A method, system, and computer-readable medium are disclosed for: receiving traffic from a client device, wherein the client device is physically located in a particular region, wherein the traffic is internet protocol (IP) traffic, and wherein the traffic has a destination associated therewith; augmenting the traffic with metadata, wherein the metadata is indicative of the particular region; and transmitting the augmented traffic to an egress gateway, wherein the egress gateway is configured to perform source network address translation (NAT) on the traffic by setting a source address associated with the traffic to an IP address that is associated with the particular region.
H04L 61/2582 - Traversée NAT par la commande du serveur de traduction d’adresse réseau, p. ex. en mode autoconfigurable [UPnP]
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
2.
Using an entity behavior profile when performing human-centric risk modeling operations
A system, method, and computer-readable medium for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; identifying a security related activity, the security related activity being of analytic utility; accessing an entity behavior profile based upon the security related activity, the entity behavior profile comprising a collection of information uniquely describing an identity and behavior of the entity; identifying a risk associated with the entity using a human-centric risk modeling framework, the human-centric risk modeling framework enabling quantification of a human-centric factor associated with the entity, the human-centric factor comprising a motivation factor, a stressor factor and an organizational dynamics stressor factor, the human-centric factor having an associated effect on the entity, the motivation factor representing a motivation for enacting an entity behavior, the stressor factor representing an issue influencing the user entity behavior, the organizational stressor factor representing an event occurring within an organization affecting the entity behavior; and, performing a security operation based upon the risk associated with the entity, the security operation using the human-centric risk modeling framework and the entity behavior profile, the security operation being performed by at least one of an endpoint device and a security analytics system, the endpoint device executing the security operation on a hardware processor associated with the endpoint device, the security analytics system executing the security operation on a hardware processor associated with the security analytics system.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
A method, system and computer-usable medium are disclosed for operating an endpoint agent at an endpoint device. Certain embodiments include a computer-implemented method for operating an endpoint agent at an endpoint device, including: operating the endpoint agent to selectively subscribe to events corresponding to activities occurring at an endpoint platform; processing events received from a message bus by the endpoint agent, where the events processed by the endpoint agent are events to which the endpoint agent has subscribed; and communicating, to a service, information corresponding to the events processed by the endpoint agent. Other embodiments of this aspect of the invention may include corresponding stand-alone and/or network computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform one or more of these actions.
A system, method, and computer-readable medium are disclosed for monitoring actions of an entity. In various embodiments the monitoring includes: monitoring a plurality of electronically-observable actions of the entity, the plurality of electronically-observable actions of the entity corresponding to a plurality of events enacted by the entity; associating the plurality of events enacted by the entity with a story; and, using the story to derive an inference regarding the entity.
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
G06N 5/04 - Modèles d’inférence ou de raisonnement
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A method, system, and computer-usable medium are disclosed for executing operations, including initiating a web transaction between an endpoint device and a target web server and automatically switching between multiple communication modes in response to one or more communication mode security policies associated with conducting the web transaction. The multiple communication modes include a first communication mode in which the endpoint device communicates with the target web server using an intermediate proxy server, and a second communication mode in which the endpoint device communicates with the target web server without using the intermediate proxy server. Other embodiments include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.
G06Q 20/42 - Confirmation, p. ex. contrôle ou autorisation de paiement par le débiteur légal
G06Q 20/38 - Protocoles de paiementArchitectures, schémas ou protocoles de paiement leurs détails
G06Q 20/40 - Autorisation, p. ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasinExamen et approbation des payeurs, p. ex. contrôle des lignes de crédit ou des listes négatives
6.
Web endpoint device having automatic switching between proxied and non-proxied communication modes
A method, system, and computer-usable medium are disclosed, comprising: initiating a web transaction between an endpoint device and a target web server; automatically switching between a first communication mode and a second communication mode in response to one or more communication performance conditions associated with conducting the web transaction, where the endpoint device communicates with the target web server using an intermediate proxy server in the first communication mode; and the endpoint device communicates with the target web server without using the intermediate proxy server in the second communication mode. Other embodiments include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.
H04L 67/61 - Ordonnancement ou organisation du service des demandes d'application, p. ex. demandes de transmission de données d'application en utilisant l'analyse et l'optimisation des ressources réseau requises en tenant compte de la qualité de service [QoS] ou des exigences de priorité
A system, method, and computer-readable medium are disclosed for performing an entity behavior cataloging operation. The entity behavior cataloging operation includes: identifying a security related activity, the security related activity being based upon an observable from an electronic data source; analyzing the security related activity, the analyzing identifying an event of analytic utility associated with the security related activity; generating entity behavior catalog data based upon the event of analytic utility associated with the security related activity; and, storing the entity behavior catalog data within an entity behavior catalog, the entity behavior catalog providing an inventory of entity behaviors for use when performing a security operation.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
G06N 5/04 - Modèles d’inférence ou de raisonnement
An email phishing detection mechanism is provided that utilizes machine learning algorithms. The machine learning algorithms are trained on phishing and non-phishing features extracted from a variety of data sets. Embodiments extract embedded URL-based and email body text-based feature sets for training and testing the machine learning algorithms. Embodiments determine the presence of a phishing message through a combination of examining an embedded URL and the body text of the message for the learned feature sets.
A system, method, and computer-readable medium are disclosed for performing a human factors risk operation. The human factors risk operation includes: monitoring an entity, the monitoring observing an electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity, the security related activity being based upon the observable from the electronic data source; analyzing the security related activity, the analyzing the security related activity using a human factors framework; and, performing a human factors risk operation in response to the analyzing the security related activity.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity to identify a behavior enacted by the entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the behavior enacted by the entity, the observable comprising event information corresponding to a behavior enacted by the entity; identifying an indicator of behavior from the event information corresponding to the behavior enacted by the entity, the indicator of behavior providing an abstracted description of an inferred intent associated with the behavior enacted by the entity; associating a security persona with the entity based upon the indicator of behavior, the security persona comprising a group of entity behaviors associated with a particular security risk use case; and, performing the security operation, the security operation using the security persona associated with the entity.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; associating a human factor with the entity; identifying an event of analytic utility, the event of analytic utility being derived from the observable from the electronic data source; analyzing the event of analytic utility, the analyzing the event of analytic utility taking into account the human factor associated with the entity enacting the event of analytic utility; and, performing the security operation in response to the analyzing the event of analytic utility, the security operation comprising a human factor risk operation.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity to identify a behavior enacted by the entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the behavior enacted by the entity; identifying an event of analytic utility, the event of analytic utility being derived from the observable from the electronic data source, the event of analytic utility comprising a behavior enacted by the entity; identifying an indicator of behavior related to the event of analytic utility, the indicator of behavior providing an abstracted description of an inferred intent associated with the behavior enacted by the entity; analyzing the event of analytic utility, the analyzing the event of analytic utility being based upon the indicator of behavior related to the event of analytic utility; and, performing a security operation based upon the inferred intent associated with the behavior enacted by the entity.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring a data entity, the monitoring observing at least one electronically-observable data source, the data entity exhibiting a data entity behavior; deriving an observable based upon the monitoring of the electronically-observable data source, the observable comprising event information corresponding to the data entity behavior; identifying an event of analytic utility, the event of analytic utility being derived from the observable from the electronic data source and the data entity behavior; analyzing the event of analytic utility, the analyzing the event of analytic utility using the data entity behavior; and, performing the security operation in response to the analyzing the event of analytic utility.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A system for processing data that includes a first processor configured to operate one or more algorithms to provide a proxy for each of a plurality of external network communications segments and internal network communications segments associated with a specific use, the first processor configured to operate one or more algorithms to provide a firewall agent that performs firewall processing for each of the plurality of external network communications segments and the internal network communications segments and wherein the explicit proxy is installed using a proxy auto configuration file that is associated with the firewall agent.
