A method synchronizes frame counters for protecting data transmissions between a first end-device and a second end-device. The data, in particular data frames, are transferred between the first end-device and the second end-device. The data frames are provided with frame counters to protect the data transfer between the first end-device and the second end-device. The second end-device sends a first data frame to the first end-device. The first data frame contains a marker in its payload data. The first end-device sends back a second data frame as an answer to the second end-device. The second data frame contains a frame counter in the header data, and the second data frame contains the frame counter and the marker in its payload data.

A method incudes receiving data characterizing a plurality of operating parameters associated with an industrial machine, and receiving data characterizing a plurality of encrypted time. The method also comprises identifying a first encrypted time from the plurality of encrypted times based on temporal location of the first encrypted time relative to a first system time of a plurality of system time. A first operating parameter of the plurality of operating parameters is received at the first system time. The method further comprises generating an operating data set comprising at least the first operating parameter and a new encrypted time based at least on the identified first encrypted time. The new encrypted time is tagged to the first operating parameter. The method also comprises providing the operating data set.

Systems, methods, and related technologies for account access monitoring are described. In certain aspects, a login request associated with a device can be analyzed and a score determined. The score and a threshold can be used to determine whether to initiate an action.

There is provided an information processing device to grasp timing of a process by a protection storage unit and to effectively utilize the timing, the information processing device including a data obtaining unit that, on the basis of a notification from a protection storage unit, obtains data related to timing of a process by the protection storage unit, and a control unit that associates the data related to the timing of the process with data related to the process.

A method of establishing security monitoring functionality on a device on retail display includes obtaining, by a processor of a server computer, a mobile device management (MDM) startup message from the device, determining, by the processor, whether the device is enrolled for MDM supervision, and if the device is enrolled for the MDM supervision, downloading, by the processor to the device, configuration data to support the MDM supervision and implementation of the security monitoring functionality.

A method by one or more computing devices for obfuscating challenge code. The method includes obtaining challenge code for interrogating a client, inserting, into the challenge code, code for obfuscating outputs that are to be generated by the client, where the code for obfuscating the outputs includes code for applying a first chain of reversible transformations to the outputs using client-generated random values, interning strings appearing in the challenge code with obfuscated strings, inserting code for deobfuscating the obfuscated strings into the challenge code, inlining function calls in the challenge code, removing function definitions that are unused in the challenge code due to the inlining, reordering the challenge code without changing the functionality of the challenge code, and providing the challenge code for execution by the client.

According to one embodiment, an Information Handling System (IHS) includes a memory to store a secure event log associated with one or more attributes of the IHS, and computer-executable code to obtain a system time from a system clock of the IHS, obtain a network time from a network time protocol (NTP) server, and compare the system time against the network time. When the obtained system time does not match the obtained network time, set a system clock attack chain vector in the secure event log and generate an Indicator of Attack (IoA) report based at least in part, on the system clock attack chain vector.

Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

Machine-learning techniques and models are described for alerting users to attacks on accounts in real-time or near real-time. In some embodiments, an attack detection model uses Natural Language Processing (NLP) and multi-level classification techniques to monitor login attempts and detect attacks. The model may use NLP to convert text associated with account activity to numerical vectors, where the vectors include scores and/or other numerical values computed based on the meaning of the converted text. The model may further include a set of classifiers trained to learn patterns in the numerical vectors that are predictive of a network attack. The model may assign labels to events based on the predicted likelihood that the event is an attack. The system may deploy real-time preventative or corrective measures based on the ML model output to counter or mitigate the effects of an attack.

Disclosed herein are systems and methods for verifying user activity based on behavioral models. In an exemplary aspect, a method may include receiving and parsing sensor data from at least one sensor in an environment to determine a first identifier of a person that is not authorized to access data via a computing device. The method may include intercepting, on the computing device, a data access request including a second identifier of a user that is authorized to access the data via the computing device. The method may include verifying whether the data access request is from the user authorized to access data by determining whether a chain of events involving the first person and the user corresponds to a behavioral model indicative of malicious activity. Based on the verification, the data access request is either granted or denied.