A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is big data driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

Methods and systems for account authentication in a distributed computing node group may involve sending a message to a member, the message having a first timestamp, increasing an authentication failure count, receiving a first key-exchange message from the member, the first key-exchange message having a second timestamp, evaluating the second timestamp, and determining whether to ignore the first key-exchange message based on an evaluation of the second timestamp. The first timestamp may be associated with a message received from the member prior to sending the message with the first timestamp to the member. The first key-exchange message may include a value computed by the member based on a group passcode shared with the member. The evaluation of the second timestamp may be based on at least one of a default value, the authentication failure count, or a timestamp associated with the group passcode.

A method performed by a communication server includes receiving a request from a first network entity to set up a communication session between a first user at a first device and a second user at a second device, wherein the first network entity is registered with the communication server, in response to the request, generating a token, wherein the token is configured to grant access to the communication session, sending the token to the first network entity, after sending the token to the first network entity, receiving the token from the first user at the first device, and causing the communication session to be set up between the first user at the first device and the second user at the second device according to the token.

Techniques for providing a secure and verifiable data access logging system are disclosed herein. In some embodiments, a computer system receives an indication of a data request from a client device that is requesting data of one or more users from a data server, stores a request log entry corresponding to the data request in a log file, generates a request token based on the received indication of the data request, transmits the generated request token to the client device, receives a fetch event from the data server that requests a request digest corresponding to the request token and configured to indicate that the request log entry corresponding to the data request is stored in the log file, stores a response log entry corresponding to the received fetch event in the log file, and transmits the request digest to the data server based on the received fetch event.

A first electronic control unit (ECU) is in communication with a second ECU over a vehicle bus. The first ECU is configured to generate functional safety values and security protection values for a message, validate the security protection values for the message, and send the message to the second ECU including the security protection values but not the functional safety values.

Systems, methods and computer-readable storage media are utilized dynamically discovering components of a computer network environment. The processing circuit of a data acquisition engine configured to determine a network identifier associated with an entity, the entity comprising information associated with previously stored device connectivity data for the entity, determine network data based on the network identifier, validate the network name and the network data, comprising determining whether the network data is included in the previously stored device connectivity data, and provide additionally collected device connectivity data to a security model.

Systems and methods for preventing fraud are disclosed. The system includes, for example, a front end device that is operatively coupled to a back end device. The front end device is configured to generate a first dynamic device identification based on dynamic device characteristics of the front end device. The back end device is configured to generate a second dynamic device identification based on the dynamic device characteristics of the front end device to authenticate the front end device. The front end device can also authenticate itself through an Internet of Things (IoT) device that has a trusted connection to the back end device.

An access control system is described in which a primary credential device has a master key and a secondary credential device has a key derived from the master key. Both the master key and the derivative key are required to gain access to the resource protected by the access control system. If the secondary credential device is lost, misplaced, or stolen, it cannot be used to gain illicit access to the protected resource, and it can be easily replaced by providing a different secondary credential device with another key derived from the master key.

Methods for authenticating a user account are generally described. In various examples, the methods may comprise performing a first handshake comprising sending authentication data to a first computing device. The authentication data may include a handshake identifier, a user token, and an encryption key. In some examples, the methods may further comprise storing the handshake identifier, the user token, and the encryption key in a database. The methods may further comprise receiving a request for verification of a transaction. The request may comprise the handshake identifier and an encrypted user token. The user token and the encryption key may be retrieved from the database based at least in part on the handshake identifier of the request. The encryption key may be used to decrypt the encrypted user token. A determination may be made that the decrypted user token matches the user token retrieved from the database.

Techniques are described for processing anomalies detected using user-specified rules with anomalies detected using machine-learning based behavioral analysis models to identify threat indicators and security threats to a computer network. In an embodiment, anomalies are detected based on processing event data at a network security system that used rules-based anomaly detection. These rules-based detected anomalies are acquired by a network security system that uses machine-learning based anomaly detection. The rules-based detected anomalies are processed along with machine learning detected anomalies to detect threat indicators or security threats to the computer network. The threat indicators and security threats are output as alerts to the network security system that used rules-based anomaly detection.