A system and method of providing an interactive development environment include providing a proxy server, adapted to interface at least one cloud-based platform and one or more client modules, operatively connected to the proxy server, where each client module is associated with a respective user development platform. At least one client module receives, from the respective user development platform, one or more interactive computing documents, commonly referred to as notebooks, each representing one or more scripting code elements, commonly referred to as cells. The proxy server scans the one or more cells, according to a set of predetermined scripting rules, and encapsulates one or more notebooks in one or more data containers, based on the scan. The proxy server may subsequently transmits the one or more data containers to the at least one cloud-based platform, to execute at least one cell of the one or more notebooks.

A hardware security module (HSM) client processes a request to store data in a set of HSMs. The HSM client determines a property of the data indicative of a sensitivity classification of the data. As a result of determining the data lacks a classification as sensitive, the HSM client transmits the data to a data store outside the set of HSMs and updates a database used by the HSM client to associate an identifier of the data with a reference to a location in the data store.

A method for scoring a cloud SaaS application to rate the level of cloud security provided by that application. The application URLs are crawled iteratively for data corresponding to a set of predetermined features using keyword strings. The features are determined to be those which are indicative of effective cloud security. The crawled data corresponding to features are stored in text files. The data are used for training and supervised machine learning algorithm to determine the probability score that a feature is present for that application. The feature scores are numerically combined to arrive at an overall cloud confidence index score (CCI) for that application. Every SaaS application is rated with a score between 1 and 100, depending on whether the selected features are present or not. The CCI score provides an easy way to determine the level of cloud security provided the application. It also provides a way to compare different SaaS applications as to their effectiveness in providing cloud security.

A system for detection of email risk automatically determines that a first party is considered by the system to be trusted by a second party, based on at least one of determining that the first party is on a whitelist and that the first party is in an address book associated with the second party. A message addressed to the second party from a third party is received. A risk determination of the message is performed by determining whether the message comprises a hyperlink and by determining whether a display name of the first party and a display name of third party are the same or that a domain name of the first party and a domain name of the third party are similar, wherein similarity is determined based on having a string distance below a first threshold or being conceptually similar based on a list of conceptually similar character strings. Responsive to determining that the message poses a risk, a security action is automatically performed comprising at least one of marking the message up with a warning, quarantining the message, performing a report generating action comprising including information about the message in a report accessible to an admin of the system, and replacing the hyperlink in the message with a proxy hyperlink.

A system and method of detecting an unauthorized access, phish attempt, or ransomware attempt based on limiting network transmission of data packets within an authorized device range. The method includes establishing a router hop limit value to predetermine an authorized device range for data packets to be exchanged between communicating pair devices and limiting transmission of data packets to within the predetermined authorized device range by discarding data packets after reaching the predetermined authorized device range as a function of the established hop limit value, to exclude devices beyond the predetermined authorized device range. Analyzer, Explorer, Setter, Modifier and Monitor Modules interoperate to suppress spurious communications from remote intruders.

Analyzing and reporting anomalous internet traffic data by accepting a request for a connection to a virtual security appliance, collecting attribute data about the connection, applying an alert module to the data, and automatically generating an alert concerning an identified incident. An alert system for analyzing and reporting the anomalous internet traffic data. A processor to analyze and report anomalous internet traffic data.

The process includes acquiring, from a relay device that relays a packet between a first communication device and a second communication device, a plurality of first delay times generated by a round trip of the packet between the first communication device and the relay device, and a plurality of second delay times generated by a round trip of the packet between the second communication device and the relay device, sorting separately the plurality of first delay times and the plurality of second delay times based on a length of a delay time, and calculating device delay times based on a first delay calculation that calculates a difference between each of the plurality of first delay times and each of the plurality of second delay times in a same rank after the sorting.

A communication system includes a mediation apparatus communicating with a device via a local network and an information processing apparatus communicating with the mediation apparatus through firewall. The information processing apparatus including a first control device. The mediation apparatus includes a second control device transmitting to the information processing apparatus through the firewall a first request for requesting transmission of a first command for the device, and a second request for requesting transmission of a second command for the mediation apparatus. In response to receiving the first command, the second controller transmits to the device via the local network a device command. In response to receiving the second command, the second controller performs a second-command dependent instruction. In response to receiving the first request and the second request, the first control device transmits respectively the first command and the second command to the mediation apparatus.

Disclosed herein are embodiments of systems and methods that dynamically reconfigure a multi-tiered system of network devices and software applications in response to an ongoing and/or anticipated cyber-attack. The dynamic reconfiguration of the network devices may consist of a wide range of processes, which may include generating new network addresses for individual network devices; reconfiguring the network devices by creating firewalls, changing protocols between the network devices in a multi-tier reconfiguration solution, changing the cloud infrastructure provider of the network devices, even when the underlying network infrastructure ecosystem differs across cloud service providers (CSPs); and maintaining a secure and updated data model of a record of reconfigured network devices and their dependencies to allow legitimate users of the network devices to understand reconfiguration actions that are hidden from malicious users such as hackers and cyber-attackers.

An embodiment of the present invention is directed to analyzing historical network capacity allocations, using machine learning to predict future capacity needs and automating network capacity management activities such as allocations and de-allocations.