Abstract: A scalable, malware detection system features at least one sensor and a cluster including at least one computing node. The computing node includes an analysis coordination system and an object analysis system. The analysis coordination system, when activated as a broker computing node, (i) receives metadata from a sensor, (ii) analyzes the metadata, and (iii) places at least a portion of the metadata into a data store for subsequent use in retrieval of the suspicious object by the object analysis system from the sensor. The object analysis system is configured to (i) retrieve the portion of the metadata, which includes at least a sensor identifier, from the data store, (ii) retrieve the suspicious object from the sensor using at least part of the portion of the metadata retrieved from the data store, and (iii) analyze the suspicious object for malware.

Abstract: Various techniques are described to authenticate the identity of a proxy in a client-proxy-server configuration. The configuration may have a client-side and a server-side SSL session. In the server-side session, if the proxy has access to the private keys of the client, the proxy may select a client certificate from a collection of client certificates and send the selected certificate to the server to satisfy a client authentication request of the server. If the proxy does not have access to the private keys, the proxy may instead send an emulated client certificate to the server. Further, the client certificate received from the client may be embedded within the emulated client certificate so as to allow the server to directly authenticate the client, in addition to the proxy. An emulated client certificate chain may be formed instead of an emulated client certificate. Similar techniques may be applied to the client-side session.

Abstract: Various techniques are described to authenticate the identity of a proxy in a client-proxy-server configuration. The configuration may have a client-side and a server-side SSL session. In the server-side session, if the proxy has access to the private keys of the client, the proxy may select a client certificate from a collection of client certificates and send the selected certificate to the server to satisfy a client authentication request of the server. If the proxy does not have access to the private keys, the proxy may instead send an emulated client certificate to the server. Further, the client certificate received from the client may be embedded within the emulated client certificate so as to allow the server to directly authenticate the client, in addition to the proxy. An emulated client certificate chain may be formed instead of an emulated client certificate. Similar techniques may be applied to the client-side session.