A computerized system and method to detect phishing cyber-attacks is described. The approach entails analyzing one or more displayable images of a webpage referenced by a URL to ascertain whether the one or more displayable images, and thus the webpage and potentially an email including the URL, are part of a phishing cyber-attack.

A cybersecurity appliance monitoring application traffic to a web application programming interface (API) dynamically updates tree structures for the web API using the application traffic. An API tree generator generates batches of API trees from paths indicated in the application traffic. An API tree merger/pruner updates the generated batches of API trees with various merging, pruning, compacting, and malicious detection operations on the generated batches of API trees. The cybersecurity appliance implements the updated API trees with an API agent that filters the application traffic prior to processing by the web API.

A technique and system protects documents at rest and in motion using declarative policies and encryption. Encryption in the system is provided transparently and can work in conjunction with policy enforcers installed at a system. A system can protect information or documents from: (i) insider theft; (ii) ensure confidentiality; and (iii) prevent data loss, while enabling collaboration both inside and outside of a company.

A cloud-based traffic classification engine maintains a catalog of application-based traffic classes which have been developed based on known applications, and a local traffic classification engine maintains a subset of these classes. Network traffic intercepted by the firewall which cannot be classified by the local engine is forwarded to the cloud-based engine for classification. Upon determination of a class of the traffic, the cloud-based engine forwards the determined class and corresponding signature to the local engine. The firewall maintains a cache which is updated with the signatures corresponding to the class communicated by the cloud-based engine. Subsequent network traffic sent from the application can be determined to correspond to the application and classified according locally at the firewall based on the cached signatures. Localization of the cache to the firewall reduces latency of traffic classification operations as the catalog of classification information stored in the cloud scales.

A security surveillance system for a mobile device with a wireless interface and a control unit that is connected to the wireless interface comprises a security controller that is coupled to the wireless interface and that inspects at least data traffic incoming via the wireless interface at the mobile device according to a number, i.e. one or more, of predefined data rules, wherein the security controller generates a warning signal if the data traffic violates one of the predefined data rules, and a warning indicator that is coupled to the security controller and that generates a warning indication based on the warning signal.

Systems and methods are disclosed for determining if an account identifier is computer-generated. One method includes receiving the account identifier, dividing the account identifier into a plurality of fragments, and determining one or more features of at least one of the fragments. The method further includes determining the commonness of at least one of the fragments, and determining if the account identifier is computer-generated based on the features of at least one of the fragments, and the commonness of at least one of the fragments.

A computer-implemented method for protecting a processing environment from malicious incoming network traffic may be provided. The method comprises: in response to receiving incoming network traffic comprising a data packet, performing a packet and traffic analysis of the data packet to determine whether said data packet is non-malicious and malicious, and processing of the data packet in a sandbox environment. Furthermore, the method comprises: in response to detecting that the data packet is non-malicious based on the packet and traffic analysis, releasing the processed data packet from the sandbox environment for further processing in the processing environment, and in response to detecting that the data packet is malicious based on the packet and traffic analysis discarding the data packet.

Systems and methods are described for the generation of domain names that may be associated with a particular user device and may be encrypted to obfuscate the domain names of content requested by the user device.

A network device may receive, from an application on a user device, a first network packet associated with a packet flow. The network device may identify an application identifier of the first network packet, wherein the application identifier identifies the application on the user device. The network device may select, based on the application identifier, a security protocol, wherein the security protocol is associated with at least one of an authentication header (AH) or an encryption algorithm. The network device may selectively apply, to a second network packet associated with the packet flow, at least one of the AH or the encryption algorithm, associated with the security protocol, to generate a protected network packet. The network device may transmit the protected network packet.

Techniques for detecting instances of external fraud by monitoring digital activities that are performed with accounts associated with an enterprise are disclosed. In one example, a threat detection platform determines the likelihood that an incoming email is indicative of external fraud based on the context and content of the incoming email. To understand the risk posed by an incoming email, the threat detection platform may seek to determine not only whether the sender normally communicates with the recipient, but also whether the topic is one normally discussed by the sender and recipient. In this way, the threat detection platform can establish whether the incoming email deviates from past emails exchanged between the sender and recipient.