H04L 41/0806 - Réglages de configuration pour la configuration initiale ou l’approvisionnement, p. ex. prêt à l’emploi [plug-and-play]
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
H04L 67/10 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau
H04L 67/568 - Stockage temporaire des données à un stade intermédiaire, p. ex. par mise en antémémoire
15.
Cloud-based explicit proxy with private access feature set
A system for processing data is disclosed that includes a first processor configured to operate one or more algorithms to identify a user identity as a function of user metadata and to provide access to a predetermined network resource using a cloud-based explicit proxy as a function of the user identity and one or more service requests, the first processor configured to operate one or more algorithms to detect a change in the one or more service requests and wherein access to the predetermined network resources using the cloud-based explicit proxy is modified as a function of the detected change in the one or more service requests.
A system for processing data, comprising a first processor configured to operate one or more algorithms to provide an explicit proxy that directs network communications over a public network to a proxy server. The first processor configured to operate one or more algorithms to provide a firewall agent that verifies the presence of a firewall key prior to allowing data communications over the public network using the explicit proxy. Wherein the explicit proxy is installed using a proxy auto configuration file that is associated with the firewall agent.
A system, method, and computer-readable medium are disclosed for performing a event risk severity score generation operation. The event risk severity score generation operation includes monitoring a plurality of electronically-observable actions of an entity, the plurality of electronically-observable actions of the entity corresponding to a respective plurality of events enacted by the entity; converting the plurality of electronically-observable actions of the entity to electronic information representing the plurality of actions of the entity; identifying an anomalous event from the plurality of events enacted by the entity; generating an event severity risk score based upon the anomalous event; generating an entity risk severity score for the entity, the generating using the event risk severity score; and, performing a risk-adaptive prevention operation, the risk-adaptive prevention operation using the entity risk severity score, the risk-adaptive prevention operation adaptively responding to mitigate risk associated with the anomalous event.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A system, method, and computer-readable medium are disclosed for performing a security analytics mapping operation. The security analytics mapping operation includes: monitoring a plurality of electronically-observable actions of a first entity, the plurality of electronically-observable actions of the first entity corresponding to a respective first plurality of events enacted by the first entity; monitoring a plurality of electronically-observable actions of a second entity, the plurality of electronically-observable actions of the second entity corresponding to a respective second plurality of events enacted by the second entity; determining whether a first event of the respective first plurality of events and a second event of the respective second plurality of events comprise an entity interaction between the first entity and the second entity; generating an entity interaction map, the entity interaction map providing a representation of the entity interaction between the first entity and the second entity.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes monitoring a plurality of electronically-observable actions of an entity, the plurality of electronically-observable actions of the entity corresponding to a respective plurality of events enacted by the entity, the monitoring comprising monitoring the plurality of electronically-observable actions via a protected endpoint; converting the plurality of electronically-observable actions of the entity to electronic information representing the plurality of actions of the entity; generating a representation of occurrences of a particular event from the plurality of events enacted by the entity; and performing an anomaly detection operation based upon the representation of occurrences of the particular event from the plurality of events enacted by the entity, the anomaly detection operation determining when the representation of occurrences of the particular event exceeds a predetermined threshold.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A system, method, and computer-readable medium are disclosed for performing event risk score generation operation. The event risk score generation operation includes identifying an anomalous event from a plurality of events enacted by the entity; generating a first event risk severity score based upon the anomalous event; generating a second event risk severity score based upon a historical entity risk function, the historical entity risk function providing an indication of historical security risk of the entity; generating an entity risk severity score for the entity, the generating using the historical entity risk function and the event risk severity score; performing a risk-adaptive prevention operation, the risk-adaptive prevention operation using the entity risk severity score, the risk-adaptive prevention operation adaptively responding to mitigate risk associated with the anomalous event.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes monitoring a plurality of electronically-observable actions of an entity, the plurality of electronically-observable actions of the entity corresponding to a respective plurality of events enacted by the entity, the monitoring comprising monitoring the plurality of electronically-observable actions via a protected endpoint; converting the plurality of electronically-observable actions of the entity to electronic information representing the plurality of actions of the entity; generating a representation of occurrences of a particular event from the plurality of events enacted by the entity; and performing an anomaly detection operation based upon the representation of occurrences of the particular event from the plurality of events enacted by the entity, the anomaly detection operation determining when the representation of occurrences of the particular event exceeds a predetermined threshold.
A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing an electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity, the security related activity being based upon the observable from the electronic data source; analyzing the security related activity, the analyzing the security related activity using a security risk persona; associating the security risk persona with a phase of a cyber kill chain; and, performing a security operation on the security related activity via a security system, the security operation disrupting performance of the phase of the cyber kill chain.
A method for filtering data packets at a firewall system is disclosed that includes receiving a data packet having a plurality of fields at a processor, and determining whether a precondition exists, where an action is associated the precondition. The action associated with the precondition is performed if it is determined that the precondition exists. The data packet is processed using a plurality of rules if it is determined that the precondition does not exist for the one or more of the plurality of fields. A user associated with the data packet is identified, and it is determined whether one or more rules are stored in a cache for one or more of a plurality of groups associated with the user. The data packet is processed using the one or more rules stored in the cache if present.
A method for migrating a data schema comprising combining a first deterministic finite automaton with a second deterministic finite automaton to generate a modified deterministic finite automation. Identifying a state of the modified deterministic finite automaton without computed followers. Computing a new vector of original states for each state of the modified deterministic finite automaton corresponding to the identified state.
H04L 41/0266 - Échange ou transport d’informations de gestion de réseau en utilisant l’InternetIntégration de serveurs de gestion du Web dans des éléments de réseauProtocoles basés sur les services du Web en utilisant des métadonnées, des objets ou des commandes pour formater l’information de gestion, p. ex. en utilisant un langage de balisage eXtensible [XML]
H04L 49/552 - Prévention, détection ou correction des erreurs en garantissant l'intégrité des paquets reçus via des connexions redondantes
H04L 49/55 - Prévention, détection ou correction des erreurs
25.
System and method for efficient fingerprinting in cloud multitenant data loss prevention
A data loss prevention mechanism for a cloud-based security analytics system is provided that utilizes a compact repository that improves the ratio of false positives over traditional methods, maintains a small data size, permits distribution of compact repository files to a large number of analyzing nodes, and provides metadata for matched events. A compressed bitmap of information found in a compact repository is used, thereby improving the utilization of storage space for a repository containing information associated with a significant number of data fingerprints. Compression further allows for a larger entry size in the compact repository, thereby providing a lower false positive rate. A mechanism for distributing updates to compact repositories residing on cloud servers is provided by updating a central server and propagating the updates to remote servers. Identification of secured data associated with unstructured data fingerprints is also handled using distributed reference to a centralized fingerprint repository.
G06F 15/173 - Communication entre processeurs utilisant un réseau d'interconnexion, p. ex. matriciel, de réarrangement, pyramidal, en étoile ou ramifié
H04L 29/08 - Procédure de commande de la transmission, p.ex. procédure de commande du niveau de la liaison
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
26.
