Abstract: A system, method, and computer program product are provided for determining whether an electronic mail message is compliant with an etiquette policy. In use, a predetermined event associated with an electronic mail message is identified. Additionally, it is determined whether the electronic mail message is compliant with an etiquette policy, in response to the predetermined event. Furthermore, a reaction is performed, based on the determination.

Abstract: A system for protecting an electronic device against malware includes a memory, an operating system configured to execute on the electronic device, and a below-operating-system security agent. The below-operating-system security agent is configured to trap an attempted access of a resource of the electronic device, access one or more security rules to determine whether the attempted access is indicative of malware, and operate at a level below all of the operating systems of the electronic device accessing the memory. The attempted access includes attempting to write instructions to the memory and attempting to execute the instructions.

Abstract: A particular activity performed by a particular user of a computing device is identified, for instance, by an agent installed on the computing device. It is determined that the particular activity qualifies as a particular use violation in a plurality of pre-defined use violations. A behavioral risk score for the particular score for the user is determined based at least in part on the determination that the particular activity of the particular user qualifies as a particular use violation. Determining that the particular activity qualifies as a particular use violation can include determining that the particular activity violates a particular rule or event trigger corresponding to a particular pre-defined use violation.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to include an authentication module. The authentication module can be configured to receiving a request to access an electronic device, where the electronic device is separate from the authentication module, collect authentication data, communicate the authentication data to a network element, receive an authentication key, and communicate the authentication key to the electronic device.

Abstract: This disclosure describes systems, methods, and computer-readable media related to an incident response tool using data exchange layer. In some embodiments, a data collector may be generated by an incident response server. The incident response server may transmit a data collector to multiple broker servers, where each broker server may transmit the data collector to multiple user devices associated with the broker server. The incident response server may receive data from the data collectors executing on the user devices and may analyze the received data.

Abstract: In an example, there is disclosed a computing apparatus, having: a network interface; and one or more logic elements providing a name management engine, operable to: receive a self-assigned name registration request for a name N1 from an endpoint device via the network interface; compare N1 to a database of registered names; determine that the name has not been registered; and sign a certificate for N1. The engine is further operable to determine that the name has been registered, and send a notification that the name is not available. There is also disclosed a computer-readable medium having executable instructions for providing a name management engine, and a method of providing a name management engine.

Abstract: Technologies for providing electronic security to a first network are disclosed. The system may include a user equipment, a gateway device configured to mediate communication between a first network and a second network for the user equipment, and an electronic security device communicatively coupled to the gateway device. The electronic security device may include a gateway interface module configured to assume an identity associated with the gateway device, a network interface module configured to present the identity to the second network, and a traffic inspection module configured to monitor traffic without substantially affecting a topology of the first network, wherein the electronic security device is configured to identify undesirable traffic; and implement a security policy.

Abstract: A method in an example embodiment includes correlating a first set of event data from a private network and determining a local reputation score of a host in the private network based on correlating the first set of event data. The method further includes providing the local reputation score of the host to a security node, which applies a policy, based on the local reputation score of the host, to a network communication associated with the host. In specific embodiments, the local reputation score of the host is mapped to a network address of the host. In further embodiments, the first set of event data includes one or more event indicators representing one or more events, respectively, in the private network. In more specific embodiments, the method includes determining a local reputation score of a user and providing the local reputation score of the user to the security node.

Abstract: Opportunistic scans can be performed by identifying, using at least one processing device, a detection of a particular computing device on a network of a computing environment. At least one scan to be performed on the detected particular computing device can be is identified and a particular scan engine, in a plurality of scan engines, is identified that is adapted to perform the at least one scan. The at least one scan is caused to be performed on the detected particular computing device while the detected particular computing device is on the network using the particular scan engine.

