Abstract: The present disclosure relates to computer-implemented methods, software, and systems for managing cloud application in a transparent multiple availability zone cloud platform. A request to access a cloud application running on the multiple availability zone cloud platform is received. The request can include an application location for accessing the cloud application. A network address corresponding to the application location is determined. In response to determining the network address, a first availability zone of the multiple availability zone cloud platform that is currently active to process the request is determined. A plurality of network locations corresponding to a host component of the application location is determined by a first load balancer. A network location of the plurality of network locations for processing the request is identified based on load balancing criteria.

Abstract: A wireless network system configured to secure a wireless service provided to at least one wireless device from a wireless network, the wireless network system includes a secure network server implemented in at least one of a network operator cloud and a mobile network operator implementing the wireless network. The secure network server being configured to implement at least one of the following: a unique Access Point Name (APN), an International Mobile Equipment Identity (IMEI) whitelist, a virtual private network (VPN) over encrypted network, a dedicated firewall, a whitelist of IP addresses, and a unique SIM.

Abstract: Provided is a retention-replacement probability generation device that is capable of generating retention-replacement probability that realizes retention-replacement perturbation of a suitable level. Included are: a global optimal solution determining unit that, outputs a global optimal solution in a case where a global optimal solution exists that is a replacement probability of the attribute values in which the transition matrix P and histogram vector expression v of the attribute values yield ?Pv?v?=0; a region generating unit that, in a case where the global optimal solution does not exist, generates a region that is defined by an inequality equivalent to conditions for both replacement probabilities corresponding to i'th and j'th attribute values satisfying ?-differential privacy, and an inequality equivalent to conditions for the replacement probability of one and the retention probability of the other corresponding to the i'th and the j'th attribute values satisfying ?-differential privacy.

Abstract: A system includes an orchestrator to receive a first request for resources for a workload of a tenant and to select a first node cluster in a first compute domain to be provisioned for the workload. The system also includes a first security manager to run in a trusted execution environment of one or more processors to receive attestation results for a second node cluster from a second security manager in a second compute domain, and to establish the first node cluster and the second node cluster as a trusted group of node clusters for the workload based, at least in part, on determining that a first compute node in the first node cluster meets one or more security requirements of a workload execution policy associated with the workload and that the attestation results indicate that a second compute node in the second node cluster meets the one or more security requirements.

Abstract: A system of automatically managing assignments of users to user groups comprises a processor to implement instructions for an automatic user group manage (AUGM) to access to two or more users and the assignments of the users to the user groups, observe activity of the users, calculate user behavior signatures for one of at least two users of the users, at least one user of the users and one group of the user groups, or at least two groups of the user groups, calculate a numeric degree of variance between at least two of the user behavior signatures, compare the calculated degree of variance to at least one threshold, and determine if a behavior of one of the at least two users, the at least one user and the one group, or the at least two groups are similar or different.

Abstract: A cloud node in a cloud-based system includes one or more processors and memory storing instructions that, when executed, cause the one or more processors to: communicate with a user associated with a tenant of a plurality of tenants; obtain policy and configuration for the user based on the tenant, from a central authority in the cloud-based system; provide the one or more cloud services to the user, based on the policy and configuration; and crawl one or more cloud providers having a plurality of files for the user, based on the policy and configuration. The cloud node is inline between a user device of the user and the Internet, as well as connected to the one or more cloud providers.

Abstract: A method includes receiving, by a processing device of a content sharing platform, a request for desired content from a client device, the content being stored in a content delivery network (CDN). The method further includes generating, based on data available to the content sharing platform, a partial trust metric associated with the client device, wherein the partial trust metric is to be used by a CDN server to make a decision regarding access to the desired content by the client device. The method further includes generating a response to the content request, wherein the response comprises one or more resource locators for accessing the desired content in the CDN, and the partial trust metric. The method further includes sending the response to the client device to enable the client device to request the desired content from the CDN server using the resource locator(s) and the partial trust metric.

Abstract: A firewall uses information about an application that originates a network request to determine whether and how to forward the request over a network. The firewall may more generally rely on the identity of the originating application, the security state of the originating application, the security state of the endpoint, and any other information that might provide an indication of malicious activity, to make routing and forwarding decisions for endpoint-originated network traffic.

