Abstract: A particular activity performed by a particular user of a computing device is identified, for instance, by an agent installed on the computing device. It is determined that the particular activity qualifies as a particular use violation in a plurality of pre-defined use violations. A behavioral risk score for the particular score for the user is determined based at least in part on the determination that the particular activity of the particular user qualifies as a particular use violation. Determining that the particular activity qualifies as a particular use violation can include determining that the particular activity violates a particular rule or event trigger corresponding to a particular pre-defined use violation.

Abstract: In an example, there is disclosed a computing apparatus, having: a network interface; and one or more logic elements providing a name management engine, operable to: receive a self-assigned name registration request for a name N1 from an endpoint device via the network interface; compare N1 to a database of registered names; determine that the name has not been registered; and sign a certificate for N1. The engine is further operable to determine that the name has been registered, and send a notification that the name is not available. There is also disclosed a computer-readable medium having executable instructions for providing a name management engine, and a method of providing a name management engine.

Abstract: Opportunistic scans can be performed by identifying, using at least one processing device, a detection of a particular computing device on a network of a computing environment. At least one scan to be performed on the detected particular computing device can be is identified and a particular scan engine, in a plurality of scan engines, is identified that is adapted to perform the at least one scan. The at least one scan is caused to be performed on the detected particular computing device while the detected particular computing device is on the network using the particular scan engine.

Abstract: A secure identifier is derived, using a secured microcontroller of a computing device, that is unique to a pairing of the computing device and a particular domain. Secure posture data corresponding to attributes of the computing device is identified in secured memory of the computing device. The secure identifier and security posture is sent in a secured container to a management device of the particular domain. The particular domain can utilize the information in the secured container to authenticate the computing device and determine a security task to be performed relating to interactions of the computing device with the particular domain.

Abstract: Techniques are disclosed for provisioning Internet of Things (IoT) devices in accordance with a state machine model. More particularly, collections of IoT devices may be organized into enclaves, groups or “shoals” that operate as autonomous or semi-autonomous groups of devices functioning as a collective having a common objective or mission. IoT devices participating in a shoal may be provisioned with shoal-specific context information as part of their device-specific provisioning activity. By way of example, a shoal context object can include a current state variable and a target next state variable. The shoal's target next state variable establishes a goal (e.g., for provisioning activity) without dictating how the individual shoal members (IoT device) are to achieve that goal. This mechanism may be used to drive a shoal's separate devices through their individual provisioning state machines until the shoal itself is made operational.

Abstract: Techniques are disclosed for provisioning Internet of Things (IoT) devices in accordance with a state machine model. More particularly, collections of IoT devices may be organized into enclaves, groups or “shoals” that operate as autonomous or semi-autonomous groups of devices functioning as a collective having a common objective or mission. IoT devices participating in a shoal may be provisioned with shoal-specific context information as part of their device-specific provisioning activity. By way of example, a shoal context object can include a current state variable and a target next state variable. The shoal's target next state variable establishes a goal (e.g., for provisioning activity) without dictating how the individual shoal members (IoT device) are to achieve that goal. This mechanism may be used to drive a shoal's separate devices through their individual provisioning state machines until the shoal itself is made operational.

Abstract: A secure identifier is derived, using a secured microcontroller of a computing device, that is unique to a pairing of the computing device and a particular domain. Secure posture data corresponding to attributes of the computing device is identified in secured memory of the computing device. The secure identifier and security posture is sent in a secured container to a management device of the particular domain. The particular domain can utilize the information in the secured container to authenticate the computing device and determine a security task to be performed relating to interactions of the computing device with the particular domain.

Abstract: A particular scan set to be performed on at least a portion of a computing environment is identified. A particular scan engine, in a plurality of scan engines, is identified that is adapted to perform at least one scan in the particular scan set, each scan engine in the plurality of scan engines adapted to perform one or more scans on one or more host devices in the computing environment. A request is sent to the particular scan engine to perform the at least one scan in the particular scan set and scan result data is received from the particular scan engine corresponding to the at least one scan in the particular scan set.

Abstract: An opportunity for a computing device to participate in a secure session with a particular domain is identified. A domain identifier of the particular domain is received and a secured microcontroller of the computing device is used to identify a secured, persistent hardware identifier of the computing device stored in secured memory of the computing device. A secure identifier is derived for a pairing of the computing device and the particular domain based on the hardware identifier and domain identifier of the particular domain and the secure identifier is transmitted over a secured channel to the particular domain. The particular domain can verify identity of the computing device from the secure identifier and apply security policies to transactions involving the computing device and the particular domain based at least in part on the secure identifier.