User behavior profile including temporal detail corresponding to user interaction
A system, method, and computer-usable medium are disclosed for generating a cyber behavior profile comprising monitoring user interactions between a user and an information handling system; converting the user interactions into electronic information representing the user interactions, the electronic information representing the user interactions comprising temporal detail corresponding to the user interaction; and generating a user behavior profile based upon the electronic information representing the user interactions, the generating the user profile including a layer of detail corresponding to the temporal detail corresponding to the user interaction.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A system, method, and computer-readable medium are disclosed for implementing a cybersecurity system having security policy visualization. At least one embodiment is directed to a computer-implemented method for implementing security policies in a secured network, including: retrieving a set of rules of a security policy; analyzing the set of rules of the security policy using one or more Satisfiability Modulo Theory (SMT) operations to reduce a dimensionality of the security policy; and generating a visual presentation on a user interface using results of the SMT operations, where the visual presentation includes visual indicia representing one or more targeted policy dimensions with respect to one or more fixed policy dimensions. In at least one embodiment, two or more security policies are presented with visual indicia representing differences between the security policies, including representations of one or more targeted policy dimensions with respect to one or more fixed policy dimensions.
A mechanism for probabilistically determining the contents of an encrypted file is provided, such that a transfer of the encrypted file can be restricted according to rules associated with an unencrypted version of the file. Embodiments generate a file size table of a subset of files, where each entry of the file size table includes a size information regarding the unencrypted file. Embodiments compare the size of the encrypted file against the file sizes and compressed file size ranges to determine whether the encrypted file has a match. If the size of the encrypted file has a single match in the table, then there is a high probability that the file associated with the matching entry is the unencrypted version of the encrypted file. Rules associated with restricting access of the file related to the matching entry can be used to control transfer of the encrypted file.
A processor-implemented method for a continuous deployment pipeline for services is disclosed that includes generating in response to a first algorithmic instruction a service identifier and parameter input process for a plurality of parameters associated with a first service, receiving a first set of parameters for the first service at the processor in response to a second algorithmic instruction, generating a third algorithmic instruction for use in providing a continuous deployment pipeline for the first service, generating in response to the first algorithmic instruction the service identifier and parameter input process for a plurality of parameters associated with a second service, receiving a second set of parameters for the second service in response to the second algorithmic instruction and modifying the third algorithmic instruction for use in providing a continuous deployment pipeline for the second service using at least a portion of the continuous deployment pipeline for the first service.
A system, method, and computer-readable medium are disclosed for detecting malicious entity behavior and providing accurate indicator of behaviors indicating occurrence of malicious behavior. Data input as to the entity behavior is received and monitored from different sources. The entity behavior is monitored over time at time periods. Detection probability is determined at each time period, where the detection probability relates to malicious behavior and increases over time. A trigger indicator of behavior is provided if the detection probability reaches a threshold value.
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
31.
Cybersecurity system having digital certificate reputation system
A system, method, and computer-readable medium are disclosed for implementing a cybersecurity system having a digital certificate reputation system. At least one embodiment is directed to a computer-implemented method executing operations including receiving a communication having an internet protocol (IP) address and a digital certificate at a device within the secured network; determining whether the IP address is identified as having a high-security risk level; if the IP address has a high-security risk level, assigning a security risk level to the digital certificate based on the security risk level of the IP address; and using the security risk level for the digital certificate in executing the one or more security policies. Other embodiments include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices.
A system for firewall data log processing, comprising a firewall logging system operating on a first processor and configured to cause the first processor to receive firewall log data and to process the firewall log data on a periodic basis to reduce the size of the firewall log data and a firewall reporting system operating on a second processor and configured to process the reduced size firewall log data to generate a report on a user interface that includes one or more analytics from the reduced size firewall data.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
A method, system and computer-usable medium for generating a user behavior profile, comprising: monitoring user interactions between a user and an information handling system; converting the user interactions and the information about the user into electronic information representing the user interactions; generating a unique user behavior profile based upon the electronic information representing the user interactions and the information about the user; storing information relating to the unique user behavior profile within a user behavior profile repository; and, storing information referencing the unique user behavior profile in a user behavior blockchain.
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
G06N 5/04 - Modèles d’inférence ou de raisonnement
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A system, method, and computer-readable medium are disclosed for implementing a security analytics system configured to instantiate user behavior baselines using historical data stored on an endpoint device. At least one embodiment is directed to a computer-implemented method including: accessing historical data stored on an endpoint device during an initialization of the endpoint device on the secured network, instantiating user behavior baselines for the endpoint device using the accessed historical data, and storing the instantiated user behavior baselines on a security system of the secured network for detecting instances of anomalous user behavior occurring at the endpoint device. Other embodiments of this aspect include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.
A method, system and computer-usable medium for using pseudonyms to identify entities and their corresponding security risk factors is disclosed. In certain embodiments, a computer-implemented method for identifying security risks associated with a plurality of different entities is disclosed, wherein the method comprises: receiving a stream of events, the stream of events comprising a plurality of events associated with the plurality of different entities; pseudonymizing events of the plurality of events by replacing entity names in the plurality of events with corresponding entity pseudonyms to thereby provide a plurality of pseudonymized events; executing security analytics operations on the plurality of pseudonymized events to identify user behaviors presenting security risks; and using the entity pseudonyms to anonymously identify entities engaging in security risk related behaviors.
A method may include providing a multi-access interface for network traffic, comprising: receiving information regarding topology of a virtual private network and storing the topology in the form of a routing table. A method may include providing an interface for network traffic, comprising: in a virtual private network comprising a plurality of tunnels delivering only information associated with OSI Level 3, receiving a network communication and performing multicast forwarding among the plurality of tunnels using multicast forwarding from OSI Level 2. A method may include providing an interface for network traffic, comprising, in a virtual private network: establishing a connection between a first node of the virtual private network and a second node serving as a virtual private network broker and fetching, by the first node from the virtual private network broker, information regarding one or more other nodes of the virtual private network.
A system, method, and computer-readable medium are disclosed for providing auditability of a distributed ledger technology (DLT) of de-identified data of entities, stored in the DLT. In certain embodiments, data related to an entity is de-identified. The de-identified data is stored in the DLT. Access to the de-identified data is determined. Instances of access to the de-identified data is recorded to the DLT. In certain embodiments, information used to re-identify the de-identified data is store on the DLT. Access to the information can also be determined and recorded to the DLT.
G06F 21/72 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits de cryptographie
A mechanism is provided for using triggered stimuli to enhance contextual information regarding detected risk events in a networked system. Embodiments monitor a system to identify risk-associated behavior, and upon detecting such behavior, can provide stimulus to a user associated with the risk-associated behavior to determine additional context behind the behavior, thereby initiating a two-way communication to acquire more information. If user response to the stimulus indicates a high risk associated with the behavior, then the system can trigger security measures to restrict the behavior. Some embodiments provide stimuli that are directly related to the nature of the risk-associated behavior, in order to better contextualize the behavior. In some embodiments, the stimuli are only applied if the risk-associated behavior presents a measure of risk above a predetermined threshold.
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
39.
Containerized infrastructure for deployment of microservices
A method, system and computer-usable medium for containerized deployment of microservices used to deploy a product or service, such as a software application running on an information handling system is described. Artifacts related to particular versions of the one or more microservices are determined. An immutable container of the artifacts is created and provided to one more environments using the same configuration of the product or service. The container is deployed in the environments during release of the product or service.
A system for providing network data processing, comprising a processor operating one of more algorithms that are configured to interface with one or more clients to receive a client hello data message. A transport layer security extension extraction system operating on the processor and configured to extract an extension from the client hello data message. A transport layer security extension identification system operating on the processor and configured to process the extension from the client hello data message and to identify a data networking session using the extension.
