Abstract: The disclosed computer-implemented method for detecting code implanted into a published application may include retrieving a published version of an application and a source version of the application, and determining, based on an analysis of the source version and the published version, a transformation process for transforming from the source version to the published version. The method may also include performing the transformation process on the source version to produce a build version, comparing the build version with the published version, and identifying, based on the comparison, implanted code in the published version. The method may further include performing, in response to identifying the implanted code, a security action. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for enforcing dynamic network security policies may include (i) monitoring, by a network traffic protection system, network packets transmitted on a network segment, (ii) detecting, by the network traffic protection system, a suspicious transmission of at least one network packet associated with an endpoint computing device connected to the network segment, (iii) modifying, based on the suspicious transmission of the network packet, at least one network security policy for the network segment, and (iv) enforcing, by the network traffic protection system, the modified network security policy for all endpoint computing devices connected to the network segment. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for enforcing dynamic network security policies may include (i) monitoring, by a network traffic protection system, network packets transmitted on a network segment, (ii) detecting, by the network traffic protection system, a suspicious transmission of at least one network packet associated with an endpoint computing device connected to the network segment, (iii) modifying, based on the suspicious transmission of the network packet, at least one network security policy for the network segment, and (iv) enforcing, by the network traffic protection system, the modified network security policy for all endpoint computing devices connected to the network segment. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for managing cloud based applications is described. In one embodiment, the method includes detecting initiation of an application, detecting an action performed relative to the application, capturing the data associated with the detected action before the application encrypts the at least portion of the data, analyzing the captured data, and applying a network management policy to a packet flow based at least in part on the analyzing the captured data. In some cases, the application is configured to encrypt at least a portion of data associated with the detected action.

Abstract: The disclosed computer-implemented method for adjusting behavioral detection heuristics may include (1) configuring a behavioral detection heuristic to provide an initial level of malicious behavior detection on a computing system, (2) using the behavioral detection heuristic at the initial level of malicious behavior detection to detect at least two security threats on the computing system, (3) determining that the time between the security threats is shorter than a predetermined length of time, and (4) in response to determining that the time between the security threats is shorter than the predetermined length of time, adjusting the behavioral detection heuristic to provide a heightened level of malicious behavior detection that is configured to catch at least one additional security threat that may not be caught using the initial level of malicious behavior detection. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for detecting text display manipulation attacks may include (1) extracting a file name from a file that is under evaluation for malicious content, (2) inspecting, by a software security system, the file name for at least one control character that manipulates how the file name is displayed, (3) determining, based on inspecting the file name, that the file name includes the control character that manipulates how the file name is displayed, and (4) performing, by the software security system, a security action based at least in part on the determination that the file name includes the control character. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for identifying malware threat vectors may include 1) identifying a computing system that includes a first human interface device, 2) detecting an introduction of a new device to the computing system that presents itself to the computing system as a second human interface device, 3) determining that the second human interface device is configured to generate a type of input event equivalent to the type of input event generated by the first human interface device, 4) determining, based on the second human interface device being configured to generate the type of input event equivalent to the type of input event generated by the first human interface device, that the second human interface device includes a potential malware attack vector. Various other methods, systems, and computer-readable media are also disclosed.