238 results about "Distributed security" patented technology

The present disclosure provides systems and methods for mobile application security classification and enforcement. In particular, the present invention includes a method, a mobile device, and a distributed security system (e.g., a “cloud”) that is utilized to enforce security on mobile devices communicatively coupled to external networks (i.e., the Internet). Advantageously, the present invention is platform independent allowing it to operate with any current or emerging mobile device. Specifically, preventing malicious applications from running on an end user's mobile device is challenging with potentially millions of applications and billions of user devices; the only effective way to enforce application security is through the network that applications use to communicate.

An architecture is provided for a widely distributed security system (SDI-SCAM) that protects computers at individual client locations, but which constantly pools and analyzes information gathered from machines across a network in order to quickly detect patterns consistent with intrusion or attack, singular or coordinated. When a novel method of attack has been detected, the system distributes warnings and potential countermeasures to each individual machine on the network. Such a warning may potentially include a probability distribution of the likelihood of an intrusion or attack as well as the relative probabilistic likelihood that such potential intrusion possesses certain characteristics or typologies or even strategic objectives in order to best recommend and/or distribute to each machine the most befitting countermeasure(s) given all presently known particular data and associated predicted probabilistic information regarding the prospective intrusion or attack. If any systems are adversely affected, methods for repairing the damage are shared and redistributed throughout the network.

A security micro-appliance provides dynamic, reconfigurable threat protection. The micro-appliance may be deployed as a standalone system, or as a component in a distributed security system management from a central administrative location. In another aspect, a security appliance or micro-appliance employs RSS feeds and XML-based tests, alerts, and the like for monitoring and dynamic reconfiguration.

Improved approaches for communicating changes to security policies (or rules) in a distributed security system are disclosed. Depending on the status of an affected user in the system, the changes can be delivered to the user if the user is logged in the system or effectuated in a state message in a local server and the state message is delivered to the user next time the user is logged in the system. If a local server is not operative at the time that a change request is received for a user of the local server, the change request is redirected to another local server. The user is directed to the another local server to affect the change request. As a result, various changes are guaranteed to be delivered to the affected users without compromising the network efficiency.

Systems and methods to manage multiple vulnerability scanners distributed across one or more networks using a distributed security management system, herein called a Lightning Console. By distributing multiple scanners across a network, the work load of each scanner may be reduced to significantly reduce the impact on the network routing and switching infrastructure. In addition, scanners may be placed directly behind firewalls for more thorough scanning. Further, scanners may be placed closer to their scanned networks. By placing vulnerability scanners closer, the actual scanning traffic does not cross the core network switch and routing fabric, thereby avoiding potential network outages due to scanning activity. In addition, the closer distance of the scanners to the scanned targets speeds scan times by reducing the distance that the packets must traverse.

PCT No. PCT/EP95/04823 Sec. 371 Date Aug. 8, 1997 Sec. 102(e) Date Aug. 8, 1997 PCT Filed Dec. 8, 1995 PCT Pub. No. WO97/22071 PCT Pub. Date Jun. 19, 1997In a method for distributing securities of portfolio items among a plurality of internal portfolios, each portfolio item has a determined number of securities distributed over each internal portfolio according to a determined consolidation ratio (CRCi,,j-1) attributed to each internal portfolio. A total value (PVj-1) of the portfolio items is determined and a transaction assigned to one portfolio item within one internal portfolio is received, having a transaction value (NCAi). A further consolidation ratio (CRCi,j) is determined for each internal portfolio based on the consolidation ratio (CRCi,j-1), total cash assets (PVj-i), and the transaction value (NCAi). In a further step, a transfer of a determined number of securities is performed, for each portfolio item, from each internal portfolio to the one internal portfolio to which the transaction is assigned. Finally, the transaction is allotted to each of said internal portfolios according to the further consolidation ratio (CRCi,j). The result is that the portfolios are cloned portfolios, i.e. internal portfolios being equivalent on a relative basis.

Improved approaches for effectuating changes to security policies in a distributed security system are disclosed. The changes to security policies are distributed to those users (e.g., user and/or computers) in the security system that are affected. The distribution of such changes to security policies can be deferred for those affected users that are not activated (e.g., logged-in or on-line) with the security system.

A distributed security system and method are disclosed that enable access to known threat events from threat intelligence feeds when the system includes public cloud components. A cloud-based security policy system stores observable events for security incidents detected by and sent from user devices within an enterprise network. The observable events include observable indicators for characterizing the observable events. The threat events within the feeds include threat indicators for characterizing the threat events. An on-premises connector within the enterprise network downloads the observable indicators from the security policy system and the threat indicators from the feeds. In response to determining that any observable indicators match any threat indicators, the on-premises connector provides access to the threat events and/or the observable events having the matching indicators. In one example, the on-premises connector generates opaque query strings for users on user devices to access the threat events/observable events having the matching indicators.

