Abstract: Techniques to facilitate operation of a centralized trust authority for web application components are disclosed herein. In at least one implementation, a plurality of web resources used to construct web applications is received. Over a secure application programming interface (API), component registration information associated with each of the plurality of web resources is received, provided by producers of the web resources. The plurality of web resources is analyzed to determine unique identities and security attributes for each of the web resources. A plurality of security risk factors is identified for each of the plurality of web resources based on the component registration information and the security attributes determined for each of the web resources. A security profile is generated for each of the plurality of web resources based on the security risk factors identified for each of the web resources.

Abstract: Disclosed herein are enhancements for operating a communication network to detect malware in scripts of web applications. In one implementation, a method for modeling the structure of embedded unclassified scripts to compare the abstract dynamism of similar scripts. The method may determine structure of unclassified end user browser script by building abstract structure using code from unclassified end user browser script; compare determined structure of unclassified end user browser script with a plurality of generalized abstract structures; if the determined structure of unclassified end user browser script matches within a predetermined threshold of any of the plurality of generalized abstract structures, then the unclassified end user browser script is classified as benign, otherwise the determined structure is classified as malicious. This, in turn, provides a scalable and efficient way of identifying benign, malicious, known and unknown scripts from a script available in full or in part.

Abstract: Techniques to facilitate operation of a centralized trust authority for web application components are disclosed herein. In at least one implementation, a plurality of web resources used to construct web applications is received. Over a secure application programming interface (API), component registration information associated with each of the plurality of web resources is received, provided by producers of the web resources. The plurality of web resources is analyzed to determine unique identities and security attributes for each of the web resources. A plurality of security risk factors is identified for each of the plurality of web resources based on the component registration information and the security attributes determined for each of the web resources. A security profile is generated for each of the plurality of web resources based on the security risk factors identified for each of the web resources.

Abstract: Techniques to facilitate security for a software application are disclosed herein. In at least one implementation, static analysis is performed on code resources associated with the software application to generate static analysis results. Dynamic analysis is performed on a running instance of the software application to generate dynamic analysis results. An application information model of the software application is generated based on the static analysis results and the dynamic analysis results. Security policies for the software application are determined based on the application information model.

Abstract: Disclosed herein are enhancements for operating a communication network to detect malware in scripts of web applications. In one implementation, a method for modeling the structure of embedded unclassified scripts to compare the abstract dynamism of similar scripts. The method may determine structure of unclassified end user browser script by building abstract structure using code from unclassified end user browser script; compare determined structure of unclassified end user browser script with a plurality of generalized abstract structures; if the determined structure of unclassified end user browser script matches within a predetermined threshold of any of the plurality of generalized abstract structures, then the unclassified end user browser script is classified as benign, otherwise the determined structure is classified as malicious. This, in turn, provides a scalable and efficient way of identifying benign, malicious, known and unknown scripts from a script available in full or in part.

Abstract: Techniques for predicting and protecting spearphishing targets are disclosed. In one particular exemplary embodiment, the techniques may be realized as a system for predicting and protecting spearphishing targets. The system may comprise one or more processors communicatively coupled to a network. The one or more processors may be configured to identify one or more potential spearphishing targets based on information from an organization, receive additional information associated with the one or more potential spearphishing targets and the organization from publicly available sources, determine a threat level of a spearphishing attack on the one or more potential spearphishing targets based on the information from the organization and the additional information, and generate a report of the one or more potential spearphishing targets and the threat level associated with the one or more potential spearphishing targets.

Abstract: Techniques to facilitate security for a software application are disclosed herein. In at least one implementation, static analysis is performed on code resources associated with the software application to generate static analysis results. Dynamic analysis is performed on a running instance of the software application to generate dynamic analysis results. An application information model of the software application is generated based on the static analysis results and the dynamic analysis results. Security policies for the software application are determined based on the application information model.

Abstract: A server computer system within a network of an organization receives a request from a user to access a cloud account. The request includes a user identifier. The server computer system authenticates the user for access to the cloud account based on the user identifier, identifies one or more predetermined roles associated with the cloud account for the user, and identifies one or more pseudo accounts associated with the cloud account. The server computer system further maps the user to the one or more pseudo accounts, and provides user access to the cloud account based on the mapping and with access privileges corresponding to the one or more pseudo accounts.

