Aspects of the disclosure relate to tracking and mitigating security threats and vulnerabilities in browser extension engines. A computing platform may receive, via the communication interface, an indication of a user request to use a first browser extension at a first user computing device. The computing platform may then analyze the first browser extension to identify one or more potential vulnerabilities in the first browser extension, including performing an examination process on code associated with the first browser extension. Based on identifying one or more potential vulnerabilities, the computing platform may thereafter determine whether the user has an exception associated with each potential vulnerability. Upon detecting no exception for the user, the computing platform may then identify at least one corrective action associated with each potential vulnerability and transmit, to the first user computing device, instructions to perform the at least one corrective action.

Various systems and methods are described for testing and deployment of containers on cloud and edge computing hardware. An example development platform may include capabilities for identifying, from a remote location, data to import a container software package. The development platform may store a container image, based on the data to import the container software package.

The development platform may perform a security evaluation of the container image, before execution of the container image. The development platform may store results of the security evaluation of the container image in a database accessible to the development platform. The development platform may add the container image into a registry of containers available for execution at the development platform, with execution of the container image being based on verification of the results of the security evaluation and use of the registry of containers.

Security can be improved in a business application or system, such as a mission-critical application, by automatically analyzing and detecting anomalies for mission-critical applications. This detection may be based on a dynamic analysis of business process logs and audit trails that includes User and Entity Behavior Analysis (“UEBA”).

A system for intelligent managing whitelists and blacklist provides options and/or suggestions to the administrators and/or information technology team to allow administration of whitelists and/or blacklists based upon history and rules. For example, if permission to run a certain program is requested by several people in a group or organization and the program is not believed to have a virus, then, the administrator if presented with an option to enable (e.g., add to the whitelist) that program for the entire group or organization.

Embodiments for managing the utilization of software releases are provided. Information associated with a software release and at least one early adopter of the software release is analyzed to calculate a severity score for the software release. A time to utilize the software release is determined based on the calculated severity score.

Systems and methods are disclosed for event-based application control. A system extension is configured to leverage an endpoint security API for monitoring event activity within operating system kernel processes. The system extension registers with the endpoint security API particular event types for which the system extension would like to receive notifications. In response to receiving notifications regarding detected events corresponding to the registered event types, the system extension determines if the event, and its corresponding process, are safe and allowable to execute. In various embodiments, the system leverages whitelists, blacklists, and rules policies for making a safeness determination regarding the event notification. The system extension transmits this determination to the operating system via the endpoint security API.

Systems and methods for a machine learning based approach for identification of malware using static analysis and a machine-learning based automatic clustering of malware are provided. According to various embodiments of the present disclosure, a processing resource of a computer system receives a potential malware sample. A plurality of feature vectors is extracted from the potential malware sample and is converted into an input vector. A byte sequence is generated by walking a plurality of decision trees based on the input vector. Further, a hash value for the byte sequence is calculated and a determination is made regarding whether the hash value matches a malware hash value of a plurality of malware hash values corresponding to a known malware sample. Upon said determination being affirmative, the potential malware sample is classified as malware and is associated with a malware family of the known malware sample.

In accordance with some embodiments, a method and system for establishing the trustworthiness of software and running systems by analyzing software and its provenance using automated means. In some embodiments, a risk score is produced. In some embodiments, software is analyzed for insecure behavior or structure. In some embodiments, parts of the software are hardened by producing possibly multiple different versions of the software with different hardening techniques applied, and a choice can be made based on user or environmental needs. In some embodiments, the software is verified and constraints are enforced on the endpoint using techniques such as verification injection and secure enclaves. In some embodiments, endpoint injection is managed through container orchestration.

An information handling system includes a first memory and a baseboard management controller. The first memory stores a first firmware partition and a second firmware partition. The baseboard management controller includes a second memory. The baseboard management controller begins execution of a DM-Verity daemon, and performs periodic patrol reads of the first firmware partition. The baseboard management controller detects one or more block failures in the first firmware partition, and stores information associated with the one or more block failures in a message box of the second memory. In response to the entire first firmware partition being scanned, the baseboard management controller switches a boot partition from the first firmware partition to the second firmware partition, and initiates a reboot of the information handling system.

A method for a cyber threat defense system is provided. The method comprises receiving a first abnormal behavior pattern where the first abnormal behavior pattern represents behavior on a first network deviating from a normal benign behavior of that network; and receiving a second abnormal behavior pattern where the second abnormal behavior pattern representing either behavior on the first network or on a second network deviating from a normal benign behavior of that network. The method further comprises comparing the first and second abnormal behavior patterns to determine a similarity score between the first and second abnormal behavior patterns and determining, based on the comparison, that the first abnormal behavior pattern likely corresponds to malicious behavior when the similarity score is above a threshold. A corresponding non-transitory computer readable medium is also provided.