Abstract: A computer program product is embodied on a non-transitory computer readable medium. The computer program product comprises computer code to display a plurality of first indicia presented in a list, where each first indicia indicates a software product, and computer code to display a second indicia associated with a highlighted one of the first indicia. The second indicia comprises information about the software product indicated by the highlighted first indicia. The computer program product additionally comprises computer code to display a third indicia associated with the highlighted first indicia and indicate the availability of a software update for the software product indicated by the highlighted first indicia, and computer code to display a fourth indicia associated with the highlighted first indicia. The fourth indicia facilitates the retrieval of the software update.

Abstract: An opportunity for a computing device to participate in a secure session with a particular domain is identified. A domain identifier of the particular domain is received and a secured microcontroller of the computing device is used to identify a secured, persistent hardware identifier of the computing device stored in secured memory of the computing device. A secure identifier is derived for a pairing of the computing device and the particular domain based on the hardware identifier and domain identifier of the particular domain and the secure identifier is transmitted over a secured channel to the particular domain. The particular domain can verify identity of the computing device from the secure identifier and apply security policies to transactions involving the computing device and the particular domain based at least in part on the secure identifier.

Abstract: A system, method, and computer program product are provided for preventing a modification to a domain name system setting. In use, an attempt to modify a domain name system setting is detected. Additionally, a source of the attempt and an attribute of the modification are verified. Further, the modification to the domain name system setting is prevented, based on the verification.

Abstract: A method, system, and computer program product for protecting a computer system provides bootstrap operating system detection and recovery and provides the capability to detect malware, such as rootkits, before the operating system has been loaded and provides the capability to patch malfunctions that block the ability of the computer system to access the Internet. A method for protecting a computer system includes reading stored status information indicating whether network connectivity was available the last time an operating system of the computer system was operational, when the stored status information indicates that network connectivity was not available, obtaining a software patch, and executing and applying the software patch.

Abstract: Technologies for securing an electronic device include trapping an attempt to access a secured system resource of the electronic device, determining a module associated with the attempt, determining a subsection of the module associated with the attempt, the subsection including a memory location associated with the attempt, accessing a security rule to determine whether to allow the attempted access based on the determination of the module and the determination of the subsection, and handling the attempt based on the security rule. The module includes a plurality of distinct subsections.

Abstract: Systems and methods allow a user to select one or more applications that are intended to be downloaded to a device (e.g., phone, tablet, PC) and create an emulation environment for testing aspects of the one or more applications prior to download. The emulation environment can be virtual (via emulation or virtual machine) or instrumented by remotely controlling actual hardware. Metrics collected from the emulation environment can include security and usability related aspects of the applications. Interaction between the applications themselves, the applications and other resources, and the user and the applications (e.g., configuration preferences, usage patterns) can be monitored by systems facilitating hosting of the emulation environment. For example, collected metrics can be used to create a measure for security, reputation, user-preference, etc. regarding the applications. Metrics can be shared amongst other potential users to assist in their purchase or usage of the applications.

Abstract: A pluggable asset detection engine is used to identify devices within a network. The pluggable asset detection engine includes a set of pluggable discovery sensors and is adapted to identify particular address information of a particular computing device within a network, using a first pluggable discovery sensor in the set of discovery sensors, and send an identification of the particular address information of the particular computing device to an asset management system for inclusion of the particular address information in an asset repository managed by the asset management system.

Abstract: A brokered authentication request is received corresponding to an interaction between a particular user and a particular online entity. An identity provider corresponding to the particular user is identified that stores user data identifying the particular user. Confirmation is received that the identity provider has authenticated the particular user to a user profile maintained by the identity provider and a unique persistent user identifier is generated for the particular user that is unique within a system to a pairing of the first user with the first entity. The user identifier is caused to be communicated to the first entity for authenticating the first user in interactions with the first entity.

Abstract: A first computing device is detected as substantially collocated with a wireless storage device, using a short-range wireless communication network. A connection is established between the first computing device and the wireless storage device over the short-range wireless network. Data stored in memory of the wireless storage device is sent from the wireless storage device to the first computing device over the short-range wireless network for a presentation of the data using a user interface of the first computing device. The wireless storage device lacks user interfaces for the presentation of the data. In some instances, authentication of either or both of the first computing device or wireless storage device can be accomplished through communication between the first computing device and wireless storage device over the short-range wireless communication network.