A system, method, and computer-readable medium are disclosed for performing a human factors risk operation. The human factors risk operation includes: monitoring an entity, the monitoring observing an electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity, the security related activity being based upon the observable from the electronic data source; analyzing the security related activity, the analyzing the security related activity using a human factors framework; and, performing a human factors risk operation in response to the analyzing the security related activity.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A system, method, and computer-readable medium are disclosed for performing an entity behavior cataloging operation. The entity behavior cataloging operation includes: identifying a security related activity, the security related activity being based upon an observable from an electronic data source; analyzing the security related activity, the analyzing identifying an event of analytic utility associated with the security related activity; generating entity behavior catalog data based upon the event of analytic utility associated with the security related activity; and, storing the entity behavior catalog data within an entity behavior catalog, the entity behavior catalog providing an inventory of entity behaviors for use when performing a security operation.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
A system, method, and computer-readable medium are disclosed for performing an entity behavior cataloging operation. The entity behavior cataloging operation includes: identifying a security related activity, the security related activity being based upon an observable from an electronic data source; analyzing the security related activity, the analyzing identifying an event of analytic utility associated with the security related activity; generating entity behavior catalog data based upon the event of analytic utility associated with the security related activity; and, storing the entity behavior catalog data within an entity behavior catalog, the entity behavior catalog providing an inventory of entity behaviors for use when performing a security operation.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
G06N 5/04 - Modèles d’inférence ou de raisonnement
A system, method, and computer-readable medium are disclosed for performing an entity behavior cataloging operation. The entity behavior cataloging operation includes: identifying a security related activity, the security related activity being based upon an observable from an electronic data source; analyzing the security related activity, the analyzing identifying an event of analytic utility associated with the security related activity; generating entity behavior catalog data based upon the event of analytic utility associated with the security related activity; and, storing the entity behavior catalog data within an entity behavior catalog, the entity behavior catalog providing an inventory of entity behaviors for use when performing a security operation.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
G06N 5/04 - Modèles d’inférence ou de raisonnement
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
A system, method, and computer-readable medium are disclosed for performing an entity behavior cataloging operation. The entity behavior cataloging operation includes: identifying a plurality of security related activities, the plurality of security related activities being based upon an observable from an electronic data source; analyzing the plurality of security related activities, the analyzing identifying a plurality of events of analytic utility associated with the plurality of security related activities; generating a set of entity behavior catalog data based upon the event of analytic utility associated with the security related activity, the set of entity behavior catalog data comprising an associated group of behaviors; and, storing the set of entity behavior data and the associated group of behaviors within an entity behavior catalog, the entity behavior catalog providing an inventory of entity behaviors for use when performing a security operation.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
G06N 5/04 - Modèles d’inférence ou de raisonnement
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity of the entity, the security related activity being based upon the observable derived from the electronic data source, the security related activity being of analytic utility; converting the security related activity to entity behavior catalog data, the entity behavior catalog providing an inventory of entity behaviors; accessing an entity behavior catalog based upon the entity behavior catalog data; inferring a security vulnerability scenario from the observable derived based upon the monitoring; and performing a security operation via a security system, the security operation using the security vulnerability scenario and the entity behavior catalog data stored within the entity behavior catalog based upon the security related activity.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
G06N 5/04 - Modèles d’inférence ou de raisonnement
A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity of the entity, the security related activity being based upon the observable derived from the electronic data source, the security related activity being of analytic utility; associating the security related activity with a component of a cyber kill chain; and, performing a security operation on the security related activity via a security system, the security operation disrupting performance of the component of the cyber kill chain by affecting performance of the security related activity by the entity.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
G06N 5/04 - Modèles d’inférence ou de raisonnement
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes monitoring a plurality of electronically-observable actions of an entity, the plurality of electronically-observable actions of the entity corresponding to a respective plurality of events enacted by the entity, the monitoring comprising monitoring the plurality of electronically-observable actions via a protected endpoint; converting the plurality of electronically-observable actions of the entity to electronic information representing the plurality of actions of the entity; generating a representation of occurrences of a particular event from the plurality of events enacted by the entity; and performing an anomaly detection operation based upon the representation of occurrences of the particular event from the plurality of events enacted by the entity, the anomaly detection operation determining when the representation of occurrences of the particular event exceeds a predetermined threshold.
H04L 41/142 - Analyse ou conception de réseau en utilisant des méthodes statistiques ou mathématiques
H04L 43/045 - Traitement des données de surveillance capturées, p. ex. pour la génération de fichiers journaux pour la visualisation graphique des données de surveillance
A system, method, and computer-readable medium are disclosed for performing an entity behavior cataloging operation. The entity behavior cataloging operation includes: identifying a security related activity, the security related activity being based upon an observable from an electronic data source; analyzing the security related activity, the analyzing identifying an event of analytic utility associated with the security related activity; generating entity behavior catalog data based upon the event of analytic utility associated with the security related activity; and, storing the entity behavior catalog data within an entity behavior catalog, the entity behavior catalog providing an inventory of entity behaviors for use when performing a security operation.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
G06N 5/04 - Modèles d’inférence ou de raisonnement
A system for data processing, comprising a plurality of data processing systems, each associated with a user and having an anchor certificate, a proxy system operating on a processor and configured to determine whether an expiration associated with the anchor certificate for each data processing system is within a predetermined time of expiration and a certificate expiration monitor operating on the processor and configured to generate a certificate signing request in response to the determination that the expiration associated with the anchor certificate for each data processing system is within the predetermined time of expiration.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
51.
Determining an Abstraction Level for Contents of an Entity Behavior Catalog
A system, method, and computer-readable medium are disclosed for performing an entity behavior cataloging operation. The entity behavior cataloging operation includes: identifying a security related activity, the security related activity being based upon an observable from an electronic data source; analyzing the security related activity, the analyzing identifying an event of analytic utility associated with the security related activity; generating entity behavior catalog data based upon the event of analytic utility associated with the security related activity, the entity behavior catalog data comprising an associated abstraction level; using the entity behavior catalog data and the associated abstraction level to generate a hierarchical set of entity behaviors representing a security risk; and, storing the hierarchical set of entity behaviors within an entity behavior catalog, the entity behavior catalog providing an inventory of entity behaviors for use when performing a security operation.
A system, method, and computer-readable medium are disclosed for performing an entity behavior cataloging operation. The entity behavior cataloging operation includes: identifying a plurality of security related activities, the plurality of security related activities being based upon observables from an electronic data source; analyzing the plurality of security related activities, the analyzing identifying a set of entity behaviors associated with the plurality of security related activities; and, performing a security operation via a security system, the security operation accessing entity behavior catalog data stored within an entity behavior catalog based upon the set of entity behaviors associated with the plurality of security related activities, the entity behavior catalog providing an inventory of entity behaviors for use when performing the security operation.
G06F 15/173 - Communication entre processeurs utilisant un réseau d'interconnexion, p. ex. matriciel, de réarrangement, pyramidal, en étoile ou ramifié
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
G06N 5/04 - Modèles d’inférence ou de raisonnement
A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity of the entity, the security related activity being based upon the observable derived from the electronic data source, the security related activity being of analytic utility; converting the security related activity to entity behavior catalog data, the entity behavior catalog providing an inventory of entity behaviors; and, accessing an entity behavior catalog based upon the entity behavior catalog data; and performing a security operation via a security system, the security operation using the entity behavior catalog data stored within the entity behavior catalog based upon the security related activity.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
G06N 5/04 - Modèles d’inférence ou de raisonnement
A system, method, and computer-readable medium are disclosed for performing a security risk modeling operation. The security risk modeling operation includes: monitoring an entity, the monitoring observing an electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity, the security related activity being based upon the observable from the electronic data source; analyzing the security related activity, the analyzing the security related activity using a human-centric risk modeling framework; and, performing a security operation in response to the analyzing the security related activity.
