Abstract: Described are systems and methods for storing a data object using a hierarchical erasure encoding to store a physical representation of the data object across a plurality of fault domains. A first erasure encoding is applied to the data object to generate a first set of shards of the data object. Individual shards of the set of shards may then be distributed across the fault domains for storage. Within the fault domains a second erasure encoding may be applied to the individual shards to generate a second set of shards. Finally, a manifest may be generate in order to reconstruct the data object from the first set of shards and the second set of shards.

Abstract: Systems and methods for injecting sensitive data into outgoing traffic on behalf of a user of a private network are provided. According to one embodiment, a network security appliance maintains a database of sensitive data. Secure submission of sensitive data of a user is facilitated by the security appliance in connection with interactions between a client and a server by: (i) intercepting outgoing traffic from the client to the server; (ii) determining whether the outgoing traffic matches a policy configured by an administrator of the private network that causes the sensitive data to be injected into the outgoing traffic by the network security device on behalf of the user; and (iii) when the determining is affirmative: (a) retrieving the sensitive data from the database; (b) modifying the outgoing traffic by injecting the sensitive data into the outgoing traffic; and (c) sending the modified outgoing traffic to the server.

Abstract: Systems and methods for retrospective scanning of network traffic logs for missed threats using updated scan engines are provided. According to an embodiment, a network security device maintains a network traffic log that includes information associated with network activities observed within a private network. Responsive to an event, the network traffic log is retrospectively scanned in an attempt to identify a threat that was missed by a previous signature-based scan or a previous reputation-based scan of the observed network activities. When the threat is identified as a result of the retrospective scan, then remedial and/or preventive action is taken with respect to the threat.

Abstract: In one embodiment, a method includes receiving, from a client device, a request to verify a client-side transaction record identifying a transaction involving a user of the client device. The method also includes verifying that the transaction identified in the client-side transaction record is also identified in a payment-network transaction record that is separate from the client-side transaction record. The method further includes, in response to verifying that the transaction identified in the client-side transaction record is also identified in the payment-network transaction record, publishing a verification of the transaction record. The method also includes sending, to the client device, a uniform resource identifier (URI) corresponding to a web location that includes the published verification of the transaction record.

Abstract: Systems and methods for injecting sensitive data into outgoing traffic on behalf of a user of a private network are provided. According to one embodiment, a network security appliance maintains a database of sensitive data. Secure submission of sensitive data of a user is facilitated by the security appliance in connection with interactions between a client and a server by: (i) intercepting outgoing traffic from the client to the server; (ii) determining whether the outgoing traffic matches a policy configured by an administrator of the private network that causes the sensitive data to be injected into the outgoing traffic by the network security device on behalf of the user; and (iii) when the determining is affirmative: (a) retrieving the sensitive data from the database; (b) modifying the outgoing traffic by injecting the sensitive data into the outgoing traffic; and (c) sending the modified outgoing traffic to the server.

Abstract: Systems and methods for injecting sensitive data into outgoing traffic on behalf of a user of a private network are provided. According to one embodiment, a network security appliance maintains a database of sensitive data. Secure submission of sensitive data of a user is facilitated by the security appliance in connection with interactions between a client and a server by: (i) intercepting outgoing traffic from the client to the server; (ii) determining whether the outgoing traffic matches a policy configured by an administrator of the private network that causes the sensitive data to be injected into the outgoing traffic by the network security device on behalf of the user; and (iii) when the determining is affirmative: (a) retrieving the sensitive data from the database; (b) modifying the outgoing traffic by injecting the sensitive data into the outgoing traffic; and (c) sending the modified outgoing traffic to the server.

Abstract: Systems and methods for retrospective scanning of network traffic logs for missed threats using updated scan engines are provided. According to an embodiment, a network security device maintains a network traffic log that includes information associated with network activities observed within a private network. Responsive to an event, the network traffic log is retrospectively scanned in an attempt to identify a threat that was missed by a previous signature-based scan or a previous reputation-based scan of the observed network activities. When the threat is identified as a result of the retrospective scan, then remedial and/or preventive action is taken with respect to the threat.

Abstract: Systems and methods for retrospective scanning of network traffic logs for missed threats using updated scan engines are provided. According to an embodiment, a network security device maintains a network traffic log that includes information associated with network activities observed within a private network. Responsive to an event, the network traffic log is retrospectively scanned in an attempt to identify a threat that was missed by a previous signature-based scan or a previous reputation-based scan of the observed network activities. When the threat is identified as a result of the retrospective scan, then remedial and/or preventive action is taken with respect to the threat.

Abstract: Systems and methods for injecting sensitive data into outgoing traffic that is to be sent to a remote server from a client by a network security appliance logically interposed between the server and the client are provided. According to one embodiment, the method includes intercepting, by a network security appliance, outgoing traffic from the client to the server. The network security appliance identifies a submission command within the outgoing traffic that is used for submitting sensitive data of a user to the server. The network security appliance retrieves the sensitive data and modifies the outgoing traffic by injecting the sensitive data into the submission command to form modified outgoing traffic. The network security appliance transmits the modified outgoing traffic to the server.

