Abstract: Disclosed is a cloud-based security system implemented in a forward proxy that provides generative artificial intelligence (GenAI) traffic inspection to protect against security and privacy concerns related to GenAI use for protected endpoints. The security system intercepts requests and determines whether those requests are directed to a GenAI application. The security system includes a GenAI request classifier trained to classify prompts submitted to GenAI applications as one of benign, prompt injection attack, or uploaded files. The security system further includes a GenAI response classifier trained to classify responses from GenAI applications as one of normal, leaked system prompt, leaked user uploaded files, or leaked training data.

Abstract: Systems, methods, and related technologies for classification are described. In certain aspects, a plurality of device classification methods with associated models are accessed. Each of the classification methods have an associated reliability level. The models of classification methods with a higher reliability level than other classifications methods are used to at least one of train or tune the models associated with lower reliability level.

Abstract: Provided are a composite separator, which includes: a first base film, a second base film, and a coating disposes between the first base film and the second base film, a peel force between the first base film and the coating is equal to or higher than 10 N/mm; and/or a peel force between the second base film and the coating is equal to or higher than 10 N/mm. By configuring the composite separator of the present application as a structure of first base film-coating-second base film, the mechanical strength of the composite separator can be effectively maintained, the peeling performance can be ensured, thereby effectively increasing the heat resistance, reducing the influence of thermal effects on the composite separator, and ensuring the safety of the battery over an extended period of use.

Abstract: A separator and a preparation method thereof, a secondary battery, and an electric apparatus are described. The separator includes a first base film and a coating provided on at least one surface of the first base film. The coating includes a thermosensitive functional material. The thermosensitive functional material includes a high-temperature-resistant core layer and a thermosensitive surface layer at least partially enveloping the high-temperature-resistant core layer. The high-temperature-resistant core layer includes one or more of organic polymer fiber and inorganic particle that is surface-modified by a silane coupling agent. This application relates to corresponding preparation method of separator, secondary battery, and electric apparatus. The separator has low pore-closing temperature and high puncture strength, thereby improving the safety performance of the corresponding battery.

Abstract: Systems, methods, and related technologies for profiling an entity and classifying an entity based on a profile are described. In certain aspects, data associated with communications of a first entity on a network are accessed, behaviors are determined based on the data associated with the communications of the first entity, and sequences of the behaviors of the first entity are determined. A profile of the first entity is determined based on the sequences of the behaviors, the profile including a classification of the first entity, a state machine of the profile of the first entity is determined, the state machine being associated with the classification against which the behaviors can be matched, a second entity is detected coming onto the network, and responsive to detecting the second entity coming onto the network, the second entity is classified based on the state machine of the profile of the first entity.

Abstract: Systems, methods, and related technologies for device classification are described. Methods include determining device information associated with a device coupled to a network, the device information including information obtained from one or more sources, classifying the device using the device information as input to a classifier, and applying a policy to the device based on the classification of the device.

Abstract: Disclosed are methods and systems for customizing a deep learning (“DL”) stack to detect organization sensitive data in images, referred to as image-borne organization sensitive documents, and protecting against loss of the image-borne organization sensitive documents. The methods and systems include distributing a trained master DL stack with stored parameters to a plurality of organizations. Providing at least some of the organizations with a DL stack update trainer, under the organizations' control, configured to save, during generation of updated DL stacks, non-invertible features derived from images of organization-sensitive training examples, ground truth labels for the images, and parameters of the updated DL stacks. Receiving, from at least one of the DL stack update trainers, organization-specific examples including the non-invertible features and the ground truth labels, without receiving images of the organization-specific examples.

Abstract: Presented is a network security system (NSS) that reliably detects malleable C2 traffic. The NSS intercepts outgoing transactions from user devices associated with user accounts. The NSS filters out transactions to known benign servers and analyzes remaining transactions for indicators of malleable command and control (C2) including heuristic, anomalous, and pattern-based detections. The NSS lowers the user confidence score associated with the user account or the user device based on the severity and number of detected indicators for each impacted outgoing transaction. When the user confidence score decreases below a threshold, the NSS implements a restricted security protocol for future outgoing transactions. Based on the detected indications, the NSS can identify malleable C2 attacker servers and add them to a blacklist of destination servers to further identify infected user accounts and devices.

Abstract: Disclosed are methods and systems for detecting screenshot images and protecting against loss of sensitive screenshot-borne data. One disclosed method includes collecting examples of the screenshot images and non-screenshot images and creating labelled ground-truth data for the examples. The method also includes applying re-rendering of at least some of the collected example screenshot images to represent different variations of screenshots that may contain sensitive information, and further includes training a deep learning stack by forward inference and back propagation using labelled ground-truth data for the screenshot images and the examples of the non-screenshot images. The method further includes using results of the back propagation to configure parameters of the trained DL stack for inference from images in production. Also disclosed is applying a screenshot robot to collect the examples of the screenshot images and non-screenshot images.