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity, the security related activity being based upon the observable from the electronic data source, the security related activity comprising a concerning behavior, the concerning behavior comprising a security related activity of analytic utility; analyzing the security related activity, the analyzing the security related activity being based upon the concerning behavior; and, performing a security operation in response to the analyzing the security related activity.
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
H04L 29/08 - Procédure de commande de la transmission, p.ex. procédure de commande du niveau de la liaison
A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity of the entity, the security related activity being based upon the observable derived from the electronic data source, the security related activity being of analytic utility; associating the security related activity with a phase of a cyber kill chain; and, performing a security operation on the security related activity via a security system, the security operation disrupting performance of the phase of the cyber kill chain.
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A system for network configuration, comprising a graphic user interface system operating on a first processor and configured to allow a user to select one or more hardware infrastructure components and one or more software infrastructure components for use with a first infrastructure. A configuration recording system operating on a second processor and configured to receive two or more objects associated with each of the one or more hardware infrastructure components and each of the one or more software infrastructure components and to store the two or more objects in a template.
A system, for managing application specific configuration data, that receives, from a local server, a standardized configuration object, at a configuration engine, for a configurable entity, generates at least one configuration object file for the configuration entity, wherein the standardized configuration object is generated based on the application specific configuration data according to a system wide metadata specification. The system can further write each configuration object file to a shared memory structure associated with a configuration file of a configurable entity. The system receives the configuration object, compares the configuration object with another standardized configuration object, and interfaces the configuration object with the configuration engine. The interfaced configuration object can be a piece of configuration. The system permits read access to the configuration engine to the configuration object, permits read and write access to the management server to the configuration object. The local management server executes in a virtual container.
G06F 8/71 - Gestion de versions Gestion de configuration
H04L 41/22 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets comprenant des interfaces utilisateur graphiques spécialement adaptées [GUI]
59.
Using a security analytics map to perform forensic analytics
A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes monitoring a plurality of electronically-observable actions of a first entity, the plurality of electronically-observable actions of the first entity corresponding to a respective first plurality of events enacted by the first entity; monitoring a plurality of electronically-observable actions of a second entity, the plurality of electronically-observable actions of the second entity corresponding to a respective second plurality of events enacted by the second entity; determining whether a first event of the respective first plurality of events and a second event of the respective second plurality of events comprise an entity interaction between the first entity and the second entity; generating an entity interaction map, the entity interaction map providing a representation of the entity interaction between the first entity and the second entity; and, using the entity interaction map to perform a forensics analysis.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes monitoring a plurality of electronically-observable actions of a first entity, the plurality of electronically-observable actions of the first entity corresponding to a respective first plurality of events enacted by the first entity; monitoring a plurality of electronically-observable actions of a second entity, the plurality of electronically-observable actions of the second entity corresponding to a respective second plurality of events enacted by the second entity; determining whether a first event of the respective first plurality of events and a second event of the respective second plurality of events comprise an entity interaction between the first entity and the second entity; generating an entity interaction map, the entity interaction map providing a representation of the entity interaction between the first entity and the second entity; and, using the entity interaction map to trace the entity interaction between the first entity and the second entity.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; identifying a security related activity of the entity, the security related activity being of analytic utility; accessing an entity behavior catalog based upon the security related activity, the entity behavior catalog providing an inventory of entity behaviors; and performing a security operation via a distributed security analytics environment, the security operation using entity behavior catalog data stored within the entity behavior catalog based upon the security related activity.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; associating a human factor with the entity; identifying an event of analytic utility, the event of analytic utility being derived from the observable from the electronic data source; analyzing the event of analytic utility, the analyzing the event of analytic utility taking into account the human factor associated with the entity enacting the event of analytic utility; generating a risk score in response to the analyzing, the risk score taking into account the human factor associated with the entity; and, performing the security operation when the risk score meets a security risk parameter.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A method, system, and computer-usable medium are disclosed for: (i) communicating, from a client device to a security device via a metadata connection, metadata regarding a data connection to be established by the client device, the metadata comprising a connection identifier uniquely identifying the data connection; and (ii) communicating, from the client device to the security device via the data connection, network traffic comprising a packet that includes the connection identifier, such that the security device may use the connection identifier to index an entry associated with the metadata that the security device has stored in a metadata cache.
A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing an electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity, the security related activity being based upon the observable from the electronic data source; analyzing the security related activity, the analyzing the security related activity using a security risk persona; and, performing a security operation in response to the analyzing the security related activity.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; identifying a security related activity of the entity, the security related activity being of analytic utility; accessing an entity behavior catalog based upon the security related activity, the entity behavior catalog providing an inventory of entity behaviors; and performing a security operation via a human-centric risk modeling framework, the security operation using entity behavior catalog data stored within the entity behavior catalog based upon the security related activity.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity, the security related activity being based upon the observable from the electronic data source, the security related activity comprising a concerning behavior; generating a contextual modifier relating to the security related activity; analyzing the security related activity, the analyzing the security related activity being based upon the contextual modifier; and, performing a security operation in response to the analyzing the security related activity.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; identifying an event of analytic utility; analyzing the event of analytic utility, the analyzing the event of analytic utility identifying an entity behavior associated with the event of analytic utility; and, performing the security operation in response to the analyzing the event of analytic utility, where the monitoring, identifying, analyzing and performing are performed via a distributed security analytics framework.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring a plurality of actions of an entity, the plurality of actions of the entity corresponding to a plurality of events enacted by the entity; maintaining information relating to the monitoring within a user edge component; identifying an event of analytic utility; analyzing the event of analytic utility at the user edge component, the analyzing generating a security risk assessment; and, providing the security risk assessment to a network edge component.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A system, method, and computer-readable medium are disclosed for performing a security analytics mapping operation. The security analytics mapping operation includes receiving a plurality of electronically-observable actions of a first entity, the plurality of electronically-observable actions of the first entity corresponding to a respective first plurality of events enacted by the first entity; receiving a plurality of electronically-observable actions of a second entity, the plurality of electronically-observable actions of the second entity corresponding to a respective second plurality of events enacted by the second entity; determining, via a distributed security analytics environment, whether a first event of the respective first plurality of events and a second event of the respective second plurality of events comprise an entity interaction between the first entity and the second entity; and, generating, via the distributed security analytics environment, an entity interaction map, the entity interaction map providing a representation of the entity interaction between the first entity and the second entity.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity, the security related activity being based upon the observable from the electronic data source; the security related activity comprising a concerning behavior, the security related activity being enacted during an activity session; associating the security related activity enacted during an activity session with a security risk persona; analyzing the security related activity, the analyzing the security related activity using the security risk persona; and, performing a security operation in response to the analyzing the security related activity.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A method, system, and computer-usable medium are disclosed for: (i) determining if a server response from a server received at a security device and intended for a client includes original encryption key information for encrypting identifying information associated with the server; (ii) if the server response includes original encryption key information for encrypting identifying information associated with the server, determining if a network policy provides for decryption of identifying information associated with the server; and (iii) if the network policy provides for decryption of identifying information associated with the server, replacing the original encryption key information with modified encryption key information associated with the security device and communicating the server response to the client with the modified encryption key information associated with the security device.
