A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.

An authorizing party determines an authorization record set that needs to be revoked, where an authorization record included in the authorization record set corresponds to a token that is issued to an authorized party after the authorizing party grants access to the authorized party, and where each authorization record includes an authorization validation moment for a corresponding token. A time validity attribute of the authorization record set is configured. For a specific point-in-time, a value associated with the time validity attribute is set. A determination is performed as to whether the authorization record is revoked based on the authorization validation moment and the value associated with the time validity attribute

A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is big data driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

In one embodiment, the present disclosure is directed to a system for digital authentication, the system including a server and a device. The device includes a first processor and a second processor separate and distinct from the first processor and dedicated solely to security functionality. The second processor is programmed to generate a public key and a private key, and to use the private key and to-be-signed signature data to generate digital signatures, including a first digital signature. The device transmits the public key and the first digital signature to the server. The server stores the public key to uniquely identify the device or a user of the device in subsequent communications between the server and device.

Techniques for intercept-based multifactor authentication client enrollment as a network service are disclosed. In some embodiments, a system, process, and/or computer program product for intercept-based multifactor authentication client enrollment as a network service includes monitoring a session at a firewall, intercepting a request for access to a resource while monitoring the session at the firewall, determining that a user associated with the session is not enrolled for multifactor authentication, and initiating enrollment of the user for the multifactor authentication.

A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is big data driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

An authentication apparatus includes a memory that stores information regarding a device and other device located in the vicinity of the device in association with each other; a receiving unit that, in a case where there is an authentication request from the device, receives information regarding other device located in the vicinity of the device at a time of the authentication request; and an authentication unit that authenticates the device based on the information regarding the other device stored in the memory and the information regarding the other device that is received by the receiving unit at the time of the authentication request.

Secure operations can be performed using security module instances offered as a web service through a resource provider environment. State data and cryptographic material can be loaded and unloaded from the instance as needed, such that the instance can be reused for operations of different customers. The material and data can be stored as a bundle encrypted using a key specific to the hardware security module and a key specific to the resource provider, such that the bundle can only be decrypted in an instance of that type of security module from the associated manufacturer and operated by that particular resource provider. The customer is then only responsible for the allocation of that instance during the respective cryptographic operation(s).

Systems, apparatuses and methods may provide for infrastructure node technology that conducts a mutual authentication with a vehicle and verifies, if the mutual authentication is successful, location information received from the vehicle. The infrastructure node technology may also send a token to the vehicle if the location information is verified, wherein the token includes an attestation that the vehicle was present in a location associated with the location information at a specified moment in time. Additionally, vehicle technology may conduct a mutual authentication with an infrastructure node and send, if the mutual authentication is successful, location information to the infrastructure node. The vehicle technology may also receive a token from the infrastructure node.

Certain embodiments involve extracting seasonal, level, and spike components from a time series of metrics data, which describe interactions with an online service over a time period. For example, an analytical system decomposes the time series into latent components that include a seasonal component series, a level component series, a spike component series, and an error component series. The decomposition involves configuring an optimization algorithm with a constraint indicating that the time series is a sum of these latent components. The decomposition also involves executing the optimization algorithm to minimize an objective function subject to the constraint and identifying, from the executed optimization algorithm, the seasonal component series, the level component series, the spike component series, and the error component series that minimize the objective function. The analytical system outputs at least some latent components for anomaly-detection or data-forecasting.