Abstract: Systems and methods for performing a human user test when a high-risk network access is captured by an intermediary security device are provided. According to one embodiment, a high-risk network access initiated by a device is identified by an intermediary security device. A human user test message is sent by the intermediary security device to a human user of the device to verify that the high-risk network access was initiated by or is otherwise authorized by the human user. A response to the human user test message is received by the intermediary security device. It is determined by the intermediary security device whether the response is a correct response to the human user test message. When the response is correct, the high-risk network access is allowed by the intermediary security device.

Abstract: Systems and methods for injecting sensitive data into outgoing traffic on behalf of a user of a private network are provided. According to one embodiment, a network security appliance maintains a database of sensitive data. Secure submission of sensitive data of a user is facilitated by the security appliance in connection with interactions between a client and a server by: (i) intercepting outgoing traffic from the client to the server; (ii) determining whether the outgoing traffic matches a policy configured by an administrator of the private network that causes the sensitive data to be injected into the outgoing traffic by the network security device on behalf of the user; and (iii) when the determining is affirmative: (a) retrieving the sensitive data from the database; (b) modifying the outgoing traffic by injecting the sensitive data into the outgoing traffic; and (c) sending the modified outgoing traffic to the server.

Abstract: Systems and methods for performing a human user test when a high-risk network access is captured by an intermediary security device are provided. According to one embodiment, network security application includes a network traffic control module, a human user test engine and a risk management module. The network traffic control module identifies a high-risk network access initiated by a device associated with a private network protected by the network security appliance. The human user test engine (i) sends a human user test message to the human user of the device to verify that the high-risk network access was initiated by or is otherwise authorized by the human user of the device; receives a response to the human user test message; and (iii) determines whether the response is a correct response to the human user test message. The risk management module allows the high-risk network access when the response is correct.

Abstract: Systems and methods for retrospective scanning of network traffic logs for missed threats using updated scan engines are provided. According to an embodiment, a network security device maintains a network traffic log that includes information associated with network activities observed within a private network. Responsive to an event, the network traffic log is retrospectively scanned in an attempt to identify a threat that was missed by a previous signature-based scan or a previous reputation-based scan of the observed network activities. When the threat is identified as a result of the retrospective scan, then remedial and/or preventive action is taken with respect to the threat.

Abstract: Systems and methods for injecting sensitive data into outgoing traffic that is to be sent to a remote server from a client by a network security appliance logically interposed between the server and the client are provided. According to one embodiment, the method includes intercepting, by a network security appliance, outgoing traffic from the client to the server. The network security appliance identifies a submission command within the outgoing traffic that is used for submitting sensitive data of a user to the server. The network security appliance retrieves the sensitive data and modifies the outgoing traffic by injecting the sensitive data into the submission command to form modified outgoing traffic. The network security appliance transmits the modified outgoing traffic to the server.

Abstract: Systems and methods for performing a human user test when a high-risk network access is captured by an intermediary security device are provided. According to one embodiment, network security application includes a network traffic control module, a human user test engine and a risk management module. The network traffic control module identifies a high-risk network access initiated by a device associated with a private network protected by the network security appliance. The human user test engine (i) sends a human user test message to the human user of the device to verify that the high-risk network access was initiated by or is otherwise authorized by the human user of the device; receives a response to the human user test message; and (iii) determines whether the response is a correct response to the human user test message. The risk management module allows the high-risk network access when the response is correct.

Abstract: Systems and methods for performing a human user test when a high-risk network access is captured by an intermediary security device are provided. According to one embodiment, a request that is sent from a client to a server is captured by an intermediary security device logically interposed between the client and the server. A human user test message is sent by the intermediary security device to the client to verify that the request was initiated by a human user of the client. A response to the human user test message is received by the intermediary security device. It is determined by the intermediary security device whether the response is a correct response to the human user test message. When the determination is affirmative, the request is allowed to pass through the intermediary security device and to be delivered to the server.

Abstract: Systems and methods for performing a human user test when a high-risk network access is captured by an intermediary security device are provided. According to one embodiment, a request that is sent from a client to a server is captured by an intermediary security device logically interposed between the client and the server. A human user test message is sent by the intermediary security device to the client to verify that the request was initiated by a human user of the client. A response to the human user test message is received by the intermediary security device. It is determined by the intermediary security device whether the response is a correct response to the human user test message. When the determination is affirmative, the request is allowed to pass through the intermediary security device and to be delivered to the server.

Abstract: Systems and methods for performing a human user test when a high-risk network access is captured by an intermediary security device are provided. According to one embodiment, when an intermediary security device identifies a high-risk network access that is potentially initiated by a human user or a piece of software running on the device of the human user, a human user test message is sent to the human user to verify that the high-risk network access was indeed initiated by the human user. After a response to the human user test message is received by the intermediary security device, it is determined if the response is a correct response to the human user test. The security device allows the high risk network access if the response is correct.

Abstract: Systems and methods for performing a human user test when a high-risk network access is captured by an intermediary security device are provided. According to one embodiment, when an intermediary security device identifies a high-risk network access that is potentially initiated by a human user or a piece of software running on the device of the human user, a human user test message is sent to the human user to verify that the high-risk network access was indeed initiated by the human user. After a response to the human user test message is received by the intermediary security device, it is determined if the response is a correct response to the human user test. The security device allows the high risk network access if the response is correct.