A system, method, and computer-readable medium are disclosed for monitoring actions of an entity. In various embodiments the monitoring includes: monitoring a plurality of electronically-observable actions of the entity, the plurality of electronically-observable actions of the entity corresponding to a plurality of events enacted by the entity; associating the plurality of events enacted by the entity with a story; and, using the story to derive an inference regarding the entity.
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
G06N 5/04 - Modèles d’inférence ou de raisonnement
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A system for controlling data services, comprising a plurality of host computers configured to communicate over the network and to request a data tunnel. A plurality of server computers configured to provide data tunnel services to the plurality of host computers. An address allocator operating on one or more processors and configured to implement one or more algorithms that cause a range of addresses to be assigned to each of the server computers, wherein each of the host computers receives one of the addresses for use as part of a data tunnel service request from the host computer to the server computer.
H04L 47/125 - Prévention de la congestionRécupération de la congestion en équilibrant la charge, p. ex. par ingénierie de trafic
H04W 80/06 - Protocoles de couche transport, p. ex. protocole de commande de transport [TCP Transport Control Protocol] par liaison sans fil
H04L 67/1008 - Sélection du serveur pour la répartition de charge basée sur les paramètres des serveurs, p. ex. la mémoire disponible ou la charge de travail
74.
Managing data schema differences by path deterministic finite automata
A method for migrating a data schema comprising combining a first deterministic finite automaton with a second deterministic finite automaton to generate a modified deterministic finite automation. Identifying a state of the modified deterministic finite automaton without computed followers. Computing a new vector of original states for each state of the modified deterministic finite automaton corresponding to the identified state.
A method, system, and computer-usable medium are disclosed for receiving a response, by a security management system, from a site external to an internal network comprising the security management system to an endpoint device of the internal network, and injecting a header into the response by the security management system, the header including security rules, such that when the response is communicated to the endpoint device, the endpoint device responds to the security management system with information regarding subsequent requests made by the endpoint device in connection with the response.
A system for image classification is disclosed that includes a central system configured to provide high reliability image data processing and recognition and a plurality of endpoint systems, each configured to provide image data processing and recognition with a lower reliability than the central system and to generate probability data. A decision switch disposed at each of the plurality of endpoint systems is configured to receive the probability data and to determine whether to deny access, grant access or generate a referral message to the central system, wherein the referral message includes at least a set of image data generated at the endpoint system.
G06K 9/00 - Méthodes ou dispositions pour la lecture ou la reconnaissance de caractères imprimés ou écrits ou pour la reconnaissance de formes, p.ex. d'empreintes digitales
G06N 7/00 - Agencements informatiques fondés sur des modèles mathématiques spécifiques
G06K 9/62 - Méthodes ou dispositions pour la reconnaissance utilisant des moyens électroniques
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
A system, method, and computer-readable medium are disclosed for using a behavioral fingerprint via a behavioral fingerprint operation. In various embodiments the behavioral fingerprint operation includes: monitoring an electronically-observable action of an entity, the electronically-observable action of the entity corresponding to an event enacted by the entity; converting the electronically-observable action of the entity to electronic information representing the action of the entity; generating the behavioral fingerprint based upon observations associated with the action of the entity; and, using the behavioral fingerprint in combination with an adaptive trust profile to generate an inference regarding the entity.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
78.
Systems and methods for detecting the injection of malicious elements into benign content
A method, system, and computer-usable medium are disclosed for include receiving a first version of content from a resource, generating a first lightweight fingerprint for the first version of the content, receiving a second version of the content from the same resource, generating a second lightweight fingerprint for the second version of the content, comparing the first lightweight fingerprint to the second lightweight fingerprint to determine changes to a non-injectable section of the content and potentially-injected sections of the content between the first version and the second version, and determining the content to include potentially malicious elements responsive to determining that the non-injectable section of the content have remained substantially static between the first version and the second version and determining that potentially-injected sections of the content has substantially changed between the first version and the second version.
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
A system, method, and computer-readable medium are disclosed for generating an adaptive trust profile via an adaptive trust profile operation. In various embodiments the adaptive trust profile operation includes: monitoring an electronically-observable action of an entity, the electronically-observable action of the entity corresponding to an event enacted by the entity; converting the electronically-observable action of the entity to electronic information representing the action of the entity; generating an entity profile based upon the action of the entity; and, using the entity profile to generate the adaptive trust profile.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
H04L 29/08 - Procédure de commande de la transmission, p.ex. procédure de commande du niveau de la liaison
A system, method, and computer-readable medium are disclosed for generating an adaptive trust profile, comprising: monitoring an electronically-observable action of an entity, the electronically-observable action of the entity corresponding to an event enacted by the entity; converting the electronically-observable action of the entity to electronic information representing the action of the entity; and generating the adaptive trust profile based upon the action of the entity, the adaptive trust profile being privacy enhanced.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
H04L 29/08 - Procédure de commande de la transmission, p.ex. procédure de commande du niveau de la liaison
A method, system and computer-usable medium are disclosed for establishing a virtual point of presence or VPoP in a country or locale by registering an internet protocol (IP) prefix range for communication specific to the locale in a physical data center; implementing proxy servers on the data center that support the IP prefix range; geolocating users in the locale to the IP prefix range; network address translating inbound connections to the IP prefix range with IP addresses on the proxy servers to provide extended IP network addresses; and providing content to the users by the proxy servers on using the extended IP network addresses.
G06F 15/16 - Associations de plusieurs calculateurs numériques comportant chacun au moins une unité arithmétique, une unité programme et un registre, p. ex. pour le traitement simultané de plusieurs programmes
H04L 29/12 - Dispositions, appareils, circuits ou systèmes non couverts par un seul des groupes caractérisés par le terminal de données
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04L 29/08 - Procédure de commande de la transmission, p.ex. procédure de commande du niveau de la liaison
82.
System for generating an electronic security policy for a file format type
A method, system, and computer-readable storage medium are disclosed for identifying binary signatures in a selected set of files and assigning at least one of the binary signatures to a file format name or file format type for use in a security policy generator. In certain embodiments, the method for generating an electronic security policy for a file format type, includes: identification of a plurality of files stored in electronic memory, where the plurality of files include files having the same file format type; providing a file format name that is to be associated with the file format type; accessing the plurality of files from the electronic memory; identifying a common binary signature for the file format type included in the plurality of files; correlating the file format type with the common binary signature; and generating the security policy for the file format type using the file format name.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
G06F 16/11 - Administration des systèmes de fichiers, p. ex. détails de l’archivage ou d’instantanés
83.
Early detection of potentially-compromised email accounts
A method, system, and computer-usable medium are disclosed for establishing a reference outbound email volume rate for a user account, monitoring the user account to determine a current outbound email volume rate, determining a risk score based on the current outbound email volume rate and the reference outbound email volume rate, buffering outgoing emails of the user account if the risk score exceeds a threshold risk score, analyzing the buffered emails against one or more factors indicative of a probability of the buffered emails comprising spam, and responsive to analysis of the buffered emails against the one or more factors indicating that the user account is potentially compromised, quarantine the user account and prevent outbound mail from being delivered from the user account.
A method, system, and computer-usable medium are disclosed for, responsive to receipt at a security device of a webpage request from a client to a server, obtaining a unique user identifier corresponding to a tab of a web browser issuing the webpage request and associating the unique user identifier with network events associated with the tab and the webpage request.
A method, system and computer-usable medium for generating session-based security information. Generating the session-based security information includes the steps of monitoring user behavior between an enactor and an entity; detecting user behavior data associated with the user behavior; generating a session using the user behavior data, the session relating to an entity discrete interaction of the enactor; and, associating the session and the session-based security information with the user profile.
