Abstract: Methods, systems, and devices for asset discovery, user discovery, data classification, risk evaluation, and data/device security are described. The method includes retrieving data stored at one or more remote locations, summarizing the retrieved data at the one or more remote locations, transferring the summarized data from the one or more remote locations to the at least one computing device, processing the transferred data by the at least one computing device, discovering assets in technology environments, classifying data that resides on each asset of the discovered assets into a respective confidentiality group of multiple confidentiality groups, calculating one or more risk scores for the discovered assets or users of the discovered assets, or both, and performing a security action to protect data that resides on an asset of the discovered assets.

Abstract: Methods, systems, and devices for asset discovery, user discovery, data classification, risk evaluation, and data/device security are described. The method includes retrieving data stored at one or more remote locations, summarizing the retrieved data at the one or more remote locations, transferring the summarized data from the one or more remote locations to the at least one computing device, processing the transferred data by the at least one computing device, discovering assets in technology environments, classifying data that resides on each asset of the discovered assets into a respective confidentiality group of multiple confidentiality groups, calculating one or more risk scores for the discovered assets or users of the discovered assets, or both, and performing a security action to protect data that resides on an asset of the discovered assets.

Abstract: The disclosed computer-implemented method for labeling automatically generated reports may include (i) identifying incident reports that describe incidents that each involve at least one computing system and that comprise automatically collected information about the incidents and a manually analyzed subset of incident reports that comprise manually generated information, (ii) assigning at least one label to at least one incident report in the manually analyzed subset based on applying a machine learning model to the manually generated information, (iii) deriving, from the automatically collected information, a set of features that describe incident reports, (iv) propagating at least one label from a labeled incident report to an incident report that is not in the manually analyzed subset and that comprises similar features with the labeled incident report, and (v) performing an action related to the label on the incident report. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for labeling automatically generated reports may include (i) identifying incident reports that describe incidents that each involve at least one computing system and that comprise automatically collected information about the incidents and a manually analyzed subset of incident reports that comprise manually generated information, (ii) assigning at least one label to at least one incident report in the manually analyzed subset based on applying a machine learning model to the manually generated information, (iii) deriving, from the automatically collected information, a set of features that describe incident reports, (iv) propagating at least one label from a labeled incident report to an incident report that is not in the manually analyzed subset and that comprises similar features with the labeled incident report, and (v) performing an action related to the label on the incident report. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Securing compromised network devices in a network. In one embodiment, a method may include (a) identifying a Positive Unlabeled (PU) machine learning classifier, (b) selecting labeled positive samples and unlabeled positive and negative samples as a bootstrap subset of training data from a set of training data, (c) training the PU machine learning classifier, (d) repeating (a)-(c) one or more times to create a set of trained PU machine learning classifiers, (e) predicting probabilities that a network device in a network has been compromised using each of the trained PU machine learning classifiers, (f) combining the probabilities predicted at (e) to generate a combined risk score for the network device, (g) repeating (e)-(f) one or more times to create a ranked list of combined risk scores, and (h) performing a security action on one or more of the network devices in the ranked list.