Abstract: The present invention relates to a container-oriented Linux kernel virtualizing system, at least comprising: a virtual kernel constructing module, being configured to provide a virtual kernel customization template for a user to edit and customize a virtual kernel of a container, and generate the virtual kernel taking a form of a loadable kernel module based on the edited virtual kernel customization template; and a virtual kernel instance module, being configured to reconstruct and isolate a Linux kernel, and operate a virtual kernel instance in a separate address space in response to a kernel request from a corresponding container. The container-oriented Linux kernel virtualizing system of the present invention is based on the use of a loadable module.

Abstract: According to an example aspect of the present invention, there is provided a method, comprising: receiving user information provided by a user equipment, associating spatiotemporal information with the user information on the basis of location of at least one wireless access network device in communication with the user equipment, generating a proof of location indication transaction associated with the user information on the basis of the spatiotemporal information, and providing the proof of location indication transaction to a distributed ledger.

Abstract: A security protection method and device based on industrial Internet is provided. The disclosure relates to the technical field of network security and realize the isolation between the Internet and the industrial Internet platform intranet by deploying the exit firewall, and there is no restriction from the industrial Internet platform intranet to the Internet, and only necessary ports are opened from the Internet to the industrial Internet platform intranet. By deploying a regional firewall, isolation between the intranet core server and each of the secondary nodes is realized. The regional firewall is deployed on the wide area network router, and the second access policy of secondary nodes and intranet core servers is preset. After the second access policy is formulated, only the IP and service ports of specific hosts are opened, and all other accesses are prohibited.

Abstract: An authentication method includes registering in an authentication service associated with an application, a ID of a wearable device, disposing the wearable device proximate to a smart device that does not have the application, to provide the ID and an identifier for the application, wherein the smart device stores a document, receiving in the authentication service from the smart device, a communication including the ID, the identifier, and the document, wherein the smart device receives the application in response to the identifier, determining in the authentication service, whether an authentication service is approved in response to the ID, digitally signing in the authentication service, the document to form a digitally signed document, in response to the document and to determining that the authentication service is approved, outputting with the authentication service, the digitally signed document to the smart device.

Abstract: Systems, methods, and software described herein manage traffic rules in association with fully qualified domain names (FQDNs). In one implementation, a domain name system (DNS) security service obtains a FQDN associated with a DNS request by a computing device. The DNS security service determines a first score for the FQDN based on trust factors associated with the FQDN and determines whether the first score satisfies one or more criteria. When the first score satisfies the one or more criteria, the DNS security service evaluates host posture information associated with an IP address in the DNS response for the FQDN, updates the first score to a second score based on the host posture information, and determines a traffic rule for the FQDN based on the second score.

Abstract: The disclosure provides a method for wireless communication performed by gateway device, a gateway device and a computer-readable storage medium. The method for wireless communication performed by gateway device, includes: performing network state detection; determining a network state based on a result of network state detection; receiving a network request of application layer; and transmitting a network response of the application layer based on the network state.

Abstract: A computing device includes a display, and a browser to access applications for display in a browser window. Each application is associated with a respective browser tab within the browser window. A processor is coupled to the display to display content from an application associated with a selected browser tab, and to classify the selected browser tab. The processor enables app protection to selectively block screenshots of the displayed content based on the classification of the selected browser tab.

Abstract: Systems and methods are provided for learning normal behavior for user roles of an application running within a cluster of container orchestration platform and based thereon proactively taking action responsive to suspicious events. According to one embodiment, an event data stream is created by an API server of the cluster. The data for each event includes information regarding a request made to an API exposed by the API server with which the event is associated and a user of the application by which the event was initiated. The data is augmented with a role associated with the user and an anomaly threshold for the role. Normal behavior is learned by an ML algorithm of respective user roles by processing the augmented data. When an anomaly score associated with a particular event is output by the ML algorithm that exceeds the anomaly threshold, a predefined or configurable action is triggered.

Abstract: Disclosed herein are a communication technique for merging, with an IoT technology, a 5G communication system for supporting a data transmission rate higher than that of a 4G system; and a system therefor. Embodiments herein disclose a method of protecting sensitive user plane traffic in an User Equipment (UE) (100), the method comprising: transmitting, to a network (200), by the UE (100) a first NAS message comprising an indicator indicating that the UE (200) supports of a secure channel for domain name system (DNS); receiving, from the network (200), by the UE (100) a second NAS message including DNS server security information in response to transmitting the first NAS message; and transmitting, to the network (200), by the UE (100) the DNS over the secure channel based on the DNS server security information.

