Abstract: Systems and methods are described for intelligent software patch management. In an example, a system can receive a selection of device attributes. The system can associate a group of computing devices with attribute values that correspond to each device. The system can also create value pairs of unique pairs of values for each computing device. The system can select a set of computing devices for a deployment ring that maximizes diversity of the values or value pairs. The system can deploy the software patch to the selected devices and monitor device performance for a predetermined period of time before continuing to the next deployment ring or rolling back the update.

Abstract: Systems and methods are described for intelligent software patch management. In an example, a system can receive a selection of device attributes. The system can associate a group of computing devices with attribute values that correspond to each device. The system can also create value pairs of unique pairs of values for each computing device. The system can select a set of computing devices for a deployment ring that maximizes diversity of the values or value pairs. The system can deploy the software patch to the selected devices and monitor device performance for a predetermined period of time before continuing to the next deployment ring or rolling back the update.

Abstract: Systems and methods are described for intelligent software patch management. In an example, a system can receive a selection of device attributes. The system can associate a group of computing devices with attribute values that correspond to each device. The system can also create value pairs of unique pairs of values for each computing device. The system can select a set of computing devices for a deployment ring that maximizes diversity of the values or value pairs. The system can deploy the software patch to the selected devices and monitor device performance for a predetermined period of time before continuing to the next deployment ring or rolling back the update.

Abstract: Systems and methods are described for intelligent software patch management. In an example, a system can receive a selection of device attributes. The system can associate a group of computing devices with attribute values that correspond to each device. The system can also create value pairs of unique pairs of values for each computing device. The system can select a set of computing devices for a deployment ring that maximizes diversity of the values or value pairs. The system can deploy the software patch to the selected devices and monitor device performance for a predetermined period of time before continuing to the next deployment ring or rolling back the update.

Abstract: Disclosed is a system for detecting security threats in a local network. A security analytics system collects data about entities in the local network. The raw data can be filtered to extract data fields from the raw data that are relevant to detecting security threats in the local network. The filtered data can be converted into structured data that formats the information in the filtered data. The structured data may be formatted based on a set of schema, and can be used to generate a set of features. The security analytics system can use the generated features to build machine-learned models of the behavior of entities in the local network. The security analytics system can use the machine-learned models to generate threat scores representing the likelihood a security threat is present. The security analytics system can provide an indication of the security threat to a user.

Abstract: Disclosed is a system for detecting security threats in a local network. A security analytics system collects data about entities in the local network. The security analytics system parses the raw data into data fields. The security analytics system identifies a subset of the data fields based on the relevance of the data fields to detecting security threats in the local network. The security analytics system generates filtered data containing the subset of data fields and generates structured data based on the filtered data. The security analytics system identifies relationships between the plurality of entities, generates a set of features based on the structured data and the identified relationships, and generates one or more threat scores based on the set of features. The security analytics system detects malicious behavior performed by an entity in the local network based on the generated threat scores.

Abstract: Disclosed is a system for detecting security threats in a local network. A security analytics system collects data about entities in the local network. The security analytics system identifies the entities in the raw data and determines a set of properties about each of the identified entities. The entity properties contain information about the entity and can be temporary or permanent properties about the entity. The security analytics system determines relationships between the identified entities and can be determined based on the entity properties for the identified properties. An entity graph is generated that describes the entity relationships, wherein the nodes of the entity graph represent entities and the edges of the entity graph represent entity relationships. The security analytics system provides a user interface to a user that contains the entity graph and the relationships described therein.

Abstract: Disclosed is a system for detecting security threats in a local network. A security analytics system collects data about entities in the local network. The raw data can be filtered to extract data fields from the raw data that are relevant to detecting security threats in the local network. The filtered data can be converted into structured data that formats the information in the filtered data. The structured data may be formatted based on a set of schema, and can be used to generate a set of features. The security analytics system can use the generated features to build machine-learned models of the behavior of entities in the local network. The security analytics system can use the machine-learned models to generate threat scores representing the likelihood a security threat is present. The security analytics system can provide an indication of the security threat to a user.

Abstract: Disclosed is a system for detecting security threats in a local network. A security analytics system collects data about entities in the local network. The security analytics system parses the raw data into data fields. The security analytics system identifies a subset of the data fields based on the relevance of the data fields to detecting security threats in the local network. The security analytics system generates filtered data containing the subset of data fields and generates structured data based on the filtered data. The security analytics system identifies relationships between the plurality of entities, generates a set of features based on the structured data and the identified relationships, and generates one or more threat scores based on the set of features. The security analytics system detects malicious behavior performed by an entity in the local network based on the generated threat scores.

Abstract: Disclosed is a system for detecting security threats in a local network. A security analytics system collects data about entities in the local network. The security analytics system identifies the entities in the raw data and determines a set of properties about each of the identified entities. The entity properties contain information about the entity and can be temporary or permanent properties about the entity. The security analytics system determines relationships between the identified entities and can be determined based on the entity properties for the identified properties. An entity graph is generated that describes the entity relationships, wherein the nodes of the entity graph represent entities and the edges of the entity graph represent entity relationships. The security analytics system provides a user interface to a user that contains the entity graph and the relationships described therein.

Abstract: Embodiments disclosed herein seamlessly integrate several components into a comprehensive collusion detection and traffic quality prediction system, including a strong modeling module for processing historical click data and transforming potential collusions hidden therein into solvable graph partitioning (network) and/or vector space clustering (pattern) models, a scalable and robust toolkit comprising a plurality of graph partitioning and clustering heuristics for analyzing and generating high density subgraphs and high dimensional clusters or groups, and a post processing module for extracting entities from the subgraphs and clusters and placing them on global block lists. Entities thus listed can be blocked from client networks in real time. As such, high traffic quality can be predicted. A job scheduler may schedule individual jobs from the modeling module based on the number of available resources in a distributed computing environment to minimize completion time while balancing load.

Abstract: Embodiments disclosed herein provide a practical solution for click fraud detection. One embodiment of a method may comprise constructing representations of entities via a graph network framework. The representations, graphs or vector spaces, may capture information pertaining to clicks by botnets/click farms. To detect click fraud, each representation may be analyzed in the context of clustering, resulting in large data sets with respect to time, frequency, or gap between clicks. Highly accurate and highly scalable heuristics may be developed/applied to identify IP addresses that indicate potential collusion.