Systems and methods can enable select virtual session capabilities on a user device configured to access a virtual session, which is an instance of a virtual machine. The user device can receive and forward to a gateway sever, a request to launch a virtual session. Based on the virtual session launch request, the gateway server can obtain a compliance profile determined from operational data. The gateway can permit user device access a virtual session hosted on a virtual machine (“VM”) server. The VM server can use the compliance profile and security data from the user device to determine a risk profile of the user device. The virtual session can be configured at the VM server based on the risk profile so as to allow access to a subset of available applications and functions within the applications for the virtual session.

Systems, methods and computer-readable storage media are utilized to analyze multi-channel data based on a security model in a computer network environment. A computing system is communicatively coupled to a plurality of data channels configured to access entity data via at least one data channel communication network. A plurality of data sources configured to store entity data are associated with the respective data channels. A processing circuit is communicatively coupled to a particular data channel via a data channel communication network and is structured to receive, via the data channel, entity data comprising device connectivity data, parse properties from the device connectivity data where the properties correspond to particular security dimensions, identify vulnerabilities associated with the properties, determine vulnerability impact, and generate a multi-dimensional risk score for a target computer network environment associated with the entity.

A proxy server receives from a client device a request for a network resource that is hosted at an origin server for a domain. The request is received at the proxy server as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains that resolve to the proxy server and are owned by different entities. The proxy server retrieves the requested network resource. The proxy server determines that the requested resource is an HTML page. The proxy server scans the HTML page to locate one or more modification tokens that each indicates content that is subject to being modified. For at least one of the located modification tokens, the proxy server automatically modifies at least a portion of the content of the HTML page that corresponds to that modification token. The proxy server then transmits the modified HTML page to the client device.

Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a method for performing content scanning of content objects is provided. A content object that is to be scanned is stored by a general purpose processor to a system memory of the general purpose processor. Content scanning parameters associated with the content object are set up by the general purpose processor. Instructions from a signature memory of a co-processor that is coupled to the general purpose processor are read by the co-processor based on the content scanning parameters. The instructions contain op-codes of a first instruction type and op-codes of a second instruction type. Those of the instructions containing op-codes of the first instruction type are assigned by the co-processor to a first instruction pipe of multiple instruction pipes of the co-processor for execution. An instruction of the assigned instructions containing op-codes of the first instruction type is executed by the first instruction pipe including accessing a portion of the content object from the system memory.

A proxy server in a cloud-based proxy service receives a message that indicates that a domain, whose traffic passes through the proxy server, may be under a denial-of-service (DoS) attack. The proxy server enables a rule for the domain that specifies that future requests for resources at that domain are subject to at least initially passing a set of one or more challenges. In response to receiving a request for a resource of that domain from a visitor, the proxy server presents the set of challenges that, if not passed, are an indication that that the visitor is part of the DoS attack. If the set of challenges are passed, the request may be processed. If the set of challenges are not passed, the request may be dropped.

Management of IoT devices through a private cloud. An IoT device is coupled to a gateway. A request from the IoT device to connect to a private cloud, wherein the private cloud is used to manage IoT devices, is received at a private cloud control center agent. An identification of the IoT device is determined. The IoT device is onboarded, using the identification, for management through the private cloud. A device profile of the IoT device is generated. The flow of data to and from the IoT device is regulated through application of IoT rules of an IoT firewall according to the device profile of the IoT device.

An anti-malware device 50 includes: a risk information storage unit 51 in which risk information 510 is stored, in which there are associated a value indicating an attribution of an information processing device 60 for executing software 600, a value indicating an attribution of the software 600, and a value that indicates the degree of risk when the software 600 is executed; a subject attribution collection unit 53 for collecting the value indicating the attribution of the information processing device 60; an object attribution collection unit 54 for collecting the value indicating the attribution of the software 600; and a determination unit 55 for determining that the software 600 is malware when the value indicating the degree of risk obtained by comparing the risk information 510 and the values collected by the subject attribution collection unit 53 and object attribution collection unit 54 satisfies a criterion.

Examples relate to collaborative investigation of security indicators. The examples disclosed herein enable presenting, via a user interface, community-based threat information associated with a security indicator to a user. The community-based threat information may comprise investigation results that are obtained from a community of users for the security indicator, and an indicator score that is determined based on the investigation results. The examples further enable obtaining an investigation result from the user and updating the indicator score based on the investigation result.

In general, in one aspect, a method includes receiving software code with an invalid characteristic, repeatedly attempting to execute the software code with the invalid characteristic on a device, and in response to successful execution of the software code with the invalid characteristic, taking an action. The action may include an action to remediate the device.

Disclosed herein are a dynamic security module server device for transmitting a dynamic security module to a user terminal and receiving a security management event from the user terminal, and a method of operating the dynamic security module server device. The dynamic security module server device includes a communication unit configured to transmit and receive a security management event over a network, and a processor configured to control the communication unit. The processor is configured to create a security session with the security client of a user terminal, and to transmit a dynamic security module to the security client of the user terminal so that part or all of code performing security management in the security client of the user terminal in which the security session has been created has a predetermined valid period.