G06F 21/84 - Protection des dispositifs de saisie, d’affichage de données ou d’interconnexion dispositifs d’affichage, p. ex. écrans ou moniteurs
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04L 29/08 - Procédure de commande de la transmission, p.ex. procédure de commande du niveau de la liaison
G06F 11/34 - Enregistrement ou évaluation statistique de l'activité du calculateur, p. ex. des interruptions ou des opérations d'entrée–sortie
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A method, system and computer-usable medium for adaptively remediating multivariate risk, comprising: detecting a violation of a multivariate security policy, the multivariate security policy comprising a plurality of variables; identifying a variable from the plurality of variables associated with a cause of the violation; associating an entity with the variable associated with the cause of the violation; and, adaptively remediating a risk associated with the entity.
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
G06F 11/34 - Enregistrement ou évaluation statistique de l'activité du calculateur, p. ex. des interruptions ou des opérations d'entrée–sortie
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A method, system and computer-usable medium for identifying communications received from potentially untrustworthy entities. More specifically, in one embodiment the invention relates to a computer-implemented method comprising: receiving an electronic communication for a receiving entity from a sending entity; accessing social media profile information for the sending entity from a social media network; and analyzing the social media profile information of the sending entity pursuant to determining whether the received electronic communication is from a potentially untrustworthy entity. Certain embodiments use the determination as to whether the received electronic communication is from a potentially untrustworthy entity to assess whether the received electronic communication is a reconnaissance communication, such as a phishing email.
G06Q 50/00 - Technologies de l’information et de la communication [TIC] spécialement adaptées à la mise en œuvre des procédés d’affaires d’un secteur particulier d’activité économique, p. ex. aux services d’utilité publique ou au tourisme
88.
Web extension JavaScript execution control by service/daemon
A method, system and computer-usable medium for collecting and scanning data (i.e., web POST data) before the data is sent. A POST request is sent from a client device to server. The request is through a web browser running a script language listing. The script language listing is paused, while the data is held and scanned. A determination is made to allow or block the data before the data is sent through the POST request.
A method, system and computer-usable medium for redisplaying data at a remote access client system from a secure computing environment. The redisplaying data includes receiving a request form the remote access client system for data, inspecting the request for potential unauthorized or malicious retransmission. Modifying the data, by filtering audio data or transforming graphical data prior to sending the requested data is performed to prevent the unauthorized or malicious retransmission.
A system for optimization of data transmission, comprising a content protection extraction system configured to operate on a remote processor and to extract content protection data associated with a data file and to transmit the content protection data to a central processor and a content protection confirmation system configured to operate on the central processor and to receive the content protection data and to verify whether the content protection data is associated with an authenticated data file.
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
H04L 67/06 - Protocoles spécialement adaptés au transfert de fichiers, p. ex. protocole de transfert de fichier [FTP]
H04L 101/659 - Adresses IPv6 du protocole Internet version 6
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Computer hardware; downloadable computer software, namely,
downloadable software for the creation of firewalls,
downloadable software for security analytics, downloadable
software for use by security analysts to facilitate the
search and analysis of data related to cyber and real-world
threats, downloadable software for network security, load
balancing, and routing, downloadable software for web,
hardware, network, computer and internet security,
downloadable software for monitoring and/or controlling
access to sites and locations on a global computer network,
downloadable software that enables safe, secure and
simultaneous data movement within and between computer
networks, downloadable software that enables, controls and
audits sharing of information across computer networks,
downloadable software that enables users to enable and
control access to computers, computer networks, data,
documents and other software applications with multiple and
differing access criteria, and downloadable software that
provides users with simultaneous access to multiple computer
networks; recorded computer software, namely, recorded
software for the creation of firewalls, recorded software
for security analytics, recorded software for use by
security analysts to facilitate the search and analysis of
data related to cyber and real-world threats, recorded
software for network security, load balancing, and routing,
recorded software for web, hardware, network, computer and
internet security, recorded software for monitoring and/or
controlling access to sites and locations on a global
computer network, recorded software that enables safe,
secure and simultaneous data movement within and between
computer networks, recorded software that enables, controls
and audits sharing of information across computer networks,
recorded software that enables users to enable and control
access to computers, computer networks, data, documents and
other software applications with multiple and differing
access criteria, and recorded software that provides users
with simultaneous access to multiple computer networks;
downloadable computer software for security and protection,
namely, downloadable software for providing web security and
protection, providing e-mail messaging security and
protection, and for data loss prevention; recorded computer
software for security and protection, namely, recorded
software for providing web security and protection,
providing e-mail messaging security and protection, and for
data loss prevention; downloadable computer software for the
security and protection of data, networks and
communications; recorded computer software for the security
and protection of data, networks and communications;
electronic downloadable publications, namely, reference
manuals, user guides, and product specifications in the
field of cybersecurity. Providing computer software services, namely, web, hardware,
network, computer and internet security services by
restricting and monitoring access to unauthorized areas in a
global computer network or any other publicly accessible
computer network for the purposes of promoting security and
the computer user's productivity, by restricting access to
and by computers to web sites, and by providing email
messaging security and electronic data security; providing
temporary use of non-downloadable computer software, namely,
software for the creation of firewalls, software for
security analytics, software for use by security analysts to
facilitate the search and analysis of data related to cyber
and real-world threats, software for network security, load
balancing, and routing, software for web, hardware, network,
computer and internet security, software for monitoring
and/or controlling access to sites and locations on a global
computer network, software that enables safe, secure and
simultaneous data movement within and between computer
networks, software that enables, controls and audits sharing
of information across computer networks, software that
enables users to enable and control access to computers,
computer networks, data, documents and other software
applications with multiple and differing access criteria,
and software that provides users with simultaneous access to
multiple computer networks; providing temporary use of
non-downloadable computer software for security and
protection, namely, software for use in maintaining and
monitoring web security, data security and e-mail security;
software as a service (SaaS) services, namely, hosting cloud
and datacenter infrastructure software for use in computer
security and restricting access to computers and web sites;
cloud computing services featuring computer software for use
in security and protection, namely, software for restricting
and monitoring access to a global computer network or any
other publicly accessible computer network for the purposes
of promoting security and the computer user's productivity,
by restricting access to and by computers to web sites, and
by providing email messaging security and electronic data
security, software for the creation of firewalls, software
for security analytics, software for use by security
analysts to facilitate the search and analysis of data
related to cyber and real-world threats, software for
network security, load balancing, and routing, software for
web, hardware, network, computer and internet security,
software for monitoring and/or controlling access to sites
and locations on a global computer network, software that
enables safe, secure and simultaneous data movement within
and between computer networks, software that enables,
controls and audits sharing of information across computer
networks, software that enables users to enable and control
access to computers, computer networks, data, documents and
other software applications with multiple and differing
access criteria, and software that provides users with
simultaneous access to multiple computer networks; providing
temporary use of online non-downloadable computer software
for the security and protection of data, networks, and
communications.
