Abstract: A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

Abstract: Outbound traffic of a host application may be received from a host device having a host processor. The secure resource may be configured to provide a secure transaction based on the outbound network traffic. Using a second processor different than the host processor, it may be determined whether the host application is authorized to provide the outbound network traffic to the secure resource. The outbound network traffic may be allowed to be forwarded to the secure resource if the host application is authorized. The outbound network traffic may be disallowed to be forwarded to the secure resource if the host application is not authorized.

Abstract: A computer performs dynamic address isolation. The computer comprises an application associated with an application address, a network interface coupled to receive incoming data packets from and transmit outgoing data packets to an external network, a network address translation engine configured to translate between the application address and a public address, and a driver for automatically forwarding the outgoing data packets to the network address translation engine to translate the application address to the public address, and for automatically forwarding the incoming data packets to the network address translation engine to translate the public address to the application address. The computer may communicate with a firewall configured to handle both network-level security and application-level security.

Abstract: A deception management system to detect attackers within a dynamically changing network of computer resources, including a deployment governor dynamically designating deception policies, each deception policy including names of non-existing web servers, and levels of diversity for planting the names of non-existing web servers in browser histories of web browsers within resources of the network, the levels of diversity specifying how densely the name of each non-existing web server is planted within resources of the network, a deception deployer dynamically planting the names of non-existing web servers in the browser histories of the web browsers in resources in the network, in accordance with the levels of diversity of the current deception policy, and a notification processor transmitting an alert to an administrator of the network in response to an attempt to access one of the non-existing web servers.

Abstract: A secure data exchange system comprising a security device including a first external device plug, and a security engine operative to enforce a security policy on data transfer requests received from the host; an external device including a second external device plug; and a host including a first external device port operative to communicatively couple with the first external device plug, a second external device port operative to communicatively couple with the second external device plug, and a driver, e.g., a redirect driver, operative to transfer a data transfer request to the security device before executing the data transfer request.

Abstract: Outbound traffic of a host application may be received from a host device having a host processor. The secure resource may be configured to provide a secure transaction based on the outbound network traffic. Using a second processor different than the host processor, it may be determined whether the host application is authorized to provide the outbound network traffic to the secure resource. The outbound network traffic may be allowed to be forwarded to the secure resource if the host application is authorized. The outbound network traffic may be disallowed to be forwarded to the secure resource if the host application is not authorized.

Abstract: A network surveillance system, including a management server within a network of resources in which users access the resources in the network based on credentials, including a deployment module planting honeytokens in resources in the network, wherein a honeytoken is an object in memory or storage of a first resource that may be used by an attacker to access a second resource using decoy credentials, and wherein the deployment module plants a first honeytoken in a first resource, R1, used to access a second resource, R2, using first decoy credentials, and plants a second honeytoken in R2, used to access a third resource, R3, using second decoy credentials, and an alert module alerting that an attacker is intruding the network only in response to both an attempt to access R2 using the first decoy credentials, and a subsequent attempt to access R3 using the second decoy credentials.

Abstract: Outbound traffic of a host application may be received from a host device having a host processor. The secure resource may be configured to provide a secure transaction based on the outbound network traffic. Using a second processor different than the host processor, it may be determined whether the host application is authorized to provide the outbound network traffic to the secure resource. The outbound network traffic may be allowed to be forwarded to the secure resource if the host application is authorized. The outbound network traffic may be disallowed to be forwarded to the secure resource if the host application is not authorized.

Abstract: A system for network surveillance to detect attackers, including a deception management server within a network of resources, including a deployment module managing and planting one or more decoy attack vectors in one or more of the resources in the network, wherein an attack vector is an object in memory or storage of a first resource that may be used to access a second resource, and one or more decoy servers accessible from resources in the network, each decoy server including an alert module that issues an alert when a specific resource in the network accesses the decoy server via one or more of the decoy attack vectors planted in the specific resource by the deployment module, and a delay module, delaying access to data on the decoy server while a resource accesses the decoy server.

Abstract: A deception management system to detect attackers within a dynamically changing network of computer resources, including a deployment governor dynamically designating deception policies, each deception policy including names of non-existing web servers, and levels of diversity for planting the names of non-existing web servers in browser histories of web browsers within resources of the network, the levels of diversity specifying how densely the name of each non-existing web server is planted within resources of the network, a deception deployer dynamically planting the names of non-existing web servers in the browser histories of the web browsers in resources in the network, in accordance with the levels of diversity of the current deception policy, and a notification processor transmitting an alert to an administrator of the network in response to an attempt to access one of the non-existing web servers.