Abstract: Systems and methods for local encryption are provided. According to one implementation, a microservice system is configured to operate according to an open standard schema and having a distributed microservice framework. The microservice system includes a processing device and a memory device, where the memory device is configured to store a computer program having instructions that, when executed, enable the processing device to perform certain steps. For example, the processing device may be configured to automatically create an encrypted version of sensitive data. Next, the processing device may be configured to incorporate the encrypted version of the sensitive data within a model associated with the microservice system.

Abstract: Various aspects described herein relate to presenting electronic patient data accessing information. Data related to a plurality of access events, by one or more employees, of electronic patient data can be received. A set of access events of the plurality of access events can be determined as constituting, by the one or more employees, possible breach of the electronic patient data. An alert related to the set of access events can be provided based on determining that the set of access events constitute possible breach of the electronic patient data.

Abstract: Methods and systems for providing multiple techniques to a customer premises equipment to acquire network connectivity. A method for acquiring an Internet Protocol (IP) lease includes sending, by a network device at a customer premises to a service provider system, a request for a preferred acquisition posture, where the network device is provisioned with multiple acquisition postures including the preferred acquisition posture, receiving, by the network device from the service provider system, a selected acquisition posture, attempting, by the network device, to acquire the IP lease using the selected acquisition posture, and operating, by the network device, using the acquired IP lease.

Abstract: A system, method, and computer-readable medium for performing a data center monitoring and management operation. The data center monitoring and management operation includes: generating a request for a client identifier or an access token for access to a target application programming interface (API); obtaining an access policy associated with the target API; determining a least privileged API access permission based upon the access policy associated with the target API; and, using the client identifier or access token to access the target API when the least privileged API access permission allows access to the target API.

Abstract: A system, method, and computer-readable medium for performing a data center monitoring and management operation. The data center monitoring and management operation includes: submitting a request for a workload instance to a cloud service provider; establishing a secure communication channel between the cloud service provider and a data center monitoring and management console; exchanging information between the cloud service provider and the data center monitoring and management console via the secure communication channel, the information including a verifiable workload instance identity; and, using the verifiable workload instance identity to authenticate a workload instance provided by the cloud service provider.

Abstract: A method disclosed includes receiving data from a plurality of data sources in a broadcast core network for transmission over a radio access network (RAN). The method includes assigning radio spectrum resources for transmitting the data over the RAN according to a policy guidance set by a plurality of network operators for sharing the radio spectrum resources and generating a baseband packet corresponding to the data at a distributed unit (DU) in the RAN. The method includes collecting transmission data from a plurality of user equipments (UEs) in the RAN for training a machine learning algorithm and scheduling transmission of the generated baseband packet to a remote unit (RU) over a fronthaul in a radio topology of a plurality of radio topologies under control of the machine learning algorithm according to the policy guidance. The generated baseband packet is compatible for transmission in the plurality of radio technologies.

Abstract: Methods, systems, and computer storage media provide a privacy compliance notification indicating a database's level of compliance with a privacy policy after restoring the database to the database's backup copy. The database is associated with a database management engine. The database supports privacy-based first-class data entities. The privacy-based first-class data entities are database entities having privacy system-level metadata properties associated with data operations in a database language syntax. The privacy compliance notification may be generated based on determining whether a privacy database operation associated with a database journal and a privacy journal has been executed on a database since the database was restored to a backup copy of the database.

Abstract: An application isolation method, system and device, and a computer-readable storage medium. The method includes: determining a target application to be isolated in Kubernetes; acquiring isolation polices of components in the target application, creating an initial network security policy corresponding to the target application; on the basis of the isolation policies, modifying a pushing rule, a popping nule and a matching label of the initial network security policy, so as to obtain a target network security policy; converting the target network security policy into an Iptables rule that matches the Kubernetes; and isolating the target application on the basis of the Iptables rule.

