The invention relates to a device/method a tracking and management method for responding to a cyber-attack directed to at least one attacked vehicle of a fleet including a plurality of vehicles, each vehicle comprising an intrusion detection and prevention system (IDPS) configured to track data wirelessly received by said vehicle for identifying the cyber-attack, the method comprising the following steps: identifying the cyber-attack in said at least one attacked vehicle, the identification corresponding to the discovery, by the intrusion detection and prevention system (IDPS) of the at least one attacked vehicle, of at least one piece of malicious data among the wirelessly received data and the definition of a report update that characterizes said at least one piece of malicious data; broadcasting the report update to at least one non-attacked vehicle of the fleet from the at least one attacked vehicle according to a short range communication protocol.

An unauthorized intrusion analysis support apparatus is configured to receive an input of a field related to an unauthorized intrusion; is configured to extract at least one word in the inputted field relevant to the unauthorized intrusion to an apparatus communicably coupled to a predetermined network from a text relevant to the unauthorized intrusion to the apparatus; is configured to calculate a relevance degree between the extracted word and a mode of the unauthorized intrusion based on the extracted word and information on a word of the mode of the unauthorized intrusion in the inputted field and assume that the text is a text about the unauthorized intrusion in the inputted field when the calculated relevance degree is equal to or higher than a predetermined threshold; and is configured to output information indicating that the text is the text about the unauthorized intrusion in a user field.

Systems and techniques for sharing security data are described herein. Security rules and/or attack data may be automatically shared, investigated, enabled, and/or used by entities. A security rule may be enabled on different entities comprising different computing systems to combat similar security threats and/or attacks. Security rules and/or attack data may be modified to redact sensitive information and/or configured through access controls for sharing.

A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity to identify a behavior enacted by the entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the behavior enacted by the entity; identifying an event of analytic utility, the event of analytic utility being derived from the observable from the electronic data source, the event of analytic utility comprising a behavior enacted by the entity; identifying an indicator of behavior related to the event of analytic utility, the indicator of behavior providing an abstracted description of an inferred intent associated with the behavior enacted by the entity; analyzing the event of analytic utility, the analyzing the event of analytic utility being based upon the indicator of behavior related to the event of analytic utility; and, performing a security operation based upon the inferred intent associated with the behavior enacted by the entity.

A data diode provides a flexible device for collecting data from a data source and transmitting the data to a data destination using one-way data transmission across a main channel. On-board processing elements allow the data diode to identify automatically the type of connectivity provided to the data diode and configure the data diode to handle the identified type of connectivity. Either or both of the inbound and outbound side of the data diode may comprise one or both of wired and wireless communication interfaces. A secure reverse channel, separate from the main channel, allows carefully predetermined communications from the data destination to the data source.

Introduced here are computer programs and computer-implemented techniques for generating and then managing a federated database that can be used to ascertain the risk in interacting with vendors. At a high level, the federated database allows knowledge regarding the reputation of vendors to be shared amongst different enterprises with which those vendors may interact. A threat detection platform may utilize the federated database when determining how to handle incoming emails from vendors.

Techniques for securing containerized applications are disclosed. In some embodiments, a system, process, and/or computer program product for securing containerized applications includes detecting a new application container (e.g., an application pod); deploying a security entity (e.g., a firewall) to the application container; and monitoring all traffic to and from the application container (e.g., all layer-7 ingress, egress, and east-west traffic associated with the application container) using the security entity to enforce a policy.

This disclosure relates to generating telecommunication network measurements. In one aspect, a method includes presenting, by a client device, a digital component that, when interacted with, initiates a call by the client device to a phone number specified by the digital component. A trusted program stores, in a presentation event data structure, a presentation event data element specifying the phone number and resource locator for a reporting system to which reports for the digital component are sent. The trusted program detects a phone call by the client device to a given phone number. The given phone number is compared to one or more presentation event data elements stored in the presentation event data structure. A determination is made that the given phone number matches the phone number specified by the digital component. In response, an event report is transmitted to the reporting system.

Provided are computer-implemented methods for generating embeddings for objects which may include receiving heterogeneous network data associated with a plurality of objects in a heterogeneous network; selecting at least one pattern of objects; determining instances of each pattern of objects based on the heterogeneous network data; generating a pattern matrix for each pattern of objects based on the instances of the pattern of objects; generating pattern sequence data associated with a portion of each pattern matrix; generating network sequence data associated with a portion of the heterogeneous network data; and combining the pattern sequence data and the network sequence data into combined sequence data. In some non-limiting embodiments or aspects, methods may include generating a vector for each object of the plurality of objects based on the combined sequence data. Systems and computer program products are also provided.

Disclosed herein are methods, systems, and processes for centralized containerized deployment of network traffic sensors to network sensor hosts for deep packet inspection (DPI) that supports various other cybersecurity operations. A network sensor package containing a preconfigured network sensor container is received by a network sensor host from a network sensor deployment server. Installation of the network sensor package on the network sensor host causes execution of the network sensor container that further causes deployment of an on-premise network sensor along with a network sensor management system, a DPI system, and an intrusion detection/prevention (IDS/IPS) system. The configurable on-premise network sensor is deployed on multiple operating system distributions of the network sensor host and generates actionable network metadata using DPI techniques for optimized log search and management and improved intrusion detection and response (IDR) operations.