According to examples, a system for automatically optimizing thresholds of content processing models that select content for presentation to users may include a processor and a memory storing instructions. The processor, when executing the instructions, may cause the system to select a subset of the content processing models for a content policy grouping. The subset of content processing models comprises models selected from a plurality of content processing models based on content rejection rates and models that are selected based on corresponding model probabilities. The system may further obtain an optimized threshold for each model of the subset of content processing models based on an iterative global optimization technique. The system may thereby facilitate automatic selection or rejection of the content pieces for presentation to users on an online system based on the policies associated with corresponding content policy grouping by employing the subset of content processing models with the optimized thresholds.

The present disclosure describes techniques that facilitate a Secure Data Processing (SDP) Network that is configured isolating sensitive data from exposure to a client workstation and a connected web server and application server. Specifically, a secure communications server of the SDP network is described that can interact with a secure input device or a secure plug-in component at the client workstation to receive a set of data associated with the sensitive data. The set of data may correspond to devalued data received via a secure input device or the set of data may be received as sensitive data via a hosted webpage invoked by the secure communications server. The secure communications server may establish a secure communications path with a tokenization server for receipt of a token that represents the sensitive data. The token may then be used by at least the application server to initiate the transaction.

A computer network includes user endpoint devices geographically distributed relative to one another such that at least one of the endpoint devices is subject to a different set of data protection or privacy restrictions than other endpoint devices and data processing facilities coupled to the user endpoint devices over a network. The data processing facilities are in different geographical regions or sovereignties. A computer-based endpoint agent is in each of the endpoint devices. Each endpoint agent is configured to collect telemetry data relating to user activity at its associated endpoint device and transmit the collected telemetry data to a selected one of the data processing facilities, according to an applicable realm definition, in compliance with the data protection or privacy restrictions that apply to the agent's endpoint device.

Application-initiated network traffic is intercepted and analyzed by an application firewall in order to identify streams of traffic for a target application. An application signature generator preprocesses the raw data packets from the intercepted network traffic by tokenizing the data packets and then weighting each token according to its importance for application identification. The weighted features for each data packet are clustered using an unsupervised learning model, and the resulting clusters are iteratively refined and re-clustered using a proximity score between the clusters and feature vectors for key tokens for the target application. The application signature generator generates a signature for the clusters corresponding to the target application which the application firewall implements for filtering network traffic.

An inspection device supports work related to ensuring security by including: a conversion unit that converts a regular expression of a first signature into a first representation by a nondeterministic finite automaton and converts a regular expression of a second signature into a second representation by a nondeterministic finite automaton; a determination unit that determines the presence or absence of an inclusive relationship between the first representation and the second representation; and an output unit that when a result of determination by the determination unit indicates that the first representation and the second representation have an inclusive relationship, outputs information indicating that the first signature and the second signature have the inclusive relationship.

Systems, methods, and computer program products for organizing messages received through different channels and from multiple sources. In response to receiving a message at a user system from a first communication channel, the user is prompted to identify a bucket to which the message should be added. In response to receiving input identifying the bucket, the message is stored and indexed to the identified bucket. Messages are thereby organized so that messages pertaining to the same matter are indexed to the same bucket. In cases where a query is received from a message application requesting instructions for processing the message, the user system transmits a reply to the message application instructing the message application to forward the message to a network address where the message is received from a second communication channel different than the first communication channel.

The technology disclosed describes a system. The system comprises an edge network of a plurality of points of presence of a network security system. Points of presence in the plurality of points of presence are configured to intermediate traffic between clients and cloud applications and to use metadata to apply policies on the intermediated traffic. There are redundancies in metadata synchronization between the points of presence due to metadata migration to a second point of presence from a first point of presence handing off intermediation to the second point of presence within an application session. Each of the points of presence is configured with inline metadata generation logic. The inline metadata generation logic is configured to issue synthetic requests to provide the metadata to the second point of presence without requiring the metadata migration to the second point of presence.

An agent device transmits certain data, which is used for generating display data, of data relating to a plurality of pieces of operation data collected from an instrument to a computation server device. A service broker device relays certain data transmitted from the agent device to the server device. The server device generates display data on the basis of certain data relayed by the service broker device.

A system and method is provided for detecting a suspicious process in an operating system environment. In an exemplary aspect, a method comprises generating, by a hardware processor, a file honeypot in a directory in a file system and receiving a directory enumeration request from a process executing in the operating system environment. The method comprises determining whether the process is identified in a list of trusted processes and in response to determining that the process is not in the list of trusted processes, providing, to the process by the file system, a file list including the file honeypot responsive to the directory enumeration request. The method further comprises intercepting, by a file system filter driver, a file modification request for the file honeypot from the process, and identifying the process as a suspicious object responsive to intercepting the file modification request from the process.

A method and system for mitigating a threat associated with network data packets are provided. The method commences with receiving, by an authentication server, a request for access to a server from a client. The method further includes authenticating the client by the authentication server. The authentication includes providing an authentication token to the client. The method continues with receiving, by a mitigation device, from the client, at least one network packet directed to the server. The at least one network packet embeds the authentication token. The method further includes validating, by the mitigation device, authenticity of the authentication token and selectively forwarding, based on the validation, the at least one network packet to the server. The authentication token is independently generated by the authentication server, the mitigation device, and the server using a shared token generation algorithm based on a hash salt value.