Abstract: A particular security event is identified that has been detected as targeting a particular computing device included in a particular computing system. A particular grouping of assets in a plurality of asset groupings within the particular computing system is identified as including the particular computing device. A source of the particular security event is also identified and at least one of a geographic location and a grouping of assets in the plurality of asset groupings is associated with the identified source. Data is generated that is adapted to cause a presentation of a graphical representation of the particular security event on a display device, the graphical representation including a first graphical element representing the particular computing device as included in the particular grouping of assets and a second graphical element representing the source associated with the at least one of a geographic location and a grouping of assets.

Abstract: A computing system security dashboard is provided for presentation on a computer display device, the dashboard including a plurality of security view panes. Each security view pane, when expanded, presents a respective visualization of security conditions of a particular computing system. When the particular security view pane is collapsed it can hide at least a portion of particular visualizations of security conditions presented using the particular security view pane when expanded. The particular security view pane occupies a smaller area of the dashboard when collapsed than when expanded. A particular visual indicator is presented on the particular security view, at least when collapsed, summarizing at least a portion of the particular security conditions identified in the particular visualizations. A user interaction with the particular collapsed security view pane can prompt the particular security view pane to be expanded in area and present the particular visualizations.

Abstract: A first user computing device is identified as being collocated with a second user computing device and an invitation is sent over a wireless communication channel for delivery to the first user computing device. The invitation invites the first user computing device to join a collaborative search session with the second user computing device. A first one of a plurality of search contexts is selected for use by the second user computing device within the collaborative search session. The first user computing device uses a second, different one of the plurality of search contexts during the collaborative search session, and presentations of search results within the collaborative search session are organized according to the first search context on the second user computing device and organized according to the second search context on the first user computing device.

Abstract: A particular security event is identified that has been detected as targeting a particular computing device included in a particular computing system. A particular grouping of assets in a plurality of asset groupings within the particular computing system is identified as including the particular computing device. A source of the particular security event is also identified and at least one of a geographic location and a grouping of assets in the plurality of asset groupings is associated with the identified source. Data is generated that is adapted to cause a presentation of a graphical representation of the particular security event on a display device, the graphical representation including a first graphical element representing the particular computing device as included in the particular grouping of assets and a second graphical element representing the source associated with the at least one of a geographic location and a grouping of assets.

Abstract: A plurality of security events is detected in a computing system, each security event based on at least one policy in a plurality of security policies. Respective interactive graphical representations are presented in a graphical user interface (GUI) of either or both of the security events or security policies. The representations include interactive graphical elements representing the respective security events or security policies. User selection of a particular event element via the interactive GUI causes a subset of the security policies to be identified, each security policy in the subset serving as a basis for at least one particular security event represented by the particular event element. User selection of a particular policy element via the interactive GUI causes a subset of the security policies to be identified, each security event in the subset based at least in part on a particular security policy represented by the particular policy element.

Abstract: A first user computing device is identified as being collocated with a second user computing device and an invitation is sent over a wireless communication channel for delivery to the first user computing device. The invitation invites the first user computing device to join a collaborative search session with the second user computing device. A first one of a plurality of search contexts is selected for use by the second user computing device within the collaborative search session. The first user computing device uses a second, different one of the plurality of search contexts during the collaborative search session, and presentations of search results within the collaborative search session are organized according to the first search context on the second user computing device and organized according to the second search context on the first user computing device.

Abstract: A source of the particular security event is identified that is associated with at least one second computing device, at least one of a geographic location, and a grouping of assets included in the plurality of asset groupings. A graphical representation of the particular security event is presented on a display device that includes: a first graphical element representing the particular grouping of network assets in which the particular computing device is included, and a second graphical element representing the source associated with one of a geographic location and a particular grouping of assets. Graphic elements representing an association with a respective graphical location are to be presented in conjunction with a view of a geographic map and graphic elements representing an association with a respective grouping of assets are presented outside the view of the geographic map.

Abstract: A first computing device running a particular program is used to identify a second computing device also running the particular program and substantially co-located with the first computing device in a particular physical location. The first computing device and the second computing device are joined in a use session of the particular program. It is determined that the first computing device displays a first user interface of the particular program at a first instance, the first user interface showing a first context in a plurality of contexts. The second computing device displays a second user interface of the particular program at the first instance based at least in part on the first user interface showing the first context, the second user interface showing a second context in the plurality of contexts.

