Abstract: A computer-implemented method for increasing restore speeds of backups stored in deduplicated storage systems may include (1) identifying a backup that includes data stored in at least one data container within a deduplicated storage system, (2) detecting a subsequent backup that includes additional data, (3) calculating an amount of duplication between the additional data included in the subsequent backup and the data stored in the data container, (4) determining that the amount of duplication between the additional data and the data stored in the data container is below a predetermined threshold, (5) identifying at least one additional data container to store the additional data instead of deduplicating the additional data with respect to the data container, and then (6) storing the additional data in the additional data container to facilitate increasing a restore speed of the subsequent backup. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for detecting malicious activity are disclosed. In one particular embodiment, the techniques may be realized as a method for detecting malicious activity including receiving information indicating a first process being executed, the first process including a plurality of first process components, receiving information specific to at least one of the plurality of first process components, determining whether the first process exhibits malicious behavior; and identifying which of the plurality of first process components is responsible for the malicious behavior based on the received information.

Abstract: A computer-implemented method for replacing application methods at runtime may include identifying an application at runtime that includes a target method to replace at runtime with a source method, locating a target address of a target method data structure (that includes a target code pointer to method code of the target method) within memory at runtime that is referenced by a target class, determining a source address of a source method data structure (that includes a source code pointer to method code of the source method) within memory at runtime that describes the source method, and modifying the application at runtime to have the target class reference the source method instead of the target method by copying the source method data structure from the source address to the target address and, thereby, replacing the target code pointer with the source code pointer. Various other methods and systems are also disclosed.

Abstract: An apparatus identifies a request from a user device to access data on a storage server. The apparatus determines a sensitivity level of response data for a response to the request, security context of the response, and a routing action to perform for the response by applying a policy to the sensitivity level of the response data and the security context of the response. The apparatus executes the routing action for the response.

Abstract: A computer system receives a request to access a server. The request includes a first device tag set. When the first device tag set matches a previously assigned device tag set, the computer system allows access to the server without requesting full access credentials of a user. The computer system invalidates the first device tag set, and sends a second device tag set. When the first device tag set does not match the previously assigned device tag set, the computer system requests full access credentials from the user.

Abstract: Techniques for predicting and protecting spearphishing targets are disclosed. In one particular exemplary embodiment, the techniques may be realized as a system for predicting and protecting spearphishing targets. The system may comprise one or more processors communicatively coupled to a network. The one or more processors may be configured to identify one or more potential spearphishing targets based on information from an organization, receive additional information associated with the one or more potential spearphishing targets and the organization from publicly available sources, determine a threat level of a spearphishing attack on the one or more potential spearphishing targets based on the information from the organization and the additional information, and generate a report of the one or more potential spearphishing targets and the threat level associated with the one or more potential spearphishing targets.

Abstract: Multiple nodes of a cluster have associated non-shared, local caches, used to cache shared storage content. Each local cache is accessible only to the node with which it is associated, whereas the cluster-level shared storage is accessible by any of the nodes. Attempts to access the shared storage by the nodes of the cluster are monitored. Information is tracked concerning the current statuses of the local caches of the nodes of the cluster. Current tracked local cache status information is maintained, and stored such that it is accessible by the multiple nodes of the cluster. The current tracked local cache status information is used in conjunction with the caching functionality to determine whether specific nodes of the cluster are to access their local caches or the shared storage to obtain data corresponding to specific regions of the shared storage.

Abstract: A deduplication storage system and associated methods are described. The deduplication storage system may split data objects into segments and store the segments. A plurality of data segment containers may be maintained. Each of the containers may include two or more of the data segments. Maintaining the containers may include maintaining a respective logical size of each container. In response to detecting that the logical size of a particular container has fallen below a threshold level, the deduplication storage system may perform an operation to reclaim the storage space allocated to one or more of the data segments included in the particular container.

Abstract: An unlabeled sample is classified using clustering. A set of samples containing labeled and unlabeled samples is established. Values of features are gathered from the samples contained in the datasets and a subset of features are selected. The labeled and unlabeled samples are clustered together based on similarity of the gathered values for the selected subset of features to produce a set of clusters, each cluster having a subset of samples from the set of samples. The selecting and clustering steps are recursively iterated on the subset of samples in each cluster in the set of clusters until at least one stopping condition is reached. The iterations produce a cluster having a labeled sample and an unlabeled sample. A label is propagated from the labeled sample in the cluster to the unlabeled sample in the cluster to classify the unlabeled sample.

Abstract: A computer-implemented method for providing access to data accounts within user profiles via cloud-based storage services may include (1) identifying a user profile associated with a user of a cloud-based storage service, (2) identifying a plurality of data accounts within the user profile associated with the user of the cloud-based storage service, (3) detecting a request from a client-based application associated with the user of the cloud-based storage service to access at least a portion of data stored in a data account within the user profile, (4) locating a unique account name that identifies the data account in the request, and then (5) satisfying the request from the client-based application associated with the user to access the portion of data stored in the data account via the cloud-based storage service. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for enforcing data-loss-prevention policies using mobile sensors may include (1) detecting an attempt by a user to access sensitive data on a mobile computing device, (2) collecting, via at least one sensor of the mobile computing device, sensor data that indicates an environment in which the user is attempting to access the sensitive data, (3) determining, based at least in part on the sensor data, a privacy level of the environment, and (4) restricting, based at least in part on the privacy level of the environment, the attempt by the user to access the sensitive data according to a DLP policy. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Quality of service is provided to prioritized VMs and applications, based on the varied quality of different shared computing resources. Each VM or application has an associated priority. A quality rating is dynamically assigned to each shared computing resource. Requests for shared computing resources made by specific VMs or applications are received. For each specific received request, the current priority of the requesting VM or application is identified. In response to each received request, a specific shared computing resource is assigned to the specific requesting VM or application. This assignment is made based on the current priority of the requesting VM or application and the current quality rating of the shared computing resource, thereby providing quality of service to the requesting VM or application corresponding to its current priority.

