Abstract: An anomaly detection method includes receiving, at a processor, a request including a query that references a database. A plurality of attributes is identified based on the request. The processor concurrently processes the query to identify a result, and analyzes the plurality of attributes to identify an anomaly score. When the anomaly score exceeds a first predefined threshold, a signal representing a quarantine request is sent, and a signal representing the result is not sent. When the anomaly score is between the first predefined threshold and a second predefined threshold, a signal representing a notification and a signal representing the result are sent. When the anomaly score is below the second predefined threshold, a signal representing a quarantine request is sent, and a signal representing the result is not sent.

Abstract: A method for performing data encryption and application-agnostic querying of encrypted data includes identifying, via a processor, selected data for encryption. Encryption is applied to the selected data, to produce encrypted data. A query is received at the processor, the query originating from a software application. The query is translated into a modified query compatible with the encrypted data. The processor causes execution of the modified query, to produce query results. The query results include a subset of the encrypted data. The query results are sent to the software application without decrypting the subset of the encrypted data.

Abstract: A non-transitory, processor-readable medium storing instructions that, when executed by a processor, cause the processor to receive, from a requestor compute device, a first request that references one of an electronic file or a data set stored in a memory. The processor monitors a plurality of subsequent requests originating from the requestor compute device. The instructions cause the processor to identify, based on the monitoring of the plurality of subsequent requests, a detected ransomware type from a plurality of ransomware types. Each ransomware type is associated with a predefined sequence of actions associated with the one of the electronic file or the data set. In response to identifying the detected ransomware type, the processor either generates an alert message that includes an indication of an association between the requestor compute device and the detected ransomware type; or modifies an access control permission associated with the requestor compute device.

Abstract: A method for performing data encryption and application-agnostic querying of encrypted data includes identifying, via a processor, selected data for encryption. Encryption is applied to the selected data, to produce encrypted data. A query is received at the processor, the query originating from a software application. The query is translated into a modified query compatible with the encrypted data. The processor causes execution of the modified query, to produce query results. The query results include a subset of the encrypted data. The query results are sent to the software application without decrypting the subset of the encrypted data.

Abstract: A non-transitory, processor-readable medium storing instructions that, when executed by a processor, cause the processor to receive, from a requestor compute device, a first request that references one of an electronic file or a data set stored in a memory. The processor monitors a plurality of subsequent requests originating from the requestor compute device. The instructions cause the processor to identify, based on the monitoring of the plurality of subsequent requests, a detected ransomware type from a plurality of ransomware types. Each ransomware type is associated with a predefined sequence of actions associated with the one of the electronic file or the data set. In response to identifying the detected ransomware type, the processor either generates an alert message that includes an indication of an association between the requestor compute device and the detected ransomware type; or modifies an access control permission associated with the requestor compute device.

Abstract: A non-transitory, processor-readable medium storing instructions that, when executed by a processor, cause the processor to receive, from a requestor compute device, a first request that references one of an electronic file or a data set stored in a memory. The processor monitors a plurality of subsequent requests originating from the requestor compute device. The instructions cause the processor to identify, based on the monitoring of the plurality of subsequent requests, a detected ransomware type from a plurality of ransomware types. Each ransomware type is associated with a predefined sequence of actions associated with the one of the electronic file or the data set. In response to identifying the detected ransomware type, the processor either generates an alert message that includes an indication of an association between the requestor compute device and the detected ransomware type; or modifies an access control permission associated with the requestor compute device.

Abstract: An anomaly detection method includes receiving, at a processor, a request including a query that references a database. A plurality of attributes is identified based on the request. The processor concurrently processes the query to identify a result, and analyzes the plurality of attributes to identify an anomaly score. When the anomaly score exceeds a first predefined threshold, a signal representing a quarantine request is sent, and a signal representing the result is not sent. When the anomaly score is between the first predefined threshold and a second predefined threshold, a signal representing a notification and a signal representing the result are sent. When the anomaly score is below the second predefined threshold, a signal representing a quarantine request is sent, and a signal representing the result is not sent.

Abstract: An anomaly detection method includes receiving, at a processor, a request including a query that references a database. A plurality of attributes is identified based on the request. The processor concurrently processes the query to identify a result, and analyzes the plurality of attributes to identify an anomaly score. When the anomaly score exceeds a first predefined threshold, a signal representing a quarantine request is sent, and a signal representing the result is not sent. When the anomaly score is between the first predefined threshold and a second predefined threshold, a signal representing a notification and a signal representing the result are sent. When the anomaly score is below the second predefined threshold, a signal representing a quarantine request is sent, and a signal representing the result is not sent.

Abstract: A method for performing data encryption and application-agnostic querying of encrypted data includes identifying, via a processor, selected data for encryption. Encryption is applied to the selected data, to produce encrypted data. A query is received at the processor, the query originating from a software application. The query is translated into a modified query compatible with the encrypted data. The processor causes execution of the modified query, to produce query results. The query results include a subset of the encrypted data. The query results are sent to the software application without decrypting the subset of the encrypted data.

Abstract: A method for performing data encryption and application-agnostic querying of encrypted data includes identifying, via a processor, selected data for encryption. Encryption is applied to the selected data, to produce encrypted data. A query is received at the processor, the query originating from a software application. The query is translated into a modified query compatible with the encrypted data. The processor causes execution of the modified query, to produce query results. The query results include a subset of the encrypted data. The query results are sent to the software application without decrypting the subset of the encrypted data.

Abstract: A method for performing data encryption and application-agnostic querying of encrypted data includes identifying, via a processor, selected data for encryption. Encryption is applied to the selected data, to produce encrypted data. A query is received at the processor, the query originating from a software application. The query is translated into a modified query compatible with the encrypted data. The processor causes execution of the modified query, to produce query results. The query results include a subset of the encrypted data. The query results are sent to the software application without decrypting the subset of the encrypted data.