Abstract: A method is provided in one example embodiment that includes receiving metadata from a host over a metadata channel. The metadata may be correlated with a network flow and a network policy may be applied to the connection. In other embodiments, a network flow may be received from a host without metadata associated with the flow, and a discovery redirect may be sent to the host. Metadata may then be received and correlated with the flow to identify a network policy action to apply to the flow.

Abstract: A technique allows for memory bounds checking for dynamically generated code by using transactional memory support in a processor. The memory bounds checking includes creating output code, identifying read-only memory regions in the output code and creating a map that is provided to a security monitoring thread. The security monitoring thread executes as a transaction and determines if a transactional conflict occurs to the read-only memory region during parallel execution of a monitored thread in the output code.

Abstract: The present disclosure relates to a system and method for providing a secure context exchange cloud service which enables context information to be shared among devices, and providing a safety application which utilizes the context information being shared. In one example, the context exchange cloud service provides secure exchange of the context information, which in turn enables a safety application to enhance personal safety.

Abstract: In accordance with one embodiment of the present disclosure, a method for determining the similarity between a first data set and a second data set is provided. The method includes performing an entropy analysis on the first and second data sets to produce a first entropy result, wherein the first data set comprises data representative of a first one or more computer files of known content and the second data set comprises data representative of a one or more computer files of unknown content; analyzing the first entropy result; and if the first entropy result is within a predetermined threshold, identifying the second data set as substantially related to the first data set.

Abstract: The present disclosure relates to a system and method for providing conditional login promotion. An example system includes at least one processor and at least one memory element, wherein the system is configured for receiving an indication of a local operating system login by a user from a client device associated with the user; receiving one or more authentication factors associated with the user from the client device; and determining whether the local operating system login is to be promoted to a relying party entity based upon the one or more authentication factors associated with the user.

Abstract: Technologies are provided in embodiments to protect private data. Embodiments are configured to intercept a network flow en route from a server to a client device, identify a request for a private data item in an object of the network flow, identify the private data item in a data store, provide, to the client device, a modified object including an authorization request, and send the private data item to the server when valid authorization information is received. Embodiments are also configured to receive authorization information from the client device, determine whether the authorization information is valid, and obtain the private data item if the authorization information is determined to be valid. Embodiments may also be configured to determine an unlocking mechanism for the private data item, and create a modified object including the authorization request based, at least in part, on the unlocking mechanism.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive registration data for a local network device, receive registration data for an electronic device, receive a request to pair the local network device and the electronic device, where the request to pair the devices includes a pairing code, and allow the pairing if the registration data for the local network device, the registration data for the electronic device, and the pairing code satisfies predetermined conditions.

Abstract: A system, method, and computer program product are provided for identifying unwanted data based on an assembled execution profile of code. In use, an execution profile of code is assembled by tracking interface usage of the code. Further, it is determined whether the code is associated with unwanted activity, based on the execution profile.

Abstract: A method for detecting malware includes the steps of identifying a one or more open network connections of an electronic device, associating one or more executable objects on the electronic device with the one or more open network connections of the electronic device, determining the address of a first network destination that is connected to the open network connections of the electronic device, receiving an evaluation of the first network destination, and identifying one or more of the executable objects as malware executable objects. The evaluation includes an indication that the first network destination is associated with malware. The malware executable objects includes the executable objects that are associated with the open network connections that are connected to the first network destination.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive a request to share data, determine metadata for the data to be shared, communicate the metadata to a social drive, where the social drive is separate from the electronic device and the data is not located on the social drive, and communicate the shared data to a member of the social drive when the member requests the data.

Abstract: A technique for detecting malware in an executable allows unpacking of a packed executable before determining whether the executable is malware. In systems with hardware assisted virtualization, hardware virtualization features may be used to iteratively unpack a packed executable in a controlled manner without needing knowledge of a packing technique. Once the executable is completely unpacked, malware detection techniques, such as signature scanning, may be employed to determine whether the executable contains malware. Hardware assisted virtualization may be used to facilitate the scanning of the run-time executable in memory.