Abstract: A computer-implemented method for eliminating redundant security analyses on network data packets may include (1) intercepting, at a networking device, at least one network data packet destined for a target computing device, (2) identifying a security system installed on the target computing device, (3) determining that the security system installed on the target computing device does not satisfy a predefined security standard, and then (4) performing a security analysis that satisfies the predefined security standard on the network data packet at the networking device based at least in part on determining that the security system installed on the target computing device does not satisfy the predefined security standard. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Clients send telemetry data to a cloud server, where the telemetry data includes security-related information such as file creations, timestamps and malware detected at the clients. The cloud server analyzes the telemetry data to identify malware that is currently spreading among the clients. Based on the analysis of the telemetry data, the cloud server segments malware definitions in a cloud definition database into a set of local malware definitions and a set of cloud malware definitions. The cloud server provides the set of local malware definitions to the clients as a local malware definition update, and replies to cloud definition lookup requests from clients with an indication of whether a file identified in a request contains malware. If the file is malicious, the client remediates the malware using local malware definition update.

Abstract: A method for maintaining group membership records includes 1) maintaining a record of group memberships for a membership hierarchy, the membership record identifying a direct relationship between a first object and a second object in the membership hierarchy, 2) receiving a membership update indicating that, as of a first point in time, a direct relationship between the second object and a third object changed, 3) updating the record of group memberships to reflect the change in the relationship between the second object and the third object, 4) deducing, based on the membership update and the record of group memberships, a change in an indirect relationship between the first object and the third object as of the first point in time, and 5) providing a view of object relationships within the membership hierarchy as the object relationships exist at the first point in time and a historical record of object relationships.

Abstract: A system and method for managing a resource reclamation reference list at a coarse level. A storage device is configured to store a plurality of storage objects in a plurality of storage containers, each of said storage containers being configured to store a plurality of said storage objects. A storage container reference list is maintained, wherein for each of the storage containers the storage container reference list identifies which files of a plurality of files reference a storage object within a given storage container. In response to detecting deletion of a given file that references an object within a particular storage container of the storage containers, a server is configured to update the storage container reference list by removing from the storage container reference list an identification of the given file. A reference list associating segment objects with files that reference those segment objects may not be updated response to the deletion.

Abstract: A method of provisioning a first digital certificate and a second digital certificate based on an existing digital certificate includes receiving information related to the existing digital certificate. The existing digital certificate includes a first name listed in a Subject field and a second name listed in a SubjectAltName extension. The method also includes receiving an indication from a user to split the existing digital certificate and extracting the first name from the Subject field and the second name from the SubjectAltName extension of the existing digital certificate. The method further includes extracting the public key from the existing digital certificate, provisioning the first digital certificate with the first name listed in a Subject field of the first digital certificate and the public key, and provisioning the second digital certificate with the second name listed in a Subject field of the second digital certificate and the public key.

Abstract: A method for forming a digital certificate includes receiving contact information associated with the digital certificate. The contact information includes at least a name, a mailing address, and an email address. The method also includes receiving billing information associated with the digital certificate and receiving a Certificate Signing Request (CSR) for the digital certificate. The method further includes receiving a first name for use in forming the digital certificate and receiving a second name for use in forming the digital certificate. Moreover, the method includes receiving an indication of a vendor of web server software, receiving an indication of a service period for the digital certificate, and forming the digital certificate. The first name is stored in a Subject field of the digital certificate and the second name is stored in the SubjectAltName extension of the digital certificate.

Abstract: A reputation server is coupled to multiple clients via a network. Each client has a security module that detect malware at the client. The security module computes a hygiene score based on detected malware and provides it to the reputation server. The security module monitors client encounters with entities such as files, programs, and websites. When a client encounters an entity, the security module obtains a reputation score for the entity from the reputation server. The security module evaluates the reputation score and optionally cancels an activity involving the entity. The reputation server computes reputation scores for the entities based on the clients' hygiene scores and operations performed in response to the evaluations. The reputation server prioritizes malware submissions from the client security modules based on the reputation scores.

Abstract: A DNS security system collects and uses aggregated DNS information originating from a plurality of client computers to detect anomalous DNS name resolutions. A server DNS security component receives multiple transmissions of DNS information from a plurality of client computers, each transmission of DNS information concerning a specific instance of a resolution of a specific DNS name. The server component aggregates the DNS information from the multiple client computers. The server component compares DNS information received from a specific client computer concerning a specific DNS name to aggregated DNS information received from multiple client computers concerning the same DNS name to identify anomalous DNS name resolutions. Where an anomaly concerning received DNS information is identified, a warning can be transmitted to the specific client computer from which the anomalous DNS information was received.