Abstract: The invention provides methods and systems for detecting exploits. A received file is examined to determine whether or not it corresponds to any of one or more predetermined models of normal file types. If the received file does not correspond to any of the one or more predetermined models of normal file types, it is flagged as a potential exploit.

Abstract: The invention provides systems and methods for securely transmitting data between a roaming computer and a managed network service over a shared public network. A secure connection is created between the roaming computer and a server computer that hosts or acts as a secure gateway to the managed network service. The connection is set up and established by a client agent installed on the roaming computer and a connection component of the managed service on the server computer. The client agent and the connection component of the managed service operate, on an initial request from the roaming computer to the managed service to negotiate the secure connection using certificate-based client authentication. The client certificate preferably includes user-specific attributes that can be extracted by the connection component and made available to the managed service to apply processing rules specific to the user.

Abstract: The invention provides systems and methods for securely transmitting data between a roaming computer and a managed network service over a shared public network. A secure connection is created between the roaming computer and a server computer that hosts or acts as a secure gateway to the managed network service. The connection is set up and established by a client agent installed on the roaming computer and a connection component of the managed service on the server computer. The client agent and the connection component of the managed service operate, on an initial request from the roaming computer to the managed service to negotiate the secure connection using certificate-based client authentication. The client certificate preferably includes user-specific attributes that can be extracted by the connection component and made available to the managed service to apply processing rules specific to the user.

Abstract: Methods and systems for communicating information between computer networks in which the information to be communicated is required at one location (e.g. for processing) but only available at another location. The information may be absent deliberately (for privacy reasons) or may simply be unavailable as an artifact of the computer network(s) involved. The required information, such as the internal client IP address, is inserted into the outgoing network communication in a manner that does not to materially affect the normal transit or utility of the network communication (e.g. as custom headers). The information is preferably inserted in an encrypted form, so that it may pass over a public network and be invulnerable to unauthorised scrutiny.

Abstract: The invention provides methods and systems for detecting exploits. A received file is examined to determine whether or not it corresponds to any of one or more predetermined models of normal file types. If the received file does not correspond to any of the one or more predetermined models of normal file types, it is flagged as a potential exploit.

Abstract: Methods and systems provide for sharing information between computer networks in which the information to be shared is required at one location (e.g. for the provision of a data-processing service) but is only available at a separate location. The information may be deliberately absent (e.g. for privacy reasons) or may be unavailable as an artifact of the computer network(s) involved. For the provision of a data-processing service, where several different devices on one network may service contiguous requests from a client device on another network according to a load-balancing strategy, data is propagated once only through the service network. Network communication software is subsequently amended to provide the minimal information necessary for a device on the service network to retrieve the information pertinent to the client device and necessary for its service. Therefore, a web-based single sign-on scheme can operate over HTTP to authorize data-processing services, such as web-filtering services.

Abstract: The invention provides systems and methods for securely transmitting data between a roaming computer and a managed network service over a shared public network. A secure connection is created between the roaming computer and a server computer that hosts or acts as a secure gateway to the managed network service. The connection is set up and established by a client agent installed on the roaming computer and a connection component of the managed service on the server computer. The client agent and the connection component of the managed service operate, on an initial request from the roaming computer to the managed service to negotiate the secure connection using certificate-based client authentication. The client certificate preferably includes user-specific attributes that can be extracted by the connection component and made available to the managed service to apply processing rules specific to the user.

Abstract: Methods and systems for communicating information between computer networks in which the information to be communicated is required at one location (e.g. for processing) but only available at another location. The information may be absent deliberately (for privacy reasons) or may simply be unavailable as an artefact of the computer network(s) involved. The required information, such as the internal client IP address, is inserted into the outgoing network communication in a manner that does not to materially affect the normal transit or utility of the network communication (e.g. as custom headers). The information is preferably inserted in an encrypted form, so that it may pass over a public network and be invulnerable to unauthorised scrutiny.