Abstract: A method is provided for identifying improperly redacted information in documents. The documents are analyzed to detect redacted areas and text elements and to identify an intersection between a redacted area and a text element. When an area of the intersection is greater than an intersection threshold, the document is identified as containing improperly redacted information.

Abstract: A method is provided for identifying improperly redacted information in documents. The documents are analyzed to detect redacted areas and text elements and to identify an intersection between a redacted area and a text element. When an area of the intersection is greater than an intersection threshold, the document is identified as containing improperly redacted information.

Abstract: Methods and systems for processing cryptographically secured connections by a gateway, between a client and a server, are performed. Upon receiving TCP and TLS/SSL handshakes associated with a client side connection, from a client (client computer) to the gateway, a probing connection is established. The probing connection completes the handshakes, and based on the completion of the handshakes, the gateway renders a decision, to bypass, block or inspect, the connections between the client and the server, allowing or not allowing data to pass through the connections between the client and the server.

Abstract: Methods and systems for processing cryptographically secured connections by a gateway, between a client and a server, are performed. Upon receiving TCP and TLS/SSL handshakes associated with a client side connection, from a client (client computer) to the gateway, a probing connection is established. The probing connection completes the handshakes, and based on the completion of the handshakes, the gateway renders a decision, to bypass, block or inspect, the connections between the client and the server, allowing or not allowing data to pass through the connections between the client and the server.

Abstract: The present invention is a computer system, such cooperator is coupled to a negotiator, which is associated with one of the peers, a client (client computer) or server (e.g., a computer), to a Transport Layer Security (TLS)/Secure Socket Layer (SSL) session and its associated handshake between the peers. The cooperator is configured such that it can obtain parts of the handshake between peers, without taking part in the handshake.

Abstract: Methods and systems for the detection of receipt of potentially malicious web content by a web clients are disclosed. These methods and systems comprise elements of hardware and software for obtaining a sandbox environment on a server, wherein the sandbox is configured according to the system characteristics of the client device, emulating web requests and responses of the web client in the sandbox; and analyzing the behavior of components in the sandbox during processing of received web content.

Abstract: Methods and systems for protecting components of a linked vehicle from cyber-attack are disclosed. These methods and systems comprise elements of hardware and software for receiving a packet; tunneling the packet to a terrestrial-based security service, analyzing whether the packet is harmful to a component in the vehicle, and at least one action to protect at least one component.

Abstract: Methods and systems for mitigating cyber attacks on components of an automotive communication system are disclosed. These methods and systems comprise elements of hardware and software for receiving a frame; determining whether the frame potentially affects correct operation of an automotive component; and, taking protective action.

Abstract: A network component has a set of one or more rules, each of which has a match component and an action component. If an incoming packet maps to the match component of a rule, then the packet is handled according to the rule's action component. If the rule also includes a limit component, then if the packet maps to the rule's match component, a family history of the rule is updated, and the packet is handled according to the rule's action component only if the rule's family history satisfies the rule's limit component.

Abstract: Methods and systems for protecting components of a linked vehicle from cyber-attack are disclosed. These methods and systems comprise elements of hardware and software for receiving a packet; tunneling the packet to a terrestrial-based security service, analyzing whether the packet is harmful to a component in the vehicle, and at least one action to protect at least one component.

Abstract: Methods and systems for the detection of receipt of potentially malicious web content by a web clients are disclosed. These methods and systems comprise elements of hardware and software for obtaining a sandbox environment on a server, wherein the sandbox is configured according to the system characteristics of the client device, emulating web requests and responses of the web client in the sandbox; and analyzing the behavior of components in the sandbox during processing of received web content.

Abstract: Methods and systems for mitigating cyber attacks on components of an automotive communication system are disclosed. These methods and systems comprise elements of hardware and software for receiving a frame; determining whether the frame potentially affects correct operation of an automotive component; and, taking protective action.

Abstract: A network component has a set of one or more rules, each of which has a match component and an action component. If an incoming packet maps to the match component of a rule, then the packet is handled according to the rule's action component. If the rule also includes a limit component, then if the packet maps to the rule's match component, a family history of the rule is updated, and the packet is handled according to the rule's action component only if the rule's family history satisfies the rule's limit component.

Abstract: A security gateway of a computer network receives incoming packets at one or more network interfaces. One or more security functions are applied to the packets. Reports of security function violations are recorded. The reports include the source addresses of the packets, the times that the packets were received, and descriptions of the violations. The descriptions include weights, and if the sum of the weights, for packets of a common source address that are received within a first time interval, exceeds a threshold, subsequent packets from that source address are dropped. Alternatively, in a “monitor only” mode, the common source address is logged but packets are not dropped. Optionally, encrypted packets and/or packets received at some network interfaces but not at other network interfaces are not dropped.

Abstract: A security gateway of a computer network receives incoming packets at one or more network interfaces. One or more security functions are applied to the packets. Reports of security function violations are recorded. The reports include the source addresses of the packets, the times that the packets were received, and descriptions of the violations. The descriptions include weights, and if the sum of the weights, for packets of a common source address that are received within a first time interval, exceeds a threshold, subsequent packets from that source address are dropped. Alternatively, in a “monitor only” mode, the common source address is logged but packets are not dropped. Optionally, encrypted packets and/or packets received at some network interfaces but not at other network interfaces are not dropped.

Abstract: The present invention discloses methods and media for hooking applications to monitor and prevent execution of security-sensitive operations, the method including the steps of: reading at least one configuration parameter list from a configuration module; hooking, by a hooking engine, a hooking point in an application, wherein the hooking point is defined in the configuration module; calling, by the application, the hooking point during operation of the application; matching at least one hooking parameter in the hooking point to at least one configuration parameter in at least one configuration parameter list; and upon detecting a match between the hooking parameter and at least one configuration parameter, performing at least one configuration-defined action. Preferably, the method further includes the step of: updating a state of the hooking engine. Preferably, the hooking engine is operative to prevent malicious operations by obfuscated code.

Abstract: The present invention discloses methods and media for hooking applications to monitor and prevent execution of security-sensitive operations, the method including the steps of: reading at least one configuration parameter list from a configuration module; hooking, by a hooking engine, a hooking point in an application, wherein the hooking point is defined in the configuration module; calling, by the application, the hooking point during operation of the application; matching at least one hooking parameter in the hooking point to at least one configuration parameter in at least one configuration parameter list; and upon detecting a match between the hooking parameter and at least one configuration parameter, performing at least one configuration-defined action. Preferably, the method further includes the step of: updating a state of the hooking engine. Preferably, the hooking engine is operative to prevent malicious operations by obfuscated code.