A communication control method which performs route control in a communication system comprising: a specific network constituting the Internet; a first network configured to accommodate a specific device connected to the specific network; a second network provided between the specific network and the first network; and a processing device configured to perform predetermined processing on the basis of a packet transmitted between the specific network and the first network, the communication control method comprising: causing a path setting device in the communication system to execute a communication route-setting process comprised of, in accordance with first routing information defining a path leading from the first network to the specific network to be branched in the second network, controlling a path so that a first path of the branched path is set as a path via the processing device, and a second path of the branched path is set as a path leading to the specific network.

Techniques for providing data loss prevention, including data exfiltration prevention and crypto-ransomware prevention, are provided. In some embodiments, a slack-space file system is created by using a modified packing algorithm to increase and/or optimize an amount of slack space created by files stored in a standard file system. A program for accessing and indexing the slack-space file system may be stored, and requests by a user to store data on a storage medium of a computer system may cause the information to be stored in the slack-space file system, where it may be protected from destructive malware that operates solely on the standard file system. In some embodiments, sensitive information may be hidden by storing the information in an alternate data stream of a file and by replacing the information in the unnamed data stream of the file with non-sensitive information that may appear to be sensitive.

An author of a malicious websites campaign (scam or phishing) likely uses a legitimate third-party service to facilitate the malicious campaign. An example includes legitimate CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) services to conceal the malicious campaign from automated security scanners. A security service/platform can employ a detection pipeline that leverages use of CAPTCHA keys across websites of a malicious websites campaign. Websites that use CAPTCHA keys found in known malicious websites can at least be identified as suspect and communicated to firewalls.

Systems and methods may create and manage hybrid clouds including both standard compute nodes and edge devices. Edge devices can be enrolled in a hybrid cloud by deploying a lightweight container to the edge device.

A method and system for determining whether a consensus has been achieved for adding a block to a distributed ledger. The system receives a candidate block to add to the distributed ledger and receives block approvals of approving participants for the candidate block. The system calculates a total block approval stake that the approving participants have in the distributed ledger. The system identifies a total stake that participants have in the distributed ledger. When the total block approval stake is at least a threshold fraction of the total skate, the system indicates that the consensus has been achieved for adding the candidate block to the distributed ledger.

A method and apparatus of processing a user initiated request for information is disclosed. The method may provide receiving a user initiated request including a uniform resource locator (URL) submitted to a web browser application and receiving a response that the URL is an invalid URL that cannot be resolved to a corresponding webpage. The method may also include blocking a subsequent attempt to transmit the user initiated request as a browser modified search request that includes modifications to the user initiated request.

Methods and systems for assessing internet exposure of a cloud-based workload are disclosed. A method comprises accessing at least one cloud provider API to determine a plurality of entities capable of routing traffic in a virtual cloud environment associated with a target account containing the workload, querying the at least one cloud provider API to determine at least one networking configuration of the entities, building a graph connecting the plurality of entities based on the networking configuration, accessing a data structure identifying services publicly accessible via the Internet and capable of serving as an internet proxy; integrating the identified services into the graph; traversing the graph to identify at least one source originating via the Internet and reaching the workload, and outputting a risk notification associated with the workload. Systems and computer-readable media implementing the above method are also disclosed.

A system, a method, and a computer program are provided for securely connecting a main network to one or more subnetworks in an enterprise network through a group of enterprise routers has all data traffic routed between the main network and the subnetwork through an encrypted virtual private network (VPN) tunnel. The data traffic is monitored for a cyberthreat indication in the enterprise network, and any cyberthreat indication is has the cyberthreat remediated by modifying a policy in a firewall or one of the group of enterprise routers to stop routing exchange or cease encryption or transmission of data between the main network and the one or more subnetworks. In part, a key server and each router and the group of enterprise routers is configured with an Internet Protocol address, a group security association value, and a group profile which are employed by the technological solution for secure enterprise connectivity.

Methods, apparatus, systems and articles of manufacture are disclosed for classification of unknown samples using agglomerative clustering. An apparatus includes an extractor to extract a feature from a sample source code, the feature including at least one of a register, a variable, or a library based on a threshold of occurrence in a corpus of samples, the corpus of samples including malware samples, a dendrogram generator to generate a dendrogram based on features extracted from the sample source code, the dendrogram representing a collection of samples clustered based on similarity among the samples, the samples including sample clusters belonging to known malware families, and an anchor point identifier to traverse the dendrogram to identify similarity of an unknown sample to the sample clusters based on a confidence score, and identify anchor point samples from the sample clusters identified as similar to the unknown sample, the anchor point samples to provide metadata for use in extrapolating information to classify the unknown sample.

A computer-implemented method includes: receiving system information data representing configurations of digital systems; receiving attack information data associated one or more of the digital systems; analyzing the received system information data and attack information data, to associated attack types; identifying, for each identified attack type, correlations and/or causalities between individual system constituents or combinations thereof in the digital systems associated with attacks; determining and assigning, based on the identified correlations and/or causalities, an attack vulnerability value, for each attack, respectively, to each of the systems and/or systems' constituents and/or combinations thereof; and retrievably storing attack vulnerability values associated with the systems, system constituents and/or combinations thereof.