A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.

The invention discloses a distributed network security event associated analysis method based on a knowledge graph. The method specifically comprises the following steps of 1, building a network security knowledge graph comprising five dimensions such as the basic dimension, the loophole dimension, the threat dimension, the alarm event dimension and the attack rule dimension; 2, designing a security event implementation associated analysis algorithm based on the knowledge graph built in the step 1; and 3, building a real-time big data analysis platform, applying the associated analysis algorithm designed in the step 2 to the built big data platform, and thus achieving a distributed associated analysis system. According to the method provided by the invention, related technologies of current big data process are fully used for dealing with the large data volume, the associated analysis algorithm is parallelized, and the design of the distributed associated analysis algorithm based on the knowledge graph is achieved.

The invention discloses a system and a method for managing security of a general network, and mainly overcomes the defects of poor openness and expansibility and weak functional completeness existing in the prior network security management system. The system mainly comprises peripheral equipment, a security agent terminal, a security management center and terminal management equipment, wherein the security management center applies security technology of network access control, intrusion detection, virus detection and vulnerability management to the security agent terminal through an interface component, a data base module and a user interface component; and under the unified management and control, all security technology is mutually complemented and matched to detect and control network behaviors, so that a distributed security protection system structure in which security strategies are under central management and the security detection is separately distributed is formed. The system and the method have the advantages of flexible configuration, easy expansion, good openness, support of the different level management, and suitability for the security management and protection of the computer network in governments, colleges and universities, and large- and medium-sized enterprises.

Enhanced multi-level cryptographic transformations that secure electronic files are disclosed. The secured electronic files contain not only secured data but also security information. The security information includes cryptographic structure information, access rules and secrets (e.g., keys). The cryptographic structure information explains the multi-level cryptographic transformations associated with securing or unsecuring the electronic files. The access rules and the secrets are used by the cryptographic transformations to secure the electronic files. Since the secured electronic files contain the cryptographic structure information, the particular cryptographic transformations (including their sequencing) can vary with each electronic file, if so desired. Typically, the secured electronic files are secured and managed by a file security system, such as a distributed security system.

A distributed security system wherein intelligent security agents (i.e., agent devices) share security incident information between themselves via a controller. An adaptive security decision making involving network worms (non-SMTP worms) and DoS floods attacks is also described; wherein the Worms and DoS flood digital signatures are generated to assist in intrusion prevention process.

Content Delivery Network (CDN) protection systems and methods, performed by a cloud node in a distributed security system include receiving traffic between one or more origin servers and the CDN; monitoring the traffic based on policy; detecting one or more of malware and data leakage in the traffic based on the policy; and blocking the traffic responsive to the detecting the one or more of the malware and the data leakage in the traffic, prior to the traffic entering the CDN.

A Distributed Security Information and Event Management System (DSIEMS) is a scalable, intelligent, security and fraud management platform that proactively collects information from a network's computer systems, applications, users, and external intelligence data feeds, and aggregates the information into a centralized repository where the information can then be analyzed and quickly acted upon when necessary. Further, according to one aspect, a DSIEMS analyzes aggregated information to discern patterns of potential attack, inappropriate data movement, and fraud from normal and legitimate network activity, account activity, user activity, and data access. According to one embodiment, aspects of the present disclosure are implemented in a distributed architecture. In particular, aspects of the present DSIEMS utilize an agent-based architecture in which intelligent software agents are deployed on each node (e.g., endpoint computing device) within the system.

The invention discloses a temperature rise strain monitoring and alarming and fault analysis method for a composite submarine cable. The method comprises the following steps of: performing real-time temperature stress sensing on the composite submarine cable by utilizing abundant single mode fibers in a submarine cable, and evaluating the safety state of the composite submarine cable according to a power supply harmonic test parameter to realize real-time monitoring of the composite submarine cable. According to the method disclosed by the invention, real-time distributive safety monitoring and alarming can be performed on the composite submarine cable, and the safety sate of the composite submarine cable is judged according to the monitored power grid quality parameter, communication optical fiber excited brillouin reflection frequency offset and calibration data; and the fault analysis is performed on the composite submarine cable having a fault to find out the main reason of the fault.

A security server distributes security polices to the client computers. Each security policy includes an identifier identifying the process to which the policy pertains, and security rules for use with that process. The identifier includes a version hash and a code hash. The version hash of a process is likely to remain unchanged if the process is modified by a legitimate agent, such as by a software update. The code hash of a process is likely to change if the process is modified by a malicious agent. When a process executing on the client computer requests access to a resource, the client computer generates a version hash of the process and uses it to identify the security policy pertaining to the process. If the version hash matches a version hash in a security policy, but the code hash does not match, the client computer declares the process potentially malicious.