Abstract: A method, system and computer-usable medium are disclosed for establishing a virtual point of presence or VPoP in a country or locale by registering an internet protocol (IP) prefix range for communication specific to the locale in a physical data center; implementing proxy servers on the data center that support the IP prefix range; geolocating users in the locale to the IP prefix range; network address translating inbound connections to the IP prefix range with IP addresses on the proxy servers to provide extended IP network addresses; and providing content to the users by the proxy servers on using the extended IP network addresses.

Abstract: A method, system and computer-usable medium are disclosed for operating a protected endpoint. In various embodiments, operation of the protected endpoint device comprises: receiving, at an endpoint collector operating on the protected endpoint device, information corresponding to activities occurring on an endpoint platform; placing, by the endpoint collector, a plurality of events corresponding to the activities on a message bus; receiving, at an endpoint agent, one or more of the plurality of events from the message bus; selectively processing, by the endpoint agent, one or more of the plurality of events received on the message bus, wherein the plurality of events selectively processed by the endpoint agent are events to which the endpoint agent has subscribed; and providing a service connection between the endpoint agent and a software service, wherein communications between the endpoint agent and software service include information corresponding to one or more of the subscribed events.

Abstract: A relational event history is determined based on a data set, the relational event history including a set of relational events that occurred in time among a set of actors. Data is populated in a probability model based on the relational event history, where the probability model is formulated as a series of conditional probabilities that correspond to a set of sequential decisions by an actor for each relational event, where the probability model includes one or more statistical parameters and corresponding statistics. A baseline communications behavior for the relational event history is determined based on the populated probability model, and departures within the relational event history from the baseline communications behavior are determined.

Abstract: A system, method, and computer-readable medium are disclosed for generating an adaptive trust profile via an adaptive trust profile operation. In various embodiments the adaptive trust profile operation includes: monitoring a plurality of electronically-observable actions of an entity, the plurality of electronically-observable actions of the entity corresponding to a respective plurality of events enacted by the entity; converting the plurality of electronically-observable actions of the entity to electronic information representing the plurality of actions of the entity; and generating the adaptive trust profile based upon the plurality of actions of the entity, the adaptive trust profile being generated by an adaptive trust profile system.

Abstract: A system, method, and computer-readable medium are disclosed for generating a cyber behavior profile, comprising: monitoring user interactions between a user and an information handling system; converting the user interactions into electronic information representing the user interactions, the electronic information representing the user interactions comprising temporal detail corresponding to the user interaction; and generating a user behavior profile based upon the electronic information representing the user interactions, the generating the user profile including a layer of detail corresponding to the temporal detail corresponding to the user interaction.

Abstract: A system, method, and computer-readable medium are disclosed for generating an adaptive trust profile via an adaptive trust profile operation. In various embodiments the adaptive trust profile operation includes monitoring an electronically-observable action of an entity, the electronically-observable action of the entity corresponding to an event enacted by the entity; converting the electronically-observable action of the entity to electronic information representing the action of the entity; generating the adaptive trust profile based upon the action of the entity; and, deriving an inference regarding the action of the entity using the adaptive trust profile.

Abstract: A system, method, and computer-readable medium are disclosed for generating an adaptive trust profile via an adaptive trust profile operation. In various embodiments the adaptive trust profile operation includes: monitoring a plurality of electronically-observable actions of an entity, the plurality of electronically-observable actions of the entity corresponding to a respective plurality of events enacted by the entity, the monitoring comprising monitoring at least one of the plurality of electronically-observable actions via a protected endpoint; converting the plurality of electronically-observable actions of the entity to electronic information representing the plurality of actions of the entity; and generating an adaptive trust profile based upon the action of the entity.

Abstract: A system, method, and computer-readable medium are disclosed for using a behavioral fingerprint via a behavioral fingerprint operation. In various embodiments the behavioral fingerprint operation includes: monitoring an electronically-observable action of an entity, the electronically-observable action of the entity corresponding to an event enacted by the entity; converting the electronically-observable action of the entity to electronic information representing the action of the entity; generating the behavioral fingerprint based upon observations associated with the action of the entity; and, using the behavioral fingerprint in combination with an adaptive trust profile to generate an inference regarding the entity.

Abstract: A system for identifying network users is provided that includes a domain controller agent having a user map that is configured to receive user data, to save the user data in an updated user map and to replace the user map with the updated user map. A filtering service has the user map and is configured to receive the updated user map and to replace the user map with the updated user map. An event subscription system is configured to generate event subscription data, wherein the domain controller agent is configured to subscribe to the event subscription system and to receive the event subscription data.

Abstract: A method, system and computer-usable medium are disclosed for operating a collector at an endpoint device are disclosed. Certain embodiments include a computer-implemented method for operating an endpoint collector at an endpoint device, including: receiving, at an endpoint collector operating on the endpoint device, information corresponding to activities occurring on an endpoint platform; receiving, at the endpoint collector, one or more filter definitions; and selectively placing, by the endpoint collector, a plurality of events on a message bus, wherein a determination as to which events are placed by the endpoint collector on the message bus is based on the one or more filter definitions. Certain embodiments may include corresponding stand-alone and/or network computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform one or more of these actions.