Abstract: A computer-implemented method for prioritizing restoration speed with deduplicated backups may include (1) receiving a request to store a backup image within a deduplicating data system, (2) evaluating an amount of data segments that match the backup image within a container of deduplicated data segments, (3) identifying a restoration prioritization value that is assigned to the backup image and that correlates with a desired restoration speed for the backup image, (4) determining that the amount of data segments that match the backup image exceeds the restoration prioritization value by a predetermined degree, and (5) referencing previously stored data segments within the container of deduplicated data segments that match the backup image when storing the backup image based on the amount of data segments that match the backup image exceeding the restoration prioritization value by the predetermined degree. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for using event-correlation graphs to detect attacks on computing systems may include (1) detecting a suspicious event involving a first actor within a computing system, (2) constructing an event-correlation graph that includes a first node that represents the first actor, a second node that represents a second actor, and an edge that interconnects the first node and the second node and represents a suspicious event involving the first actor and the second actor, (3) calculating, based at least in part on the additional suspicious event, an attack score for the event-correlation graph, (4) determining that the attack score is greater than a predetermined threshold, and (5) determining, based at least in part on the attack score being greater than the predetermined threshold, that the suspicious event may be part of an attack on the computing system. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for deploying applications included in application containers may include (1) identifying an application container that includes an application and facilitates transferring the application to a deployment environment, (2) performing a reconnaissance analysis on the deployment environment by identifying one or more properties of the deployment environment, (3) determining, based at least in part on the reconnaissance analysis, that the deployment environment meets a predetermined threshold of requirements for securely executing the application, and then (4) transferring the application included in the application container to the deployment environment in response to determining that the deployment environment meets the predetermined threshold. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A mechanism for profiling user and group accesses to a content repository is described. The mechanism for profiling accesses may generate baseline profiles and determine if new access behavior deviates from the generated baseline profile. The deviations may be defined in terms of folder and/or user-group distances within a file-system/storage and/or organization hierarchy, respectively. The mechanism also includes an analytics engine for anomaly detection and a recommendation component for recommending access-permissions to files/folders.

Abstract: A computer-implemented method for using event-correlation graphs to detect attacks on computing systems may include (1) detecting a suspicious event involving a first actor within a computing system, (2) constructing an event-correlation graph that includes a first node that represents the first actor, a second node that represents a second actor, and an edge that interconnects the first node and the second node and represents a suspicious event involving the first actor and the second actor, (3) calculating, based at least in part on the additional suspicious event, an attack score for the event-correlation graph, (4) determining that the attack score is greater than a predetermined threshold, and (5) determining, based at least in part on the attack score being greater than the predetermined threshold, that the suspicious event may be part of an attack on the computing system. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for providing network access control in virtual environments. The method may include: 1) injecting a transient security agent into a virtual machine that is running on a host machine; 2) receiving, from the transient security agent, an indication of whether the virtual machine complies with one or more network access control policies; and 3) controlling network access of the virtual machine based on the indication of whether the virtual machine complies with the one or more network access control policies. Various other methods, systems, and computer-readable media are also disclosed herein.

Abstract: Containers that store data objects that were written to those containers during a particular backup are accessed. Then, a subset of the containers is identified; the containers in the subset have less than a threshold number of data objects associated with the particular backup. Data objects that are in containers in that subset and that are associated with the backup are copied to one or more other containers. Those other containers are subsequently used to restore data objects associated with the backup.

Abstract: A computer-implemented method for detecting cloud-based data leaks may include (1) identifying a relational database stored on a third-party storage service, the relational database including a plurality of tuples related by an attribute designated for storing contact information, (2) adding at least one deceptive tuple representing an illegitimate contact and including known false contact information stored under the attribute to the relational database, (3) maintaining a data repository identifying the deceptive tuple as containing false contact information, (4) identifying a contact attempt performed by an attempted use of the known false contact information, and then, in response to identifying the contact attempt, and (5) determining, based on the data repository identifying the deceptive tuple as containing false contact information, that an originator of the contact attempt is implicated in a data leak. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for providing role-based access control using dynamic shared accounts are disclosed. In one particular exemplary embodiment, the techniques may be realized as a system and method for providing role-based access using dynamic shared accounts. For example, the system may comprise one or more processors communicatively coupled to a network. The one or more processors may be configured to: receive a request for access to an account, wherein the request comprises an identifier associated with a user; authenticate the user for access to the account; identify one or more predetermined roles associated with the account for the user; identify one or more pseudo accounts corresponding to the one or more predetermined roles; map the user to the one or more pseudo accounts; and provide user access to the account based on the mapping and with access privileges associated with the one or more predetermined roles associated with the user.

Abstract: A pseudorandom number is generated from a random seed number using a collision-resistant hash function. A iteration input is extracted from the seed number. A hardcore predicate is applied to the iteration input to generate a pseudorandom bit. A pairwise-independent function is identified using a pairwise-independent function identifier extracted from the seed number and applied to the iteration input to produce a randomized iteration input. The collision-resistant hash function is applied to the randomized iteration input to produce a hash result and pad the output. The padded hash result is assigned as the iteration input for the next iteration. The process repeats iteratively and pseudorandom bits are generated using the hardcore predicate in each iteration until a predetermined number of pseudorandom bits are generated. The pseudorandom number is constructed using the generated pseudorandom bits.

Abstract: A computing system identifies shared cloud accounts of a cloud that are created for an entity. The computing system resides outside of the cloud. The number of shared cloud accounts is less than a number of entity users that use the cloud. The computing system determines that one of the users is authorized to use any of the shared cloud accounts in response to a determination that identity information of the user is valid. The computing system receives a request from the user to access the cloud and determines whether one of the shared cloud accounts is available to be assigned to the user. The computing system adds the request to a queue based on a determination that none of the shared cloud accounts is available and assigns one of the cloud accounts to the user based on a determination that one of the shared cloud accounts is available.

Abstract: A computer-implemented method for diagnosing a network configuration of a computing device is described. A test network configuration is captured. A test network signature is generated from the test network configuration. A label is assigned to the test network signature. A determination is made as to whether the test network signature is labeled as an unsuccessful network signature. If the test network signature is labeled unsuccessful, one or more procedures to change the label are generated.