Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; and an anomaly detection engine including instructions encoded within the memory to instruct the processor to: periodically collect telemetry for a performance parameter; compute and maintain a local trend line for the performance parameter; receive from a cloud service a global trend line for the performance parameter for a class of devices including the computing apparatus; and perform anomaly detection including analyzing the local trend line and the global trend line to detect an anomaly.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; and an anomaly detection engine including instructions encoded within the memory to instruct the processor to: periodically collect telemetry for a performance parameter; compute and maintain a local trend line for the performance parameter; receive from a cloud service a global trend line for the performance parameter for a class of devices including the computing apparatus; and perform anomaly detection including analyzing the local trend line and the global trend line to detect an anomaly.

Abstract: There is disclosed a method of providing passive phishing remediation for an enterprise, including: displaying, to a user of a mobile device, an email; receiving from the user a one-click request to perform additional analysis of the email; providing the email to a phishing mitigation service; assigning the email a reputation score, generating a human-readable reputation display for the email, wherein the human-readable reputation display includes at least three grades comprising safe, unknown or unreliable, and unsafe or malicious; and providing the human-readable reputation display as a push notification to the mobile device.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; and an anomaly detection engine including instructions encoded within the memory to instruct the processor to: periodically collect telemetry for a performance parameter; compute and maintain a local trend line for the performance parameter; receive from a cloud service a global trend line for the performance parameter for a class of devices including the computing apparatus; and perform anomaly detection including analyzing the local trend line and the global trend line to detect an anomaly.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; a network interface; and a phishing mitigation engine including instructions encoded within the memory to: receive via the network request a validation request from a mobile computing device, the validation request including an e-mail payload; query a cloud phishing reputation service for a reputation, the query including information from the e-mail payload; receive from the cloud phishing reputation service reputation data for the e-mail payload; and provide a push notification to the mobile computing device, the push notification including a reputation notice for the e-mail payload.

Abstract: A method and system for protecting against unknown malicious activities by determining a reputation of a link are disclosed. A reputation server queries a database including reputation information associated with a plurality of links to retrieve a reputation of a redirected link. The reputation information may indicate whether the links are associated with a malicious activity. The reputation of the redirected link may be associated with the original link to create a reputation of the original link.

Abstract: Disclosed are systems and methods for preventing (or at least deterring) a user from inadvertently or directly consuming illegal content on the Internet. For example, determine when a user might visit a site distributing illegal content (i.e., material in violation of a copyright or otherwise inappropriately distributed) and presenting a warning to the user prior to navigating to the identified inappropriate distribution site. Optionally, alternative distribution sites (i.e., an authorized distribution site) for the same or similar material can be presented to the user. For example, a user might be likely to visit an inappropriate distribution site when sent a message containing a link or when search results from a search engine query identify a plurality of distributors for a requested movie, song, book, etc. By informing a user of illegal sources and possible alternatives, a user can obtain the desired electronic distribution without violating an author's intellectual property rights.

Abstract: A method and system for protecting against unknown malicious activities by determining a reputation of a link are disclosed. A reputation server queries a database including reputation information associated with a plurality of links to retrieve a reputation of a redirected link. The reputation information may indicate whether the links are associated with a malicious activity. The reputation of the redirected link may be associated with the original link to create a reputation of the original link.