A security apparatus for a local network is in communication with an external electronic communication system and a first electronic device. The apparatus includes a memory device configured to store computer-executable instructions, and a processor in operable communication with the memory device. The processor is configured to implement the stored computer-executable instructions to cause the apparatus to determine a complexity score for the first electronic device, establish a behavioral pattern for the first electronic device operating within the local network, calculate a confidence metric for the first electronic device based on the determined complexity score and the established behavioral pattern, and control access of the first electronic device to the external electronic network according to the calculated confidence metric.

Embodiments of the disclosure are directed to methods and systems for improving security of Session Initiation Protocol (SIP) calls in a Software Defined Network (SDN). In one embodiment a Software Defined Perimeter (SDP) gateway intercepts a SIP registration message from an initiating host to an accepting host for a SIP communication session. The SDP gateway further perform Single Packet Authentication (SPA) to determine if the initiating host is approved. In response to the initiating host being approved, the SDP gateway, adds the initiating host to a whitelist of the SDN. The SDP gateway also instructs the accepting host to accept a communication request from the initiating host for the SIP communication session.

An access control device provides a secure access control mechanism for a system being remotely accessed. An embodiment of the access control device includes a front-end firewall to provide a first network port to connect a computer to remotely access the system; a bastion host connected with the front-end firewall; and a back-end firewall, connected with the bastion host, to provide a second network port to connect the system. The back-end firewall determines remotely accessible resources in the system and determines resources remotely accessible by the computer, among the remotely accessible resources in the system, according to remote access control policies. The bastion host provides the computer with information provided by the back-end firewall about the resources remotely accessible by the computer through the first network port of the front-end firewall, to permit the resources to be remotely accessible by the computer. Advantages may include security, simplicity and plug-and-play.

The technology includes a method performed by a security system of a 5G network to protect against a cyberattack. The system can instantiate a function to monitor and control incoming network traffic at a perimeter of the 5G network in accordance with a security model that is based on a vulnerability parameter, a risk parameter, and a threat parameter. The system can process the incoming network traffic with the security model to output a vulnerability-risk-threat (VRT) score that characterizes the incoming network traffic in relation to the vulnerability parameter, the risk parameter, and the threat parameter, and causes one or more actions based on the VRT score to mitigate the cyberattack. The action(s) can include blocking the incoming network traffic at the perimeter of the 5G network.

A device may receive a secure signal message from an IoT device provided in a first security zone, and may provide the secure signal message from the first security zone to a second security zone, via a first secure data layer. The device may generate two processed secure signal messages from the secure signal message, and may provide the two processed secure signal messages from the second security zone to a third security zone, via a second secure data layer. The device may calculate a secure analytics message, that includes a graph, based on the two processed secure signal messages, and may provide the secure analytics message from the third security zone to a fourth security zone, via a third secure data layer. The device may store the secure analytics message in a data structure associated with the fourth security zone.

Aspects of the disclosure describe methods and systems for detecting malicious entities using weak passwords for unauthorized access. In one exemplary aspect, a method may comprise intercepting, using a WAF, a password input during a login attempt to a web application by an entity. In response to determining that the password is in a database of weak passwords, the method may comprise generating for display, using the WAF, a web page prompting for a password reset for the web application, storing, in a database, an IP address of the entity and information about the login attempt, retrieving information about a first plurality of login attempts made by the entity in the web application for different user profiles. In response to determining that at least a first threshold number of login attempts have been performed by the entity, the method may comprise storing the IP address in a black list.

A communication security apparatus includes a communicator that receives a packet from a first device and transmits the received packet to a second device, a memory that retains address authentication information containing pairs of a physical address and a logical address of one or more devices, and a controller. After a learning period of receiving and transmitting packets, the controller determines whether a pair of a physical address and a logical address of the first device and the second device match any one of the pairs of the physical address and the logical address of the one or more devices in the packet, and discards the packet when the pair of the physical address and the logical address of the first device and the second device do not match any one of the pairs of the physical address and the logical address of the one or more devices.

A cyber defense system using models that are trained on a normal behavior of email activity and user activity associated with an email system. A cyber-threat module may reference the models that are trained on the normal behavior of email activity and user activity. A determination is made of a threat risk parameter that factors in the likelihood that a chain of one or more unusual behaviors of the email activity and user activity under analysis fall outside of a derived normal benign behavior. An autonomous response module can be used, rather than a human taking an action, to cause one or more autonomous rapid actions to be taken to contain the cyber-threat when the threat risk parameter from the cyber-threat module is equal to or above an actionable threshold.

A wireless conferencing system for wirelessly connecting a computerized device with a display device includes at least a data transmitter. The data transmitter includes a transmitter self-powered unit, a data transmission module electrically powered by the transmitter self-powered unit, and a computer interface communicatively lined to the data transmission module, wherein when the computer interface is configured for detachably connecting to the computerized device, the data transmission module is powered and ready for wirelessly transmitting data from the computerized device to the display device without consuming power of the computerized device.

A method of identifying network devices includes transforming a first data set of feature-rich device characteristics of devices with known device identities to a second data set comprising feature-poor device characteristics with the known device identities. A third data set of feature-poor device characteristics of devices with known identities is collected. A statistical model is derived comprising one or more adjustments to the transformed data set, the statistical model reflecting a difference in statistical distribution between one or more characteristics of the second data set of transformed device characteristics and one or more corresponding and/or related characteristics of the third data set of feature-poor device characteristics. A device identification module is trained based on the second data set of feature-poor characteristics and the statistical model adjustments, the trained device identification module operable to use feature-poor device characteristics to identify network devices.