A method for managing memory within a computing system. The method includes one or more computer processors identifying a range of physical memory addresses that store a first data. The method further includes determining whether a second data is stored within the range of physical memory addresses that stores the first data. The method further includes responding to determining that the second data is stored within the range of physical memory addresses that store the first data, by determining whether a process accessing the second data is identified as associated with a side-channel attack. The method further includes responding to determining that the process accessing the second data is associated with the side-channel attack, by initiating a response associated with the process accessing the second data.

Embodiments of the present invention provide systems and methods for evaluating and weighting resource usage activity data. The system may establish a communicable link to a user device via a user application to receive resource activity data and historical data from one or more users or systems via multiple communication channels. The system may evaluate the historical data and determine evaluation criteria based on perceived chance of loss associated with particular metadata characteristics, and use the evaluation criteria as weighted metrics for determining an overall evaluation score for the user based on indication from resource activity data that the user has conducted resource transfers with entities or channels identified in the historical data.

Techniques for providing network traffic security in a virtualized environment are described. A threat aware controller uses a threat feed provided by a threat intelligence service to establish a threat detection engine on virtual switches. The threat aware controller and threat detection engine work together to detect any anomalous or malicious behavior of network traffic on the virtual switch and established virtual network functions to quickly detect, verify, and isolate network threats.

A system for detecting security threats in a computing device receives a first set of signals from components of the computing device. The first set of signals includes intercommunication electrical signals between the components of the computing device and electromagnetic radiation signals propagated from the components of the computing device. The system extracts baseline features from the first set of signals. The baseline features represent a unique electrical signature of the computing device. The system extracts test features from a second set of signals received from the component of the system. The system determines whether there is a deviation between the test features and baseline features. If the system detects the deviation, the system determines that the computing device is associated with a particular anomaly that makes the computing device vulnerable to unauthorized access.

Computer systems and methods are provided for receiving a first authentication request that includes an image of an identification document. A risk value is determined using one or more information factors that correspond to the authentication request. A validation user interface that includes the image of the identification document is displayed. A risk category that corresponds to the risk value is determined using at least a first risk threshold. In accordance with a determination that the risk value corresponds to a first risk category, a visual indication that corresponds to the first risk category is displayed. In accordance with a determination that the risk value corresponds to a second risk category, a visual indication that corresponds to the second risk category is displayed.

A system for securing electronic devices includes a processor, non-transitory machine readable storage medium communicatively coupled to the processor, security applications, and a security controller. The security controller includes computer-executable instructions on the medium that are readable by the processor. The security application is configured to determine a suspicious file from a client using the security applications, identify whether the suspicious file has been encountered by other clients using the security applications, calculate a time range for which the suspicious file has been present on the clients, determine resources accessed by the suspicious file during the time range, and create a visualization of the suspicious file, a relationship between the suspicious file and the clients, the time range, and the resources accessed by the suspicious file during the time range.

This disclosure is related to methods and apparatus used to for preventing malicious content from reaching a destination via a dynamic analysis engine may operate in real-time when packetized data is received. Data packets sent from a source computer may be received and be forwarded to an analysis computer that may monitor actions performed by executable program code included within the set of data packets when making determinations regarding whether the data packet set should be classified as malware. In certain instances all but a last data packet of the data packet set may also be sent to the destination computer while the analysis computer executes and monitors the program code included in the data packet set. In instances when the analysis computer identifies that the data packet set does include malware, the malware may be blocked from reaching the destination computer by not sending the last data packet to the destination computer.

Systems and methods for a machine learning based approach for identification of malware using static analysis and a machine-learning based automatic clustering of malware are provided. According to various embodiments of the present disclosure, a processing resource of a computer system receives a potential malware sample. A plurality of feature vectors is extracted from the potential malware sample and is converted into an input vector. A byte sequence is generated by walking a plurality of decision trees based on the input vector. Further, a hash value for the byte sequence is calculated and a determination is made regarding whether the hash value matches a malware hash value of a plurality of malware hash values corresponding to a known malware sample. Upon said determination being affirmative, the potential malware sample is classified as malware and is associated with a malware family of the known malware sample.

In accordance with some embodiments, a method and system for establishing the trustworthiness of software and running systems by analyzing software and its provenance using automated means. In some embodiments, a risk score is produced. In some embodiments, software is analyzed for insecure behavior or structure. In some embodiments, parts of the software are hardened by producing possibly multiple different versions of the software with different hardening techniques applied, and a choice can be made based on user or environmental needs. In some embodiments, the software is verified and constraints are enforced on the endpoint using techniques such as verification injection and secure enclaves. In some embodiments, endpoint injection is managed through container orchestration.

A method for user-defined validation of content stored in a storage system, the method may include receiving a request to execute a user-defined validation process (UDVP) on the content that is stored in the storage system; wherein the request is associated with means for executing the UDVP, and a content identifier; scheduling, by the storage system, at least one execution of the UDVP; executing the UDVP according to the scheduling to provide one or more validation results; and finding that the one or more validation results are indicative of potential security issues and performing one or more validation-triggered security measures.