Abstract: Methods, apparatus, and systems for enabling an application function to influence access traffic steering, switching, splitting control are described. In one example aspect, a wireless communication method includes transmitting a request from an application function to a network function to enable a creation or an update of a policy or a rule for traffic routing. The request includes one or more parameters indicating traffic routing information for one or more user devices. The one or more parameters comprise at least an access type preference for the one or more user devices. The method also includes receiving a response from the network function indicating the creation or the update of the policy or the rule for traffic routing.

Abstract: Techniques for using an end-to-end policy controller to utilize an inventory of enforcement points to generate a chain of enforcement points having capabilities to enforcement individual operations of an intent-based security policy associated with an entity accessing a resource. A network controller may intelligently split an intent-based security policy and send portions thereof to enforcement points along a path configured for an entity to access a resource. For example, a portion of a security policy corresponding to an operation may be mapped to and implemented by an enforcement point having a capability to perform the operation. Once each operation of a security policy has been mapped to an enforcement point, a chain of enforcement points may be generated.

Abstract: Various embodiments leverage artificial intelligence in identifying and potentially resolving compliance issues (e.g., with regulatory requirements, client-specified requirements, certification conditions, etc.), or preventing violations of law, rules and regulations. The AI can be configured to automatically generate requests for information. For example, a system analysis component can be configured to identify a specific compliance target (e.g., a branch location) and select or automatically generate questions to collect responsive information to ensure compliance, identify potential violations, and define any evidence required to identify or resolve issues (e.g., prove compliance, support potential violations, flagged issues, etc.). According to one example, the system can use trained AI models to analyze a set of rules and/or requirements to efficiently build questionnaires to address or demonstrate compliance.

Abstract: Techniques for implementing and enforcing a security policy in a secure element are disclosed. The secure element enforces the security policy to grant and/or deny access, such as from an application processor, to configuration of the device peripheral components and access to data of the device peripheral components across one or more bus architectures, such as an I3C bus. Implementing an access control policy in a secure element allows execution of code within the isolated secure element hardware processor, preventing software attacks that may emanate from code running in the application processor. This design also benefits from hardware protections against physical attacks.

Abstract: A correlation engine and policy manager (CPE) system includes: a persistent database, a cache database, an event gate, an event enricher, an event transformer, and an event dispatcher. The event gate obtains event data from at least one event source, and forwards the event data to the event enricher. The event enricher enriches the event data with additional data in the cached business layer data of the cache database, and forwards the enriched event data to the event transformer. The event transformer applies one or more policies in a cached business layer data of the cache database to the enriched event data to obtain transformed event data, and outputs the transformed event data to be stored in the persistent database. The event dispatcher dispatches output data to cause or prompt an action responsive to the transformed event data satisfying the at least one policy.

Abstract: A risk-aware access control system and related methods are provided. In accordance with one aspect of the present disclosure, there is a provided a method of risk-aware access control, comprising: detecting a request to perform an action with respect to two factors, the factors being of a factor type selecting people, devices, documents, and location, wherein the factors are of a different factor type; determining a coupling associated with the requested action based on the factors of the requested action; determining a risk level associated with the coupling; denying the requested action in response to a determination that the risk level does not match a security policy; and allowing the requested action in response to a determination that the risk level matches the security policy.

Abstract: Methods and systems are presented for providing a data control framework that enables storing, sharing, and transferring of data in a secure manner. Data files stored in data repositories are scanned. Content associated with different section of each data file is analyzed, and each section is tagged with a sensitivity level based on the content and a subject matter derived for the data file. Each data file is also assigned to a clearance classification based on an expected viewer of the data file. When sections from a first data file is being transferred to a second data file, a data control mechanism is triggered. If a particular section from the first data file is incompatible with the second data file, the data control mechanism may prevent the particular section from being transferred to the second data file, while allowing the remaining sections being transferred to the second data file.

Abstract: Disclosed are various embodiments for enabling an enrolled client device of a user to access an enterprise resource via a second enrolled client device of the user. One such method comprises launching, by the first client device, a peer-to-peer communication channel between the first client device and a second client device of the user that is online with the management server; transmitting, by the first client device, a peer-to-peer offline access mode request over the peer-to-peer communication channel for the first client device to be given access to an enterprise resource that is being managed by the management server, wherein the request includes instructions for the second client device to forward the request to the management server, wherein the request further includes enterprise resource identification and verification data showing that the first client device is in compliance with a compliancy policy of the management service.

