Techniques and systems to provide a more intuitive user overview of events data by mapping unbounded incident scores to a fixed range and aggregating incident scores by different schemes. The system may detect possible malicious incidents associated with events processing on a host device. The events data may be gathered from events detected on the host device. The incident scores for incidents may be determined from the events data. The incident scores may be mapped to bins of a fixed range to highlight the significance of the incident scores. For instance, a first score mapped to a first bin may be insignificant while a second score mapped to a last bin may require urgent review. The incident scores may also be aggregated at different levels (e.g., host device, organization, industry, global, etc.) and at different time intervals to provide insights to the data.

A method and processing system for managing user access to one or more resources is disclosed. A central service may receive an access change request message regarding a user. The access change request message may include a user identifier, a user role, and an access action for the user. Example access actions may include adding or removing user access with respect to a resource. The central service may determine which resources are associated with the user role and transmit one or more event messages to the resources to implement the access actions. The resources may send acknowledgement messages to the central service to confirm that the access actions have been completed.

Disclosed herein are embodiments of methods, devices and systems for device fingerprinting and automatic and dynamic software deployment to one or more endpoints on a computer network. The device fingerprinting systems and devices herein are configured to operate with limited data without sitting between network devices and the internet, without monitoring all network traffic, and without limited or no active scanning. The embodiments herein may passively collect information as distributed peers and may perform very limited active scans. In some embodiments, the information is used as an input to a custom hierarchical learning model to fingerprint devices on a network by identifying attributes of the devices such as the operating system family, operating system version, and device role. In some embodiments, a dynamic deployer selection process may be utilized to simply and efficiently deploy software. Some embodiments herein involve end-to-end encryption of credentials in a deployment process.

There are provided systems and methods for identifying patterns in computing attacks through an automated traffic variance finder. A service provider, such as an electronic transaction processor for digital transactions, may determine network traffic logs caused or generated by malicious web traffic and network communications, such as during a computing attack by a bad actor. The service provider may generate a log signature for the network traffic log based on a variance or uniqueness of the network traffic logs IP address from other network traffic logs for each field in the network traffic log over a time period, and a spread in the commonality of the network traffic log with other network traffic logs. An aggregate score for each field may be determined based on the variance and the spread. Once determined, the log signature may be used to identify other network traffic logs through a search function.

A method of automatically creating trust communities in a fleet of devices. The method includes finding candidate devices in a fleet of devices via one or more candidate discovery techniques and generating device-related data based on the candidate devices that are found, analyzing the device-related data via an analytics engine and creating one or more fleet orchestrator device lists based on the analysis of the device-related data, and automatically creating one or more new trust communities or suggesting joining one or more previously existing trust communities based at least on the one or more fleet orchestrator device lists for the candidate devices, wherein the one or more new trust communities or previously existing trust communities include at least a sub-set of the devices in the fleet, and wherein at least one of the managed devices in the sub-set of devices is configured as a root device to publish files via a file sharing function.

Multi-tenant cloud-based firewall systems and methods are described. The firewall systems and methods can operate overlaid with existing branch office firewalls or routers as well as eliminate the need for physical firewalls. The firewall systems and methods can protect users at user level control, regardless of location, device, etc., over all ports and protocols (not only ports 80/443) while providing administrators a single unified policy for Internet access and integrated reporting and visibility. The firewall systems and methods can eliminate dedicated hardware at user locations, providing a software-based cloud solution. The firewall systems and methods support application awareness to identify application; user awareness to identify users, groups, and locations regardless of physical address; visibility and policy management providing unified administration, policy management, and reporting; threat protection and compliance to block threats and data leaks in real-time; high performance through an in-line cloud-based, scalable system; etc.

Some embodiments use text and/or image processing methods to determine whether a user of an electronic messaging platform is subject to an online threat such as cyberbullying, sexual grooming, and identity theft, among others. In some embodiments, a text content of electronic messages is automatically harvested and aggregated into conversations. Conversation data are then analyzed to extract various threat indicators. A result of a text analysis may be combined with a result of an analysis of an image transmitted as part of the respective conversation. When a threat is detected, some embodiments automatically send a notification to a third party (e.g., parent, teacher, etc.)

Techniques for database and file management herein include a processor and a memory device storing instructions that cause the processor to perform operations comprising creating a request based on an extensible markup language (XML) or an interpreted scripting language object, wherein the request comprises unauthenticated data for validation. The operations can also include transmitting the request to a remote device), updating metadata corresponding to the request to indicate the successful validation by the remote device, validating a response file, and detecting a discrepancy between the unauthenticated data and the authenticated data accessible by the remote device. Additionally, the operations include obtaining correction data to resolve the discrepancy, and executing a transaction based on the request and the correction data.

A network controller (102) for granting a device and/or an application (120) access rights to at least one device of a set of devices (112, 130) is disclosed. The set of devices (112, 130) comprises a controllable device (130) and a control device (110), wherein the control device (110) comprises a user input element (112) configured to receive a user input, and wherein the control device (110) is configured to generate an input signal (114) based on the received user input. The network controller (102) comprises a communication unit (104) configured to receive an access request signal (124) from the device and/or the application (120), and to receive the input signal (114) from the control device (110), and a processor (106) configured to switch, upon receipt of the access request signal (124), the network controller (102) from a control mode to a configuration mode, wherein the processor (106) is configured to control, if the network controller (102) is in the control mode, the controllable device (130) based on the input signal (114), wherein the processor (106) is configured to grant, if the network controller (102) is in the configuration mode, the access rights to the device and/or the application (120) upon receipt of the input signal (114).

An apparatus includes a network component that is connected between at least two communication, installation and/or computer networks and is suitable and designed for allowing the passage of data traffic between the networks on the basis of adaptable and appropriately activated data traffic rules or for blocking the passage of data traffic through the network component. The network component has a communication relationship recording functionality for recording the communication relationships present during the passage of the data traffic. The recording functionality can be temporarily activated and/or deactivated for recording communication relationships, and the processing of the recorded communication relationships for the purpose of adapting and subsequently activating the data traffic rules is enabled only when the communication relationship recording functionality is deactivated. Also, a method for operating such a network component.