A processor generates a group of data segments by dividing the communication data into sessions, extracts, from the group of data segments, data segments which have identical identification information and whose session interval is equal to or less than a threshold, generates linked data by linking the extracted data segments, determines a risk on communication based on certain information included in the linked data, and collects file information based on the risk from a file included in the linked data.

Various embodiments of the present invention provide methods, apparatuses, systems, computing devices, and/or the like that are configured to enable effective and efficient monitoring of software application frameworks. For example, certain embodiments of the present invention provide methods, apparatuses, systems, computing devices, and/or the like that are configured to perform software application framework monitoring using an interactive software application platform monitoring dashboard comprises a set of user interfaces (e.g., an alert feed user interface, an alert monitoring user interface, and/or the like) that enable an end user to hierarchically view event monitoring metadata fields associated with each recorded suspicious activity alert of one or more recorded suspicious activity alerts of the software application platform, provide user-selected alert validity indicators for each recorded suspicious activity alert of the recorded suspicious activity alerts, and/or generate a suspicious activity monitoring workflow for each recorded suspicious activity alert of the recorded suspicious activity alerts.

A method for processing trust and security for leased infrastructure includes: detecting a first audit event directed to the leased infrastructure; initiating, in response to detecting the first audit event, an execution of a first trust audit; making a first determination, based on a result of the first trust audit, that the first audit event is a verified event; and transmitting, in response to the first determination and to a computing device of a user leasing the leased infrastructure, first instructions for the computing device to display a first output notifying the user that the leased infrastructure is in a trusted domain.

An automatic resource ownership assignment system, the system including resource ownership indicators definition functionality operative to allow an operator of the system to define resource ownership indicators, automatic resource ownership recommendation functionality operative to provide, to at least one user of the system, a recommendation to assign ownership of at least one resource to a potential owner, based on the resource ownership indicators, and automatic resource ownership assignment functionality which, responsive to predetermined at least partial approval of the at least one recommendation by the at least one user and approval of said at least one recommendation by the potential owner, is operative to automatically assign ownership of the at least one resource to the potential owner.

Systems and methods for receiving a request to analyze trust of a client system and perform actions based on a client trust profile. A trust rating server device receives a request from a client computing device to analyze the trust on the device. The request identifies at least one credential or certificate installed on the device for example. The credential or certificate is obtained and analyzed to identify key information that relates to trust, such as level of encryption, country or entity of origin, duration of credential, certifying authority, etc. A rating is established using the key information and compared to a profile or other metric. One or more credentials or certifications may be blocked, disabled, enabled or removed based on a user's profile. Trust credentials are continuously monitored on the device for changes, and new credentials are blocked that do not meet thresholds established in the user's profile.

The present disclosure provides techniques for calculating an entity's cybersecurity risk based on identified relationships between the entity and one or more vendors. Customer/vendor relationships may impact the cybersecurity risk for each of the parties involved because a security compromise of a downstream or upstream provider can lead to a compromise of multiple other companies. For example, if organization A uses B (e.g., a cloud service provider) to store files, and B is compromised, this may lead to organization A being compromised (e.g., the files organization A stored using B may have been compromised by the breach of B's cybersecurity). Embodiments of the present disclosure further provide a technique for calculating a cybersecurity risk score for an organization based on identified customer/vendor relationships.

The present application discloses a method, system, and computer system for monitoring tasks with respect to information stored in a database system. The method includes receiving a request to execute a task with respect to a database, wherein the request is associated with an identifier corresponding to a user that inputs a query for the request; determining whether the task is authorized for the user; in response to a determination that the task is authorized for the user, obtaining a set of information that is to be returned for the task; determining a subset of the set of information, wherein the subset of the set of information comprises one or more parts of the set of information for which the user has access permission; and storing a record of the request to execute the task, wherein the record comprises an indication of the user, and an indication of subset of the set of information.

A method includes capturing first data associated with a first packet flow originating from a first host using a first capture agent deployed at the first host to yield first flow data, capturing second data associated with a second packet flow originating from the first host from a second capture agent deployed outside of the first host to yield second flow data and comparing the first flow data and the second flow data to yield a difference. When the difference is above a threshold value, the method includes determining that a hidden process exists and corrective action can be taken.

Methods and systems for creating a digital association are provided. The method includes obtaining a first user-generated item comprising identifiable features of a first user and a second user. The method also includes obtaining a second user-generated item comprising the identifiable features of the first user and the second user. The method also includes cross-confirming that the first and second user-generated items are valid to verify the digital association.

A virtualized network function included in a mobile communication network may be capable of performing validation of sensor data. The sensor data may be generated by one or more sensors monitoring a tangible asset that is being transported between geographical locations. The sensor data may be received by the virtualized network function from an Internet-enabled device in communication with the mobile communication network. In some cases, a contract management application included in the virtualized network function may validate the sensor data based on one or more compliance thresholds describing a shipment condition of the tangible asset. Based on determining whether the sensor data indicates a compliant shipment condition for the tangible asset, the contract management application may modify a contract associated with the tangible asset.