Abstract: Contents of client-initiated handshake messages of a security protocol are obtained at a handshake processing offloader configured for an application. The offloader uses a first security artifact (which is inaccessible from a front-end request processor of the application) and the contents of the handshake messages to generate a second security artifact. The second security artifact is transmitted to the front-end request processor, which uses it to perform cryptographic operations for client-server interactions of the application.

Abstract: Methods and systems are described for generating dynamic conversational responses sensitive to different emotional contexts using machine learning models. The dynamic conversational responses may be generated in real time and reflect the likely emotional context by detecting socially close entities and events in user input.

Abstract: Examples described herein relate to a network device apparatus that includes a network interface card to process a received packet. In some examples, based on the received packet only including one or more frames for which acknowledgement of receipt is offloaded to the network interface card, generate an acknowledgement (ACK) message to acknowledge receipt of the received packet. In some examples, a frame for which acknowledgement of receipt is offloaded to the network interface card comprises a STREAM frame compatible with quick User Datagram Protocol (UDP) Internet Connections (QUIC). In some examples, a computing platform is coupled to the network interface card. In some examples, based on the received packet only including any frame for which acknowledgement of receipt is not offloaded to the network interface, the computing platform is to generate an ACK message for the received packet.

Abstract: Disclosed herein are system, method, and computer program product embodiments for managing and tracking the deployment of a cloud control within a cloud network where creation of the cloud control may be distributed between different user devices in the cloud network. A cloud control is implemented using a control policy which is composed of one or more components that provide functions for executing a functionality of the cloud control. A component workflow manager delegates control of the one or more components to different user devices and tracks the development workflow of the components as they progress through workflow states until they are ready for deployment within the cloud network.

Abstract: Disclosed are various approaches for determining a version of an application for a user to access based at least in part an overall posture of the user and the device launching the application. An application can support multiple delivery mechanisms to allow a user different ways to access the service provided by the application. A posture level (e.g., level of risk, level of compliance) associated with the overall posture of a device and user accessing an application is determined. The posture level can be used to select which version of the application should be launched by the device in order to provide the best experience for the user while ensuring that security is considered.

Abstract: Various examples of systems and methods are described herein in which multiple intelligent electronic devices (IEDs) are connected in a network. A software-defined network (SDN) controller may include a rule subsystem, a test mode subsystem, a packet inspection subsystem, and a validation subsystem. The rule subsystem may define a plurality of flow rules. A test mode subsystem may operate the SDN in a testing mode. A packet insertion subsystem may insert test packets within the SDN while the SDN is in the testing mode. The validation subsystem may validate or fail each flow rule depending on how the various test packets are handled.

Abstract: Various embodiments of the present disclosure are directed to automatic improved network architecture generation. In this regard, embodiments may process data representing a network architecture to generate an improved network architecture that resolves one or more vulnerabilities associated with the network architecture.

Abstract: A method includes identifying a first group of objects generated by security tools during a first time interval and containing cotemporal, analogous characteristics identifying a first endpoint device connected to a computer network; based on the first group of objects, confirming detection of the first endpoint device by a first security tool and a second security tool during the first time interval; identifying a second group of objects generated by security tools during a second time interval and containing cotemporal, analogous characteristics identifying the first endpoint device; based on the second group of objects, confirming detection of the first endpoint device by the second security tool during the second time interval; and responsive to absence of detection of the first endpoint device by the first security tool during the second time interval, generating a source remove event specifying removal of the first security tool from the first endpoint device.

Abstract: Techniques are described for providing, in a first cloud infrastructure (FCI), an adaptor associated with a service provided by the FCI. The adaptor enables the service to be requested by one or more users associated with one or more accounts in a second cloud infrastructure (SCI), where the SCI is different than the FCI. The adaptor receives a first request from a first user associated with a first account in the SCI to create a resource in the FCI. The adaptor executes a workflow to provision the resource using the service, where the workflow includes processing comprising retrieving a resource-principal that is associated with the resource and transmitting a second request to the service provided by the FCI. The second request includes the resource-principal and corresponds to creation of the resource.