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Computer hardware; downloadable computer software, namely,
downloadable software for the creation of firewalls,
downloadable software for security analytics, downloadable
software for use by security analysts to facilitate the
search and analysis of data related to cyber and real-world
threats, downloadable software for network security, load
balancing, and routing, downloadable software for web,
hardware, network, computer and internet security,
downloadable software for monitoring and/or controlling
access to sites and locations on a global computer network,
downloadable software that enables safe, secure and
simultaneous data movement within and between computer
networks, downloadable software that enables, controls and
audits sharing of information across computer networks,
downloadable software that enables users to enable and
control access to computers, computer networks, data,
documents and other software applications with multiple and
differing access criteria, and downloadable software that
provides users with simultaneous access to multiple computer
networks; recorded computer software, namely, recorded
software for the creation of firewalls, recorded software
for security analytics, recorded software for use by
security analysts to facilitate the search and analysis of
data related to cyber and real-world threats, recorded
software for network security, load balancing, and routing,
recorded software for web, hardware, network, computer and
internet security, recorded software for monitoring and/or
controlling access to sites and locations on a global
computer network, recorded software that enables safe,
secure and simultaneous data movement within and between
computer networks, recorded software that enables, controls
and audits sharing of information across computer networks,
recorded software that enables users to enable and control
access to computers, computer networks, data, documents and
other software applications with multiple and differing
access criteria, and recorded software that provides users
with simultaneous access to multiple computer networks;
downloadable computer software for security and protection,
namely, downloadable software for providing web security and
protection, providing e-mail messaging security and
protection, and for data loss prevention; recorded computer
software for security and protection, namely, recorded
software for providing web security and protection,
providing e-mail messaging security and protection, and for
data loss prevention; downloadable computer software for the
security and protection of data, networks and
communications; recorded computer software for the security
and protection of data, networks and communications;
electronic downloadable publications, namely, reference
manuals, user guides, and product specifications in the
field of cybersecurity. Providing computer software services, namely, web, hardware,
network, computer and internet security services by
restricting and monitoring access to unauthorized areas in a
global computer network or any other publicly accessible
computer network for the purposes of promoting security and
the computer user's productivity, by restricting access to
and by computers to web sites, and by providing email
messaging security and electronic data security; providing
temporary use of non-downloadable computer software, namely,
software for the creation of firewalls, software for
security analytics, software for use by security analysts to
facilitate the search and analysis of data related to cyber
and real-world threats, software for network security, load
balancing, and routing, software for web, hardware, network,
computer and internet security, software for monitoring
and/or controlling access to sites and locations on a global
computer network, software that enables safe, secure and
simultaneous data movement within and between computer
networks, software that enables, controls and audits sharing
of information across computer networks, software that
enables users to enable and control access to computers,
computer networks, data, documents and other software
applications with multiple and differing access criteria,
and software that provides users with simultaneous access to
multiple computer networks; providing temporary use of
non-downloadable computer software for security and
protection, namely, software for use in maintaining and
monitoring web security, data security and e-mail security;
software as a service (SaaS) services, namely, hosting cloud
and datacenter infrastructure software for use in computer
security and restricting access to computers and web sites;
cloud computing services featuring computer software for use
in security and protection, namely, software for restricting
and monitoring access to a global computer network or any
other publicly accessible computer network for the purposes
of promoting security and the computer user's productivity,
by restricting access to and by computers to web sites, and
by providing email messaging security and electronic data
security, software for the creation of firewalls, software
for security analytics, software for use by security
analysts to facilitate the search and analysis of data
related to cyber and real-world threats, software for
network security, load balancing, and routing, software for
web, hardware, network, computer and internet security,
software for monitoring and/or controlling access to sites
and locations on a global computer network, software that
enables safe, secure and simultaneous data movement within
and between computer networks, software that enables,
controls and audits sharing of information across computer
networks, software that enables users to enable and control
access to computers, computer networks, data, documents and
other software applications with multiple and differing
access criteria, and software that provides users with
simultaneous access to multiple computer networks; providing
temporary use of online non-downloadable computer software
for the security and protection of data, networks, and
communications.
93.
Scan, detect, and alert when a user takes a photo of a computer monitor with a mobile phone
A method, system and computer-usable medium for detecting an occurrence of visual hacking via a visual hacking detection operation which includes: receiving a surveillance image; processing the surveillance image to generate surveillance image data; and, performing a visual hacking detection operation using the surveillance image data, the visual hacking detection operation determining whether visual hacking has been detected.
A method, system and computer-usable medium are disclosed for operating a protected endpoint. In various embodiments, operation of the protected endpoint device comprises: receiving, at an endpoint collector operating on the protected endpoint device, information corresponding to activities occurring on an endpoint platform; placing, by the endpoint collector, a plurality of events corresponding to the activities on a message bus; receiving, at an endpoint agent, one or more of the plurality of events from the message bus; selectively processing, by the endpoint agent, one or more of the plurality of events received on the message bus, wherein the plurality of events selectively processed by the endpoint agent are events to which the endpoint agent has subscribed; and providing a service connection between the endpoint agent and a software service, wherein communications between the endpoint agent and software service include information corresponding to one or more of the subscribed events.
A method, system and computer-usable medium are disclosed for operating an endpoint agent at an endpoint device. Certain embodiments include a computer-implemented method for operating an endpoint agent at an endpoint device, including: operating the endpoint agent to selectively subscribe to events corresponding to activities occurring at an endpoint platform; processing events received from a message bus by the endpoint agent, where the events processed by the endpoint agent are events to which the endpoint agent has subscribed; and communicating, to a service, information corresponding to the events processed by the endpoint agent. Other embodiments of this aspect of the invention may include corresponding stand-alone and/or network computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform one or more of these actions.
A method, system and computer-usable medium are disclosed for operating an endpoint court at an endpoint device. Certain embodiments include a computer-implemented method for operating an endpoint core at an endpoint device, the method including: receiving an event subscription request from an endpoint agent over a message bus; and managing communication of events for processing by the endpoint agent based on the event subscription request so that events to which the endpoint agent has subscribed are selectively processed at the endpoint agent. Certain embodiments may include corresponding stand-alone and/or network computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform one or more of these actions.
A method, system and computer-usable medium are disclosed for operating a collector at an endpoint device are disclosed. Certain embodiments include a computer-implemented method for operating an endpoint collector at an endpoint device, including: receiving, at an endpoint collector operating on the endpoint device, information corresponding to activities occurring on an endpoint platform; receiving, at the endpoint collector, one or more filter definitions; and selectively placing, by the endpoint collector, a plurality of events on a message bus, wherein a determination as to which events are placed by the endpoint collector on the message bus is based on the one or more filter definitions. Certain embodiments may include corresponding stand-alone and/or network computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform one or more of these actions.
Disclosed herein is technology that detects potentially deceptive URI (Uniform Resource Identifier) of a homograph attack (e.g., an Internationalized Domain Name (IDN) homograph attack). In one or more implementations, the detection may be accomplished, at least in part, by assessing the likelihood that all of the characters in the URI (e.g., domain name) were typed on a keyboard using a single keyboard map. This Abstract is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims.
A method, system, and computer-usable medium for protecting against contagion-based risk events are disclosed for monitoring behavior of users to construct a contagion network relationship map of connection and influence relationships between different users and then analyzing a received stream of events from the users to identify a critical event performed by a first user having a first risk score so that one or more propagated risk scores can be generated from the first risk score for at least a first connected user based on connection and influence relationships between the first user and the first connected user that are extracted from the contagion network relationship so that an adaptive response may be automatically generated to protect and control against actions by at least the first connected user based on the one or more propagated risk scores.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projetsPlanification d’entreprise ou d’organisationModélisation d’entreprise ou d’organisation
100.
Efficient matching of feature-rich security policy with dynamic content
A method for filtering data packets at a firewall system is disclosed that includes receiving a data packet having a plurality of fields at a processor. Determining with the processor whether a precondition exists for one or more of the plurality of fields, where an action is associated with the precondition. Performing the action associated with the precondition on the data packet with the processor if it is determined that the precondition exists for one or more of the plurality of fields. Processing the data packet using a plurality of rules with the processor if it is determined that the precondition does not exist for the one or more of the plurality of fields.