Abstract: A system for image classification is disclosed that includes a central system configured to provide high reliability image data processing and recognition and a plurality of endpoint systems, each configured to provide image data processing and recognition with a lower reliability than the central system and to generate probability data. A decision switch disposed at each of the plurality of endpoint systems is configured to receive the probability data and to determine whether to deny access, grant access or generate a referral message to the central system, wherein the referral message includes at least a set of image data generated at the endpoint system.

Abstract: A method, system, and computer-usable medium are disclosed for receiving a response, by a security management system, from a site external to an internal network comprising the security management system to an endpoint device of the internal network, and injecting a header into the response by the security management system, the header including security rules, such that when the response is communicated to the endpoint device, the endpoint device responds to the security management system with information regarding subsequent requests made by the endpoint device in connection with the response.

Abstract: A relational event history is determined based on a data set, the relational event history including a set of relational events that occurred in time among a set of actors. Data is populated in a probability model based on the relational event history, where the probability model is formulated as a series of conditional probabilities that correspond to a set of sequential decisions by an actor for each relational event, where the probability model includes one or more statistical parameters and corresponding statistics. A baseline communications behavior for the relational event history is determined based on the populated probability model, and departures within the relational event history from the baseline communications behavior are determined.

Abstract: A method, system, and computer-usable medium are disclosed for (a) responsive to communication of a client handshake from a client to a server for establishing encrypted communications between the client and the server: (i) holding open, by an intermediate verification system interfaced between the server and the client, the client handshake; and (ii) opening a connection between the intermediate verification system and the server via which the intermediate verification system issues a server verification handshake to the server; (b) responsive to issuance of the server verification handshake to the server, receiving a server certificate associated with the server by the intermediate verification system; (c) responsive to receipt of the server certificate, processing, by the intermediate verification system, the server certificate to determine an identity of the server; and (d) rendering, by the intermediate verification system, a security policy decision regarding traffic between the server and client based

Abstract: A system, method, and computer-readable medium are disclosed for generating an adaptive trust profile via an adaptive trust profile operation. In various embodiments the adaptive trust profile operation includes: monitoring a plurality of electronically-observable actions of an entity, the plurality of electronically-observable actions of the entity corresponding to a plurality of respective events enacted by the entity; converting the plurality of electronically-observable actions of the entity to electronic information representing the plurality of actions of the entity; and generating the adaptive trust profile based upon the plurality of actions of the entity, the adaptive trust profile comprising a plurality of adaptive trust profile components.

Abstract: A system, method, and computer-readable medium are disclosed for monitoring actions of an entity. In various embodiments the monitoring includes: monitoring a plurality of electronically-observable actions of the entity, the plurality of electronically-observable actions of the entity corresponding to a plurality of events enacted by the entity; associating the plurality of events enacted by the entity with a story; and, using the story to derive an inference regarding the entity.

Abstract: A method, system, and computer-usable medium are disclosed for include receiving a first version of content from a resource, generating a first lightweight fingerprint for the first version of the content, receiving a second version of the content from the same resource, generating a second lightweight fingerprint for the second version of the content, comparing the first lightweight fingerprint to the second lightweight fingerprint to determine changes to a non-injectable section of the content and potentially-injected sections of the content between the first version and the second version, and determining the content to include potentially malicious elements responsive to determining that the non-injectable section of the content have remained substantially static between the first version and the second version and determining that potentially-injected sections of the content has substantially changed between the first version and the second version.

Abstract: A method, system, and computer-usable medium are disclosed for performing deep packet inspection of network traffic, comprising: receiving a unit of one or more network packets, calculating a calculated fingerprint for data within the unit, determining a current inspection context, determining whether the calculated fingerprint and the current inspection context matches an entry stored in a cache, wherein the entry includes a stored fingerprint and a cached inspection context, and performing operations associated with deep packet inspection of the unit based on whether the calculated fingerprint and the current inspection context match the entry.

Abstract: Systems, method, and non-transitory computer readable storage medium are provided for configuring an information computing machine during execution of a kernel image. The system can create a file system from a base file system image in system memory of the computing system, apply configuration files from a bundle image to the file system in memory, copy files from a persistent file system stored in the storage resource to memory, validate the files from the persistent file system, and apply validated files to the file system in memory. The base file system image and bundle image can be verified by comparing a signed hash of the image with a hash generated by the initial file system and checking the hash signature against a public certificate included in the initial filesystem. The system can further execute /sbin/init and start application services.

Abstract: A method, system, and computer-usable medium are disclosed for network acceleration, comprising: responsive to receiving at an acceleration device a stream of one or more datagrams from a sending endpoint device within a first local area network of the acceleration device, the stream for transmission to a receiving endpoint device within a second local area network coupled to the first local area network by a wide area network: communicating by the acceleration device to the sending endpoint device a respective acknowledgement to each of the one or more datagrams; and transmitting by the acceleration device the one or more datagrams via multiple communication links of the wide area network to a second acceleration device within the second local area network and coupled to the receiving endpoint device.