Abstract: Techniques are described for providing consistent memory operations and security across electronic circuitry components having disparate memory and/or security architectures when integrating such disparately architected components within a single system, such as a system on chip. A programmable logical hierarchy of isolated memory region (IMR) enforcement circuits is provided to protect such IMRs, allowing or preventing memory access requests from one of multiple distinct circuitry components based on configuration registers for the IMR enforcement circuits. Integration of multiple trust domain architectures associated with the multiple distinct circuitry components is facilitated via trust domain conversion bridge circuitry that includes translation logic for generating information in accordance with a first trust domain architecture based on information provided in accordance with a distinct second trust domain architecture.

Abstract: Techniques for associating manufacturer usage description (MUD) security profiles for Internet-of-Things (IoT) device(s) with secure access service edge (SASE) solutions, providing for automated and scalable integration of IoT devices with SASE frameworks. A MUD controller may utilize a MUD uniform resource identifier (URI) emitted by an IoT device to fetch an associated MUD file from a MUD file server associated with a manufacturer of the IoT device. The MUD controller may determine that a security recommendation included in the MUD file is to be implemented by a cloud-based security service provided by the SASE service and cause the IoT device to establish a connection with a secure internet gateway associated with the cloud-based security service. Additionally, or alternatively, the MUD file may include SASE extensions indicating manufacturer recommended cloud-based security services. Further, cloud-based security services may be implemented if local services are unavailable.

Abstract: Aspects of the subject disclosure may include, for example, a device that has a processing system including a processor; and a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations of performing a packet analysis of protocol data unit (PDU) headers of inbound Internet and non-Internet traffic; determining whether the PDU headers identify the presence of a quantum payload and/or via deep packet inspection; detecting a presence of attack vectors in the quantum payload responsive to a determination that the PDU headers identify the presence of the quantum payload, wherein the attack vectors originate from a quantum computer, and wherein the attack vectors are cryptanalytically relevant; generating an alert responsive to detecting the presence of the attack vectors; and isolating compromised network elements, sets of elements, and/or other network components and/or subsystems, and route traffic around the compromised network elements, sets of

Abstract: An enterprise-level security policy management tool receives, via a graphical user interface (GUI), inputs defining a security policy configured to be deployed within an enterprise that operates one or more operational technology (OT) networks, generates the security policy based on the inputs, and transmits the security policy to one or more computing devices running respective other instantiations of the enterprise-level security policy management tool, wherein the respective other instantiations of the enterprise-level security policy management tool are configured to facilitate enforcement of the security policy within the one or more OT networks operated by the enterprise.

Abstract: A differentially private security system communicatively coupled to a database storing restricted data receives a database query from a client. The database query includes a relation specifying a set of data in the database upon which to perform the query and privacy parameters associated with the query. The differentially private security system determines a worst-case privacy spend for the query based on the privacy parameters and the relation. The differentially private security system performs the query upon the set of data specified by the relation and decrements the determined worst-case privacy spend from a privacy budget associated with the client. The differentially private security system records the worst-case privacy spend and the query at a log and determines a privacy budget refund based on queries recorded in the log. The differentially private security system applies the determined privacy budget refund to the privacy budget associated with the client.

Abstract: A computer implemented method for compliance profiling, the method comprising creating an application security profile indicating a set of permissions enabled for a corresponding application, associating one or more source files corresponding to the application to a running workload, executing the running workload, capturing a workload security profile with respect to one or more operations executed by the running workload, wherein the workload security profile indicates a set of permissions utilized by the running workload, comparing the workload security profile and the application security profile to identify one or more differences, and recommending a change to the application security profile according to the identified one or more differences.

Abstract: An information handling system may include at least one processor and a memory. The information handling system may be configured to determine names for a plurality of other information handling systems that are on-premises at a particular datacenter having a local network associated therewith; poll a selected subset of the plurality of other information handling systems via the local network; based on results of the polling, determine whether the information handling system is on-premises at the particular datacenter; and in response to a determination that the information handling system is on-premises at the particular datacenter, enable access to at least one sensitive administration operation associated with the particular datacenter.

Abstract: A system and method for securing virtual cloud assets in a cloud computing environment against cyber threats. The method includes: determining a location of a snapshot of at least one virtual disk of a protected virtual cloud asset, wherein the virtual cloud asset is instantiated in the cloud computing environment; accessing the snapshot of the virtual disk based on the determined location; analyzing the snapshot of the protected virtual cloud asset to detect potential cyber threats risking the protected virtual cloud asset; and alerting detected potential cyber threats based on a determined priority.