Abstract: A method includes accessing an input representing a software component list for a software product. The software component list contains information for a given software component. The method includes accessing a knowledge base to determine security level parameters and trust parameters for the given software component based on the information. A security level of the given software component is determined based on an evaluation of the security level parameters. A trust of a source of the given software component is determined based on an evaluation of the trust parameters. The method includes determining a security context of the software product. Based on the security level, the trust and the security context, the method includes providing a recommendation for the given software component.

Abstract: Aspects of vulnerability scanning are disclosed. In one example, configuration and context information of a first device for which vulnerability scanning is to be performed is obtained. The configuration information includes telemetry data of the first device. A second device is provisioned based on the configuration information to create a cloned first device. The vulnerability scanning is performed on the cloned first device based on the context information to obtain a scan report.

Abstract: A technique includes, in response to an exception occurring in the execution of a process on a computer, invoking an operating system service. The operating system service is used to sanitize data that is associated with the process and is stored in a memory of the computer. The data is associated with sensitive information.

Abstract: In some examples, a system receives information traffic communicated over a network by or with a system under test (SUT), and analyzes the information traffic to identify a potential attack point in the SUT and a technology used by the SUT. The system determines a collection of penetration tests for testing a stack comprising a plurality of layers associated with the SUT based on the identified potential attack point and the identified technology, and further based on a dynamic knowledge base that includes information relating to vulnerabilities and threats.

Abstract: Some examples relate to detecting a security intrusion in a computer system. In an example, the detection of the security intrusion may be performed by analyzing a plurality of log records generated corresponding to a plurality of milestone actions performed during invocation of an operation on the computing system, based on a rule-set. Upon detection of a deviation in the plurality of log record from the rule-set, a security action is performed.

Abstract: In some examples, a system receives input information relating to a security level for an information technology (IT) stack comprising a plurality of layers including a hardware layer and a software layer, where the input information is technology and product agnostic. The system discovers components of the plurality of layers of the IT stack, accesses a knowledge base that maps the security level and the discovered components to configuration instructions relating to security controls, and configures the IT stack with the security controls using the configuration instructions.

Abstract: Example implementations relate to application-specific policies for failing over from an edge site to a cloud. When an application becomes operational within an edge site, a discovery phase is performed by a local disaster recovery (DR) agent. I/O associated with a workload of the application is monitored. An I/O rate for data replication that satisfies latency characteristics of the application is predicted based on the incoming I/O. Based on results of tests against multiple clouds indicative of their respective RTO/RPO values, information regarding a selected cloud to serve as a secondary system is stored in an application-specific policy. The application-specific policy is transferred to a remote DR agent running in the selected cloud. Responsive to a failover event, infrastructure within a virtualized environment of the selected cloud is enabled to support a failover workload for the application based on the application-specific policy.

Abstract: Examples disclosed herein relate to systems and methods for generating and implementing a security profile. Disclosed methods may include the steps of generating a customer intent interface configured to receive input comprising a value associated with an intent parameter; receiving, via the customer intent interface, security intent information comprising the value and the intent parameter; generating a configuration file based on the security intent information; based on the configuration file, generating a security profile for a target device; and generating, by code generator framework, one or more scripts based on the security profile.

Abstract: Examples disclosed herein relate to performing an action based on a pre-boot measurement of a firmware image. In an example, at a firmware component in a system, a measurement of a firmware image may be determined prior to booting of the system, beginning from a hardware root of trust boot block, by a Trusted Platform Module (TPM) emulator engine that emulates a hardware-based TPM. A pre-determined measurement of the firmware image may be retrieved from a storage location within the system. The measurement of the firmware image may be compared with the pre-determined measurement of the firmware image prior to booting of the system. In response to a determination that the measurement of the firmware image is different from the pre-determined measurement of the firmware image, performing an action.

Abstract: Examples disclosed herein relate to approaches for securing a computing system. A management controller is to monitor a plurality of parameters of monitored controllers. The management controller provides each of the controllers a key to update the parameters. The management controller includes a representation of the parameters. A current version of one of the parameters is received from one of the monitored controllers. It is determined whether an unauthorized modification occurred to the current version of the first parameter using the representation.