Abstract: A method for cyber security, including detecting, by a management server, a breach by an attacker of a resource within a network of resources, predicting, by the management server, an attacker target subnet, based on connections created during the breach, and isolating, by the management server, the target subnet in response to the predicting a target subnet.

Abstract: Systems and methods for providing security services during a power management mode are disclosed. In some embodiments, a method comprises detecting with a mobile security system a wake event on a mobile device, providing from the mobile security system a wake signal, the providing being in response to the wake event to wake a mobile device from a power management mode, and managing with the mobile security system security services of the mobile device. Managing security services may comprise scanning a hard drive of the mobile devices for viruses and/or other malware. Managing security services may also comprise updating security applications or scanning the mobile device for unauthorized data.

Abstract: A cyber security system comprising circuitry of a decoy deployer planting one or more decoy lateral attack vectors in each of a first and a second group of resources within a common enterprise network of resources, the first and second groups of resources having different characteristics in terms of subnets, naming conventions, DNS aliases, listening ports, users and their privileges, and installed applications, wherein a lateral attack vector is an object of a first resource within the network that has a potential to be used by an attacker who discovered the first resource to further discover information regarding a second resource within the network, the second resource being previously undiscovered by the attacker, and wherein the decoy lateral attack vectors in the first group conform to the characteristics of the first group, and the decoy lateral attack vectors in the second group conform to the characteristics of the second group.

Abstract: A method for cyber security, including detecting, by a management server, a breach by an attacker of a resource within a network of resources, wherein access to the resources via network connections is governed by a firewall, predicting, by the management server, which servers in the network are compromised, based on connections created during the breach, and creating, by the management server, firewall rules to block access to the predicted compromised servers from the breached resource, in response to said predicting which servers.

Abstract: A secure data exchange system comprising a security device including a first external device plug, and a security engine operative to enforce a security policy on data transfer requests received from the host; an external device including a second external device plug; and a host including a first external device port operative to communicatively couple with the first external device plug, a second external device port operative to communicatively couple with the second external device plug, and a driver, e.g., a redirect driver, operative to transfer a data transfer request to the security device before executing the data transfer request.

Abstract: A system for augmenting an attacker map of a network of resources, including a deception management server within a network of resources, generating an attacker map for the network, the attacker map including one or more attack paths traversing some or all of the resources, each attack path corresponding to one or more successive attack vectors, wherein an attack vector is an object in memory or storage of a first resource of the network that may potentially lead an attacker to a second resource of the network, and a deployment module for planting one or more decoy attack vectors in some of all of the resources of the network, wherein the deception management server generates an augmented attacker map by augmenting the attack paths based on the decoy attack vectors added by the deployment module.

Abstract: A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

Abstract: A method for cyber security, including detecting, by a management server, a breach by an attacker of a resource within a network of resources, wherein access to the resources via network connections is governed by a firewall, predicting, by the management server, which servers in the network are compromised, based on connections created during the breach, and creating, by the management server, firewall rules to block access to the predicted compromised servers from the breached resource, in response to said predicting which servers.

Abstract: Systems and methods for providing security services during a power management mode are disclosed. In some embodiments, a method comprises detecting with a mobile security system a wake event on a mobile device, providing from the mobile security system a wake signal, the providing being in response to the wake event to wake a mobile device from a power management mode, and managing with the mobile security system security services of the mobile device. Managing security services may comprise scanning a hard drive of the mobile devices for viruses and/or other malware. Managing security services may also comprise updating security applications or scanning the mobile device for unauthorized data.

Abstract: A computer performs dynamic address isolation. The computer comprises an application associated with an application address, a network interface coupled to receive incoming data packets from and transmit outgoing data packets to an external network, a network address translation engine configured to translate between the application address and a public address, and a driver for automatically forwarding the outgoing data packets to the network address translation engine to translate the application address to the public address, and for automatically forwarding the incoming data packets to the network address translation engine to translate the public address to the application address. The computer may communicate with a firewall configured to handle both network-level security and application-level security.