Each instance environment of a plurality of computing instance environments is associated with its corresponding set of users belonging to one or more user groups, its corresponding processes, and its corresponding data access privileges. For at least one of the computing instance environments, database tables accessible by the corresponding computing instance environment are analyzed to determine whether each of the database tables includes data belonging to one or more sensitive data categories. Based at least in part on a result of the analysis determining whether each of the database tables includes data belonging to the one or more sensitive data categories, a data risk metric is determined for the corresponding computing instance environment.

Data processing systems and methods, according to various embodiments, are adapted for determining an applicable privacy policy based on various criteria associated with a user and the associated product or service. User and product criteria may be obtained automatically and/or based on user input and analyzed by a privacy policy rules engine to determine the applicable policy. Text from the applicable policy can then be presented to the user. A default policy can be used when no particular applicable policy can be identified using by the rules engine. Policies may be ranked or prioritized so that a policy can be selected in the event the rules engine identifies two, conflicting policies based on the criteria.

A network monitoring, reporting and risk mitigation system collects events at a computing device within the local network to provide improved network security. The events are aggregated into alerts, which may be processed according to triggering definitions in order to create ARO (action, recommendations and observations) reports providing required or recommended actions to take or observations to a network administrator. The ARO reports may be processed by a remote server in order to generate contextual feedback for updating the triggering definitions.

According to aspects of the present disclosure, there is provided methods and devices for verifying integrity of a remote device, including a method comprising generating a first nonce value, transmitting the first nonce value, receiving a message from the remote device, the message comprising measurements of a configuration of the remote device and a cryptographic signature based on a private key of a public-private key pair of the remote device and a second nonce value, determining that the second nonce value was generated based on the first nonce value, and verifying the cryptographic signature based on the second nonce value and a public key of the public-private key pair of the remote device.

One disclosed method involves determining, by at least one computing system and based at least in part on input provided to a meeting application, at least a first topic of interest for a first user accessing the meeting application via a first client device, in response to determining the first topic of interest, querying, by the at least one computing system, at least one data source, external to the meeting application, for information corresponding to the first topic of interest, and causing, by the at least one computing system, the first client device to display a representation of the information.

Disclosed herein are systems and method for preventing zero-day attacks. A method may include receiving a first report including information about an execution of a first script of an application that modifies a file on a first computing device, and receiving a second report including an indication that the file includes malicious code. In response to determining that an identifier of the file is present in both the first report and the second report, the method may include generating and transmitting, to the first computing device, a first rule that prevents execution of any script that shares at least one operation of the first script. The method may include, in response to determining that a vulnerability detected by the first rule is not present in a vulnerability database, generating an entry in the vulnerability database for the vulnerability as a zero-day vulnerability and transmitting an alert to the application developer.

Provided are a cyber threat information processing apparatus, a method thereof, and a storage medium storing a cyber threat information processing program. It is possible to provide a cybersecurity threat information processing method including disassembling an input executable file to obtain disassembled code, and reconstructing the disassembled code to obtain reconstructed disassembled code, into a hash function, and converting the hash function into N-gram data (N being a natural number), and performing ensemble machine learning on block-unit code of the converted N-gram data to profile the block-unit code by an identifier of an attack technique performed by the block-unit code and an identifier of an attacker generating the block-unit code. It is possible to detect and address a variant of malware, and identify malware, an attack technique, an attacker, and an attack prediction method within a significantly short time even for a variant of malware.

Methods, systems, devices, and tangible non-transitory computer readable media for resource provisioning based on risk scores. The disclosed technology can include accessing resource request data including information associated with a request for a resource from an entity associated with an organization. Organizational data associated with the entity can be accessed. The organizational data can include information associated with risk factors and previous resource allocations of the entity. Based on performance of risk evaluation operations on the organizational data, a risk score associated with provisioning the resource to the entity can be determined. A resource provisioning amount can be determined based on the risk score. The resource provisioning amount can include an amount of the resource authorized to be provisioned to the entity. Furthermore, output including indications associated with the resource provisioning amount can be generated.

Aspects of the disclosure relate to a relay-switch device that includes at least one sandbox to detect, isolate, and remove any discovered malware or cyber threat. In an embodiment, data is received, saved, and inspected in the at least one sandbox of the relay-switch device. A control layer manages network connectivity so that only home organization network connections or external party network connections are connected at given moment in time.

An apparatus includes a memory and a hardware processor. The memory stores a plurality of logging rules. Each logging rule assigned to a tier of a multi-tier platform. The processor receives source code for an application configured to execute on a plurality of tiers of the multi-tier platform and detects, within the source code, an entry point and an exit point for a tier of the plurality of tiers. The processor determines, based on the plurality of logging rules, a first attribute that is to be logged during execution in the tier and a second attribute that is not to be logged during execution in the tier and inserts, between the entry point and the exit point in the source code, logging code that, when executed, logs the first attribute and hides the second attribute.