Apparatuses and methods related to logging failed authentication attempts. Failed authentication attempts can be logged in the circuitry by degrading the circuitry. The degradation can signal a fail authentication attempt while an amount of the degradation can represent a timing of the error.

Embodiments of the present disclosure relate to a data analysis system that may receive data comprising a plurality of raw data items from one or more data sources, such as a monitoring agent located in a monitored network. The received data may be scored using one or more scoring rules and/or algorithms, with raw data items satisfying a score threshold designated as “data item leads.” Raw data items associated with a data item lead may be searched and displayed to the user via an interactive user interface. The data analysis system may be used to execute searches and additional enrichments against the received raw data items. The data analysis system may group received raw data items based upon shared attribute values. The data analysis system may be used to categorize received data and construct timelines, histograms, and/or other visualizations based upon the various attributes of the raw data items.

Some embodiments use text and/or image processing methods to determine whether a user of an electronic messaging platform is subject to an online threat such as cyberbullying, sexual grooming, and identity theft, among others. In some embodiments, a text content of electronic messages is automatically harvested and aggregated into conversations. Conversation data are then analyzed to extract various threat indicators. A result of a text analysis may be combined with a result of an analysis of an image transmitted as part of the respective conversation. When a threat is detected, some embodiments automatically send a notification to a third party (e.g., parent, teacher, etc.)

In an example, a method includes providing a computing device with an instruction to cause the computing device to execute the instruction. The method further includes monitoring a side channel of a microarchitectural component of the computing device to obtain an indication of whether or not a state of the microarchitectural component changes as a result of the computing device executing the instruction. The method further includes determining whether or not the indication corresponds to an expected state of the microarchitectural component for the instruction.

A process for determining a degree of data exposure, including the steps of: receiving entries associated with documents, where each of the entries includes an access path and information about the server; generating subsets, wherein for at least one subset: determining at least one score among a first and a second score; determining the first score including: generating a value as a function of the access paths; determining, with a machine-learning algorithm, the first score based on this value; and determining the second score including: receiving content associated with each entry; generating a value as a function of the associated content; determining, with a machine-learning algorithm, the second score based on the value; and determining the degree of exposure of the data present on the associated server.

Systems and methods are disclosed for analysis of user behavior data to improve security awareness. User behavior data of an organization is received from one or more agents on endpoint devices accessed by the users and using the user behavior data, one or more risk scores representative of the severity of risk associated with the user behavior of the users are determined. Based on the one or more risk scores representative of the severity of risk associated with the user behavior of the users, the behavior of the is determined to pose a security risk to the organization, In response to the determination that the user behavior of the users of the organization poses a security risk to the organization, electronic security awareness training is delivered to the users.

Security can be improved in a business application or system, such as a mission-critical application, by automatically analyzing and detecting anomalies for mission-critical applications. This detection may be based on a dynamic analysis of business process logs and audit trails that includes User and Entity Behavior Analysis (“UEBA”).

Embodiments of the present invention provide systems and methods for evaluating and weighting resource usage activity data. The system may establish a communicable link to a user device via a user application to receive resource activity data and historical data from one or more users or systems via multiple communication channels. The system may evaluate the historical data and determine evaluation criteria based on perceived chance of loss associated with particular metadata characteristics, and use the evaluation criteria as weighted metrics for determining an overall evaluation score for the user based on indication from resource activity data that the user has conducted resource transfers with entities or channels identified in the historical data.

Techniques for providing network traffic security in a virtualized environment are described. A threat aware controller uses a threat feed provided by a threat intelligence service to establish a threat detection engine on virtual switches. The threat aware controller and threat detection engine work together to detect any anomalous or malicious behavior of network traffic on the virtual switch and established virtual network functions to quickly detect, verify, and isolate network threats.

A system for securing electronic devices includes a processor, non-transitory machine readable storage medium communicatively coupled to the processor, security applications, and a security controller. The security controller includes computer-executable instructions on the medium that are readable by the processor. The security application is configured to determine a suspicious file from a client using the security applications, identify whether the suspicious file has been encountered by other clients using the security applications, calculate a time range for which the suspicious file has been present on the clients, determine resources accessed by the suspicious file during the time range, and create a visualization of the suspicious file, a relationship between the suspicious file and the clients, the time range, and the resources accessed by the suspicious file during the time range.