Abstract: A first user computing device is identified as being collocated with a second user computing device and an invitation is sent over a wireless communication channel for delivery to the first user computing device. The invitation invites the first user computing device to join a collaborative search session with the second user computing device. A first one of a plurality of search contexts is selected for use by the second user computing device within the collaborative search session. The first user computing device uses a second, different one of the plurality of search contexts during the collaborative search session, and presentations of search results within the collaborative search session are organized according to the first search context on the second user computing device and organized according to the second search context on the first user computing device.

Abstract: A source of the particular security event is identified that is associated with at least one second computing device, at least one of a geographic location, and a grouping of assets included in the plurality of asset groupings. A graphical representation of the particular security event is presented on a display device that includes: a first graphical element representing the particular grouping of network assets in which the particular computing device is included, and a second graphical element representing the source associated with one of a geographic location and a particular grouping of assets. Graphic elements representing an association with a respective graphical location are to be presented in conjunction with a view of a geographic map and graphic elements representing an association with a respective grouping of assets are presented outside the view of the geographic map.

Abstract: A plurality of security events is detected in a computing system, each security event based on at least one policy in a plurality of security policies. Respective interactive graphical representations are presented in a graphical user interface (GUI) of either or both of the security events or security policies. The representations include interactive graphical elements representing the respective security events or security policies. User selection of a particular event element via the interactive GUI causes a subset of the security policies to be identified, each security policy in the subset serving as a basis for at least one particular security event represented by the particular event element. User selection of a particular policy element via the interactive GUI causes a subset of the security policies to be identified, each security event in the subset based at least in part on a particular security policy represented by the particular policy element.

Abstract: A first user computing device is identified as being collocated with a second user computing device and an invitation is sent over a wireless communication channel for delivery to the first user computing device. The invitation invites the first user computing device to join a collaborative search session with the second user computing device. A first one of a plurality of search contexts is selected for use by the second user computing device within the collaborative search session. The first user computing device uses a second, different one of the plurality of search contexts during the collaborative search session, and presentations of search results within the collaborative search session are organized according to the first search context on the second user computing device and organized according to the second search context on the first user computing device.

Abstract: A particular security event is identified that has been detected as targeting a particular computing device included in a particular computing system. A particular grouping of assets in a plurality of asset groupings within the particular computing system is identified as including the particular computing device. A source of the particular security event is also identified and at least one of a geographic location and a grouping of assets in the plurality of asset groupings is associated with the identified source. Data is generated that is adapted to cause a presentation of a graphical representation of the particular security event on a display device, the graphical representation including a first graphical element representing the particular computing device as included in the particular grouping of assets and a second graphical element representing the source associated with the at least one of a geographic location and a grouping of assets.

Abstract: A collaborative search session is provided hosted by one or more computing devices. First query data is received from a first computing device in a collaborative search session. Further, second query data is received from a second computing device in the collaborative search session. A corpus of resources can be caused to be searched based at least in part on the first and second query data to identify a particular search result set for the collaborative search session. At least a portion of the particular search result set can be caused to be presented on each of the first and second computing devices participating in the collaborative search session.

Abstract: A plurality of security events is detected in a computing system, each security event based on at least one policy in a plurality of security policies. Respective interactive graphical representations are presented in a graphical user interface (GUI) of either or both of the security events or security policies. The representations include interactive graphical elements representing the respective security events or security policies. User selection of a particular event element via the interactive GUI causes a subset of the security policies to be identified, each security policy in the subset serving as a basis for at least one particular security event represented by the particular event element. User selection of a particular policy element via the interactive GUI causes a subset of the security policies to be identified, each security event in the subset based at least in part on a particular security policy represented by the particular policy element.

Abstract: User names and user groups serve as the basis of a formal policy in a network. A passive monitor examines network traffic in near real time and indicates: which network traffic is flowing on the network as before; which users or user groups were logged into workstations initiating this network traffic; and which of this traffic conforms to the formal policy definition. In one embodiment of the invention, users and user groups are determined by querying Microsoft® Active Directory and Microsoft® Windows servers, to determine who is logged onto the Microsoft® network. Other sources of identity information are also possible.