Abstract: Attribute data of an endpoint computing device is collected that describes attributes of the endpoint computing device. The attribute data is communicated to a security score generator and security score data is received for the endpoint computing device. A graphical dashboard interface is caused to be presented on a display device, the dashboard interface presenting a plurality of security ratings based on the security score data, each security rating representing an amount of risk determined to be associated with a corresponding user activity on the endpoint device in a plurality of user activities.

Abstract: A query is received from a particular endpoint device identifying a particular wireless access point encountered by the particular endpoint device. Pre-existing risk assessment data is identified for the identified particular wireless access point and query result data is sent to the particular endpoint device characterizing pre-assessed risk associated with the particular wireless access point. In some instances, the query result data is generated based on the pre-existing risk assessment data. In some instances, pre-existing risk assessment data can be the result of an earlier risk assessment carried-out at least in part by an endpoint device interfacing with and testing the particular wireless access point.

Abstract: An opportunity for a computing device to participate in a secure session with a particular domain is identified. A domain identifier of the particular domain is received and a secured microcontroller of the computing device is used to identify a secured, persistent hardware identifier of the computing device stored in secured memory of the computing device. A secure identifier is derived for a pairing of the computing device and the particular domain based on the hardware identifier and domain identifier of the particular domain and the secure identifier is transmitted over a secured channel to the particular domain. The particular domain can verify identity of the computing device from the secure identifier and apply security policies to transactions involving the computing device and the particular domain based at least in part on the secure identifier.

Abstract: A pluggable asset detection engine is used to identify devices within a network. The pluggable asset detection engine includes a set of pluggable discovery sensors and is adapted to identify particular address information of a particular computing device within a network, using a first pluggable discovery sensor in the set of discovery sensors, and send an identification of the particular address information of the particular computing device to an asset management system for inclusion of the particular address information in an asset repository managed by the asset management system.

Abstract: A first computing device is detected as substantially collocated with a wireless storage device, using a short-range wireless communication network. A connection is established between the first computing device and the wireless storage device over the short-range wireless network. Data stored in memory of the wireless storage device is sent from the wireless storage device to the first computing device over the short-range wireless network for a presentation of the data using a user interface of the first computing device. The wireless storage device lacks user interfaces for the presentation of the data. In some instances, authentication of either or both of the first computing device or wireless storage device can be accomplished through communication between the first computing device and wireless storage device over the short-range wireless communication network.

Abstract: A plurality of devices in a system are identified, each device having an operational context. One of a plurality of agents are identified for each of the plurality of devices, which correspond to the device. Data is received from the plurality of agents that describes security attributes of the plurality of devices. Policy data is sent to each of the plurality of agents to cause a set of security policies to be applied to the plurality of devices through the security management instances. Each of the plurality of agents can be provided in a respective security management instance separate from the operational context.

Abstract: A virtualization environment is provided to include a security management instance and an application instance. The application instance is separated from the security management instance and includes a first operating system and a particular software application. The security management instance includes a second operating system and one or more security tools to provide security for the particular application. Data for the application instance is received at the security management instance, the data is processed using at least one of the security tools, and the processed data is securely passed from the security management instance to the application instance.

Abstract: A connection is established between a network gateway and a particular device. An identity is generated for the particular device and a secure communication tunnel is established with another device at the network gateway using the identity. The secure communication tunnel can be established by the network gateway on behalf of the other device and is for use by the particular device to communicate with the other device. Data to be received from the other device over the secure communication tunnel can be sent on the connection to the particular device.

Abstract: A first communication device is detected as being substantially collocated with a second communication device using a short-range wireless network. A connection is established between the first and second communication devices over the short-range wireless network. In some instances, authentication data can be sent from the second communication device to the first communication device to authenticate a user to the first communication device. Further, input is received from the first communication device over the short-range wireless network specifying a telephone number for a telephone call using the second communication device. A connection is established between the second communication device and a cellular base station to initiate the telephone call with a third communication device associated with the telephone number. In some instances, the second communication device is a wireless headset device.

Abstract: A particular activity performed by a particular user of a computing device is identified, for instance, by an agent installed on the computing device. It is determined that the particular activity qualifies as a particular use violation in a plurality of pre-defined use violations. A behavioral risk score for the particular score for the user is determined based at least in part on the determination that the particular activity of the particular user qualifies as a particular use violation. Determining that the particular activity qualifies as a particular use violation can include determining that the particular activity violates a particular rule or event trigger corresponding to a particular pre-defined use violation.

Abstract: A first communication device is detected as being substantially collocated with a second communication device using a short-range wireless network. A connection is established between the first and second communication devices over the short-range wireless network. In some instances, authentication data can be sent from the second communication device to the first communication device to authenticate a user to the first communication device. Further, input is received from the first communication device over the short-range wireless network specifying a telephone number for a telephone call using the second communication device. A connection is established between the second communication device and a cellular base station to initiate the telephone call with a third communication device associated with the telephone number. In some instances, the second communication device is a wireless headset device.