Abstract: Methods and apparatus provide resource authorization based on a computer's presence information. Presence information may include information relating to a computer's operating environment. In some implementations, a presence detector on a computer determines presence information and provides the information to a resource manager. The computer may then generate a resource access request. A resource manager may then determine whether the resource request is authorized based, at least in part, on the presence information. The resource manager then responds to the resource access request, either granting or denying the request for resources.

Abstract: Generally discussed herein are systems, devices, and methods for malware nullification. A system can include a detect module to identify a file type of an attachment of the email, compare the identified file type to a list of unsafe file types, and in response to determining the identified file type is on the list of unsafe file types, remove the attachment from the email and forward the attachment to a database, a file converter module to receive the attachment from the detect module and convert the file to a safe file type so as to nullify malware in the attachment, an insert module to receive the file with the safe file type and replace the attachment of the email with the file with the safe file type, and a mail transfer agent to forward the email with the file with the safe file type to the client.

Abstract: A method, system and computer-usable medium are disclosed for generating a cyber behavior profile, comprising: monitoring user interactions between a user and an information handling system; converting the user interactions and the information about the user into electronic information representing the user interactions; generating a unique cyber behavior profile based upon the electronic information representing the user interactions and the information about the user; and, storing information relating to the unique cyber behavior profile in a behavior blockchain.

Abstract: Generally discussed herein are systems, devices, and methods for malware analysis. In one or more embodiments, a method can include copying application layer data traffic to create copied application layer data traffic, forwarding at least a portion of the application layer data traffic to a destination client prior to a malware analysis of corresponding copied application layer data traffic, determining whether the copied application layer data traffic includes a specified property, and in response to a determination that the copied application layer data traffic includes the specified property, storing the copied application layer data traffic determined to include the specified property for subsequent malware analysis, the stored copied application layer data traffic including context data of the copied application layer data traffic.

Abstract: A method includes detecting a triggering event at a hypervisor, where the hypervisor is executed by a computing node. The method also includes capturing, from a memory device of the computing node using the hypervisor, one or more images of a basic input/output system (BIOS) of the computing node and/or a firmware of the computing node. The method further includes analyzing the one or more images to detect a problem with the computing node and taking at least one action in response to detecting the problem with the computing node. The one or more images are obtained by the hypervisor directly from the memory device.

Abstract: A system and method for identifying infection of unwanted software on an electronic device is disclosed. A software agent configured to generate a bait and is installed on the electronic device. The bait can simulate a situation in which the user performs a login session and submits personal information or it may just contain artificial sensitive information. The output of the electronic device is monitored and analyzed for attempts of transmitting the bait. The output is analyzed by correlating the output with the bait and can be done by comparing information about the bait with the traffic over a computer network in order to decide about the existence and the location of unwanted software.