Abstract: Techniques for processing instant messages (IM) received from entities destined for IM clients are provided. An IM module is used to receive the instant messages and process them. In one embodiment, the IM module may be used to determine if a message is spam (or spim) or not. The IM module receives an instant message for the IM client and determines if a challenge message should be sent to the sender of the IM. The challenge IM is an IM that is sent to the sender of the IM that necessitates a challenge. If a response to the IM challenge is received at the IM module, it is determined if the response satisfies an answer required by the challenge IM. If the response satisfies the answer, the IM received may be forwarded to the intended recipient IM client. Additionally, a method for processing buddy list events using an IM module is provided.

Abstract: Security components of managed computers are configured using inoculation data. Inoculation data can be retrieved from an inoculation data provider. The inoculation data provider analyzes unauthorized software applications to develop inoculation data. The inoculation data configures the security component to block execution of unauthorized software applications. Inoculation data can be embedded into a script, which is distributed via a management protocol to one or more managed computers from a management computer. Unauthorized software applications can be identified by filenames, storage paths, registry keys, digital signatures, download locations, residuals, and ActiveX controls or classes.

Abstract: Network flows are identified by analyzing network traffic and network host information. The network host information may be collected by network host monitors associated with network hosts. Network traffic and network host information are evaluated against network flow profiles to identify network flows. If a network flows are identified with high certainty and are associated with previously identified network applications, then network flow policies can be applied to the network flows to block, throttle, accelerate, enhance, or transform the network flows. If a network flow is identified with lesser certainty or is not associated with a previously identified network application, then a new network flow profile can be created from further analysis of network traffic information, network host information, and possibly additional network host information collected to enhance the analysis.

Abstract: An application detection architecture and related techniques are provided for detecting, identifying, and managing network-based applications. In various embodiments, a combined layered approach to application detection and various application-detection techniques provide for quick assessments that move from simplest to complex for rapid detection of unauthorized or misbehaving applications in communication with one or more computer networks. This layering, in some embodiments, further provides scalability and speed for determining and implementing policies that may be applicable to detected network-based application, users, groups, or devices associated with unauthorized network-based applications sending or receiving data via a computer network.

Abstract: In various embodiments, a data-driven model is provided for an application detection engine for the detection and identification of network-based applications. In one embodiment, information can be input into an application detection database. The information may include a hostname, ports, transport protocol (TCP/UDP), higher layer protocol (SOCKS, HTTP, SMTP, FTP, etc), or the like. The information may be associated with a given application. The information may be used to create rule sets or custom program logic used by one or more various application detection engines for determining whether network traffic has been initiated by a given application. The information may be dynamically loaded and updated at the application detection engine.

Abstract: In various embodiments, techniques can be provided for identifying a user or group of users who initiated network traffic. The user or group of users may be identified as an employee who can be found in corporate or organizational directory. In some embodiments, different authentication mechanisms may be used for various types of network traffic. For example, by proxying instant messaging (IM) communications, a proxy server can know which users are associated with what network traffic. In another example, transparent and non-transparent mechanisms may be provided to authenticate HTTP URL traffic. For other types of traffic, such as non-proxied IM, P2P, and spyware, an existing authentication cache or credential cache may be used to identify the user who generated the traffic.

Abstract: In various embodiments, techniques can be provided for identifying and filtering network resources. The filtering may occur not only on the type of network traffic (e.g., HTTP traffic) but also with resources identified by the network traffic. In some embodiments, one or more hash functions may be used to facilitate the identification, searching, and matching of network resources. The network resources may be identified as a unique domain, unique network host, unique URL, or the like.

Abstract: Techniques for managing instant message (IM) communications are provided. Instant message communications of a plurality of network implementations is managed using an instant message module that uses one or more policies. A policy in the one or more policies includes an action applicable for an IM communication. The techniques comprise receiving an instant message communication at the instant message module. The IM communication may be in a network implementation of one of the plurality of network implementations. Then, a policy is determined from the one or more policies that is applicable for the instant message communication. An action associated with the policy for the instant message communication is then performed.

Abstract: Network flows are identified by analyzing network traffic and network host information. The network host information may be collected by network host monitors associated with network hosts. Network traffic and network host information are evaluated against network flow profiles to identify network flows. If a network flows are identified with high certainty and are associated with previously identified network applications, then network flow policies can be applied to the network flows to block, throttle, accelerate, enhance, or transform the network flows. If a network flow is identified with lesser certainty or is not associated with a previously identified network application, then a new network flow profile can be created from further analysis of network traffic information, network host information, and possibly additional network host information collected to enhance the analysis.

Abstract: Network flows are identified by analyzing network traffic and network host information. The network host information may be collected by network host monitors associated with network hosts. Network traffic and network host information are evaluated against network flow profiles to identify network flows. If a network flows are identified with high certainty and are associated with previously identified network applications, then network flow policies can be applied to the network flows to block, throttle, accelerate, enhance, or transform the network flows. If a network flow is identified with lesser certainty or is not associated with a previously identified network application, then a new network flow profile can be created from further analysis of network traffic information, network host information, and possibly additional network host information collected to enhance the analysis.

Abstract: Security components of managed computers are configured using inoculation data. Inoculation data can be retrieved from an inoculation data provider. The inoculation data provider analyzes unauthorized software applications to develop inoculation data. The inoculation data configures the security component to block execution of unauthorized software applications. Inoculation data can be embedded into a script, which is distributed via a management protocol to one or more managed computers from a management computer. Unauthorized software applications can be identified by filenames, storage paths, registry keys, digital signatures, download locations, residuals, and ActiveX controls or classes.

Abstract: Security components of managed computers are configured using inoculation data. Inoculation data can be retrieved from an inoculation data provider. The inoculation data provider analyzes unauthorized software applications to develop inoculation data. The inoculation data configures the security component to deny access to resources to unauthorized software applications. Inoculation data can be embedded into a script, which is distributed via a management protocol to one or more managed computers from a management computer. Resources can include files, storage paths, memory, registry keys, processor priority, services, dynamic link libraries, archives, browser cookies, and/or ActiveX controls, Java applets, or classes thereof.

Abstract: Network flows are identified by analyzing network traffic and network host information. The network host information may be collected by network host monitors associated with network hosts. Network traffic and network host information are evaluated against network flow profiles to identify network flows. If a network flows are identified with high certainty and are associated with previously identified network applications, then network flow policies can be applied to the network flows to block, throttle, accelerate, enhance, or transform the network flows. If a network flow is identified with lesser certainty or is not associated with a previously identified network application, then a new network flow profile can be created from further analysis of network traffic information, network host information, and possibly additional network host information collected to enhance the analysis.