting authentication status of endpoint devices in a network. This method may be used for differentiating guest or rogue endpoints from enterprise endpoints.

Abstract: Disclosed is a method of transparently detecting authentication status of endpoint devices in a network. This method may be used for differentiating guest or rogue endpoints from enterprise endpoints.

Abstract: Disclosed is a method of transparently detecting authentication status of endpoint devices in a network. This method may be used for differentiating guest or rogue endpoints from enterprise endpoints.

Abstract: A computer-assisted method, system, medium of allocating resources within an organization. For instance, the method includes the steps of receiving a request containing at least one business change relating to allocating the resources within the organization, and generating at least one task to implement the requested business change. The method may also include the steps of identifying at least one of a person capable of handling the at least one task and a software module configured to perform the at least one task and issuing at least one instruction to the at least one of a person capable of handling the at least one task and a software module configured to perform the at least one task. These steps may allocate the resources within the organization in accordance with the at least one business change.