Abstract: A technique includes, in response to an exception occurring in the execution of a process on a computer, invoking an operating system service. The operating system service is used to sanitize data that is associated with the process and is stored in a memory of the computer. The data is associated with sensitive information.

Abstract: In some examples, a system receives input information relating to a security level for an information technology (IT) stack comprising a plurality of layers including a hardware layer and a software layer, where the input information is technology and product agnostic. The system discovers components of the plurality of layers of the IT stack, accesses a knowledge base that maps the security level and the discovered components to configuration instructions relating to security controls, and configures the IT stack with the security controls using the configuration instructions.

Abstract: A computer system associates a given file of a file system with append-only policy that is specified by an owner of given file. The computer system can subsequently intercept file system operations for the file system, including file system operations that specify the given file. The computer system can unconditionally apply the append-only policy to requesting entities, independent of the requesting entities' access level with respect to the file system.

Abstract: In some examples, a system receives input information relating to a security level for an information technology (IT) stack comprising a plurality of layers including a hardware layer and a software layer, where the input information is technology and product agnostic. The system discovers components of the plurality of layers of the IT stack, accesses a knowledge base that maps the security level and the discovered components to configuration instructions relating to security controls, and configures the IT stack with the security controls using the configuration instructions.

Abstract: A technique includes, in response to an exception occurring in the execution of a process on a computer, invoking an operating system service. The operating system service is used to sanitize data that is associated with the process and is stored in a memory of the computer. The data is associated with sensitive information.

Abstract: A computer system associates a given file of a file system with append-only policy that is specified by an owner of given file. The computer system can subsequently intercept file system operations for the file system, including file system operations that specify the given file. The computer system can unconditionally apply the append-only policy to requesting entities, independent of the requesting entities' access level with respect to the file system.

Abstract: Included are embodiments for port enablement. One embodiment of a method includes inserting a streams module in a kernel space of a host device, the streams module being coupled to a stream head, the streams module coupled to a transmission control protocol (TCP) module and receiving a bind request on a socket, the bind request associated with an application. Embodiments also include determining a process name associated with the received bind request, determining, based on the determined process name, a meta-configuration rule for a firewall configuration of the application and utilizing the determined meta-configuration rule for the firewall configuration of the application.

Abstract: Provided is computer implemented method for logging system events, comprising: allocating a memory area for a log; receiving data indicative of a log event; storing said data in said memory area; synchronising data in said memory area to a log file stored in non-volatile storage, the non-volatile storage and the memory area being inaccessible to a user or an administrator.

Abstract: Included are embodiments for port enablement. One embodiment of a method includes inserting a streams module in a kernel space of a host device, the streams module being coupled to a stream head, the streams module coupled to a transmission control protocol (TCP) module and receiving a bind request on a socket, the bind request associated with an application. Embodiments also include determining a process name associated with the received bind request, determining, based on the determined process name, a meta-configuration rule for a firewall configuration of the application and utilizing the determined meta-configuration rule for the firewall configuration of the application.