Abstract: Aspects of vulnerability scanning are disclosed. In one example, configuration and context information of a first device for which vulnerability scanning is to be performed is obtained. The configuration information includes telemetry data of the first device. A second device is provisioned based on the configuration information to create a cloned first device. The vulnerability scanning is performed on the cloned first device based on the context information to obtain a scan report.

Abstract: In an example, a first metadata tag and a second metadata tag are added to first Personally Identifiable Information (PII) of a first user handled by a first application. The first PII is to be part of call home data captured from a hosting system. The first metadata tag may be indicative of security rules to be complied with for the first application and the second metadata tag may be indicative of security rules to be complied with for the first user. The first PII, the first metadata tag, and the second metadata tag may be protected and transmitted to a data processing center. The transmission may be in response to a determination to transmit the call home data.

Abstract: A method includes accessing an input representing a software component list for a software product. The software component list contains information for a given software component. The method includes accessing a knowledge base to determine security level parameters and trust parameters for the given software component based on the information. A security level of the given software component is determined based on an evaluation of the security level parameters. A trust of a source of the given software component is determined based on an evaluation of the trust parameters. The method includes determining a security context of the software product. Based on the security level, the trust and the security context, the method includes providing a recommendation for the given software component.

Abstract: In one example, a system is disclosed, which may include a network device, a new server connected to the network device, and a management server communicatively connected to a cloud-based service and the network device. The management server may include a server deployment engine to discover the new server in the system using the network device; obtain an encrypted data blob associated with the new server from the cloud-based service; establish a trust, via a secure protocol, with the new server using the encrypted data blob; and deploy the new server in the system upon establishing the trust with the new server.

Abstract: Systems and methods are provided for implementing an adaptive machine learning platform for security penetration and risk assessment. For example, the system can receive publicly-available information associated with a client computer system, process the information to identify an input feature, and implement a machine learning model to identify the corresponding risk associated with the input feature . The system can recommend a penetration test for discovered weaknesses associated with the input feature and help make changes to the client computer system to improve security and reduce risk overall.

Abstract: In some examples, a system receives input information relating to a security level for an information technology (IT) stack comprising a plurality of layers including a hardware layer and a software layer, where the input information is technology and product agnostic. The system discovers components of the plurality of layers of the IT stack, accesses a knowledge base that maps the security level and the discovered components to configuration instructions relating to security controls, and configures the IT stack with the security controls using the configuration instructions.

Abstract: Example implementations relate to application-specific policies for failing over from an edge site to a cloud. When an application becomes operational within an edge site, a discovery phase is performed by a local disaster recovery (DR) agent. I/O associated with a workload of the application is monitored. An I/O rate for data replication that satisfies latency characteristics of the application is predicted based on the incoming I/O. Based on results of tests against multiple clouds indicative of their respective RTO/RPO values, information regarding a selected cloud to serve as a secondary system is stored in an application-specific policy. The application-specific policy is transferred to a remote DR agent running in the selected cloud. Responsive to a failover event, infrastructure within a virtualized environment of the selected cloud is enabled to support a failover workload for the application based on the application-specific policy.

Abstract: Some examples relate to detecting a security intrusion in a computer system. In an example, the detection of the security intrusion may be performed by analyzing a plurality of log records generated corresponding to a plurality of milestone actions performed during invocation of an operation on the computing system, based on a rule-set. Upon detection of a deviation in the plurality of log record from the rule-set, a security action is performed.

Abstract: In some examples, a system receives information traffic communicated over a network by or with a system under test (SUT), and analyzes the information traffic to identify a potential attack point in the SUT and a technology used by the SUT. The system determines a collection of penetration tests for testing a stack comprising a plurality of layers associated with the SUT based on the identified potential attack point and the identified technology, and further based on a dynamic knowledge base that includes information relating to vulnerabilities and threats.

Abstract: Examples disclosed herein relate to determining malware using firmware of a computing device. Firmware can be used to determine that an indication is present that malware is present on the computing device. The firmware can be executed to perform a security action in response to the indication that malware is present on the computing device.