Abstract: A system, method, and computer program product are provided for isolating a device associated with at least potential data leakage activity, based on user input. In operation, at least potential data leakage activity associated with a device is identified. Furthermore, at least one action is performed to isolate the device, based on user input received utilizing a user interface.

Abstract: A computer method and a system for detecting the file type of an electronic file, the method including the steps of: (a) using a predetermined number of bytes at the beginning of the file to create a list of probable file types; (b) testing the file against a detection rule for each file type in the list until a match is found; if no match is found (c) testing the file against other known detection rules for file types to find a match.

Abstract: A security agent configured to execute on the electronic device at a level below all of the operating systems of the electronic device accessing the memory or a storage of the electronic device may be further configured to: (i) access one or more security rules to determine a criteria by which an attempted access involving a transfer of content between the memory and the storage of an electronic device will be trapped; (ii) if the criteria is met, trap, at a level below all of the operating systems of the electronic device, attempted access of data between memory and storage of an electronic device; and (iii) analyze, at a level below all of the operating systems of the electronic device, information associated with the attempted access to determine if the attempted access was affected by malware

Abstract: A particular set of attributes of a particular computing device is identified. A first plurality of whitelisted objects is identified in a global whitelist corresponding to the particular set of attributes. A particular whitelist is generated to include the identified set of whitelisted objects, the particular whitelist tailored to the particular computing device. In some aspects, device-tailored updates to the particular whitelist are also generated.

Abstract: A request is received for a brokered shipment from a particular entity to an anonymous user. A shipping identifier is obtained from a shipping entity, on behalf of the particular entity, for the shipment from the particular entity to the anonymous user. The shipping identifier is communicated to the particular entity and the shipping identifier is associated with a unique user identifier unique, within a system, to a pairing of the anonymous user with the particular entity. Address information of the anonymous user is unknown to the particular entity, and address information is obtained from the shipping entity for the anonymous user. In some aspects, address information of the particular user is received from a second entity and applied to the shipment identifier in connection with delivery of the shipment to the particular user.

Abstract: A network security appliance uses a switch to switch packets between cores configured for fast path processing and slow path processing. The switch duplicates packets for delivery to the slow path processing cores, eliminating the need for the fast path processing cores to expend processor resources on packet duplication. The switch can use IEEE 802.1ad Q-in-Q VLAN tags in the packet to perform the switching and packet duplication. Slow path processing cores may also broadcast packets to other slow path processing cores via the switch.

Abstract: A method, apparatus, and system is described for distributing a rule to a distributed capture system and storing the rule in a global configuration database, wherein the rule defines an action for the distributed capture system to perform regarding packets intercepted by the distributed capture system.

Abstract: A first computing device running a particular program is used to identify a second computing device also running the particular program and substantially co-located with the first computing device in a particular physical location. The first computing device and the second computing device are joined in a use session of the particular program. It is determined that the first computing device displays a first user interface of the particular program at a first instance, the first user interface showing a first context in a plurality of contexts. The second computing device displays a second user interface of the particular program at the first instance based at least in part on the first user interface showing the first context, the second user interface showing a second context in the plurality of contexts.

Abstract: A system and method in one embodiment includes modules for creating an asset tag including one or more conditions of an asset on a network, adding the asset tag to an asset report template, and generating an asset report from the asset report template. More specific embodiments include creating the asset tag by generating a query for the one or more conditions. The asset tag may include a second asset tag configured to be updated automatically, and a third asset tag configured to be updated manually, and the second asset tag may be updated automatically when the asset tag is updated. Other embodiments include creating a vulnerability set including a selection of vulnerabilities from a plurality of vulnerabilities, adding the vulnerability set to the asset report template, and scanning a plurality of assets on the network.

Abstract: A system and method of detecting malware. A program file is received and analysis performed to identify URLs embedded in the program file. The URLs are categorized as a function of a URL filter database and a malware probability is assigned to each URL identified. A decision is made on how to dispose of the program file as a function of the malware probability of one or more of the URLs identified. In one example approach, a malware type is also assigned to the program file as a function of one or more of the URLs identified.

Abstract: A system, method and computer program product are provided. In use, a checksum associated with electronic content is calculated. Further, a domain name service (DNS) server is queried utilizing the checksum. In response to the query, information is received from the DNS server which relates to the electronic content.