Abstract: The disclosed technology facilitates User and Entity Behavior Analytics (UEBA) by classifying a file being transferred as encrypted or not. The technology involves monitoring movement of a files by a user over a wide area network, detecting file encryption for the files using a trained classifier, wherein the detecting includes processing by the classifier some or all of the following features extracted from each of the files: a chi-square randomness test; an arithmetic mean test; a serial correlation coefficient test; a Monte Carlo-Pi test; and a Shannon entropy test, counting a number of the encrypted files moved by the user in a predetermined period, comparing a predetermined maximum number of encrypted files allowed in the predetermined period to the count of the encrypted files moved by the user and detecting that the user has moved more encrypted files than the predetermined maximum number, and generating an alert.

Abstract: Systems, methods, and related technologies for classification are described. In certain aspects, a plurality of device classification methods with associated models are accessed. Each of the classification methods have an associated reliability level. The models of classification methods with a higher reliability level than other classifications methods are used to at least one of train or tune the models associated with lower reliability level.

Abstract: Device scanning aspects are described. In certain aspects, the method includes performing a scan of a device based on a port forwarding policy.

Abstract: The disclosed technology teaches facilitate User and Entity Behavior Analytics (UEBA) by classifying a file being transferred as encrypted or not. The technology involves monitoring movement of a files by a user over a wide area network, detecting file encryption for the files using a trained classifier, wherein the detecting includes processing by the classifier some or all of the following features extracted from each of the files: a chi-square randomness test; an arithmetic mean test; a serial correlation coefficient test; a Monte Carlo-Pi test; and a Shannon entropy test, counting a number of the encrypted files moved by the user in a predetermined period, comparing a predetermined maximum number of encrypted files allowed in the predetermined period to the count of the encrypted files moved by the user and detecting that the user has moved more encrypted files than the predetermined maximum number, and generating an alert.

Abstract: Systems, methods, and related technologies for self-training classification are described. In certain aspects, a plurality of device classification methods with associated models are accessed. Each of the classification methods have an associated reliability level. The models of classification methods with a higher reliability level than other classifications methods are used to train the models associated with lower reliability level. The trained models and associated classification methods are thus improved.

Abstract: Device scanning aspects are described. In certain aspects, the method includes configuring a port forwarding policy on a first device based on a network session information, performing a scan of a second device based on a port forwarding policy.

Abstract: Systems, methods, and related technologies for profiling an entity and classifying an entity based on a profile are described. In certain aspects, data associated with communications of a first entity on a network are accessed, behaviors are determined based on the data associated with the communications of the first entity, and sequences of the behaviors of the first entity are determined. A profile of the first entity is determined based on the sequences of the behaviors, the profile including a classification of the first entity, a state machine of the profile of the first entity is determined, the state machine being associated with the classification against which the behaviors can be matched, a second entity is detected coming onto the network, and responsive to detecting the second entity coming onto the network, the second entity is classified based on the state machine of the profile of the first entity.

Abstract: The technology disclosed relates to configuring IoT devices for policy enforcement. In particular, the technology disclosed relates to configuring a plurality of special-purpose devices on a network segment of a network to steer outbound network traffic to an inline secure forwarder on the network segment instead of a default gateway on the network segment. The inline secure forwarder is configured to route the outbound network traffic to a policy enforcement point for a policy enforcement.

Abstract: The technology disclosed relates to a method, system, and non-transitory computer-readable media that trains a cloud traffic classifier to classify cross-application communications as malicious command and control (C2) traffic or benign cloud traffic. The training uses blocks of malicious Hypertext Transfer Protocol (HTTP) transactions targeted at a plurality of cloud applications by a plurality of clients prequalified as malicious command and control (C2) cloud traffic, and also blocks of benign HTTP transactions targeted at the plurality of cloud applications by the plurality of clients prequalified as benign cloud traffic. A cloud traffic classifier is trained on the cross-application malicious training example set and on the cross-application benign training example set by processing the blocks of the malicious and benign HTTP transactions as inputs, and generating outputs that classify the training examples as respectively malicious C2 cloud traffic or benign cloud traffic.

Abstract: The technology disclosed relates to a method, system, and non-transitory computer-readable media that detects malicious communication between a command and control (C2) cloud resource on a cloud application and malware on an infected host, using a network security system. The network security system reroutes the cloud traffic to the network security system. The incoming requests of the cloud traffic are directed to a cloud application in the plurality of cloud applications, and wherein the cloud application has a plurality of resources. The network security system analyzes the incoming requests, determines that the incoming requests are targeted at one or more malicious resources in the plurality of resources.

Abstract: The disclosed technology teaches facilitate User and Entity Behavior Analytics (UEBA) by classifying a file being transferred as encrypted or not. The technology involves monitoring movement of a files by a user over a wide area network, detecting file encryption for the files using a trained classifier, wherein the detecting includes processing by the classifier some or all of the following features extracted from each of the files: a chi-square randomness test; an arithmetic mean test; a serial correlation coefficient test; a Monte Carlo-Pi test; and a Shannon entropy test, counting a number of the encrypted files moved by the user in a predetermined period, comparing a predetermined maximum number of encrypted files allowed in the predetermined period to the count of the encrypted files moved by the user and detecting that the user has moved more encrypted files than the predetermined maximum number, and generating an alert.