Abstract: A method of accomplishing two-factor user authentication, comprising providing two separate user authentication methods, enabling a user to communicate authentication data for both authentication methods to a first web site using the internet, and enabling the communication of at least some of the authentication data from the first web site to a second web site also using the internet. Both web sites are thus involved in user authentication using the authentication data.

Abstract: The present invention is directed to systems and methods for enhancing electronic communication security. An electronic communication related to an application is received and stored. One or more risk assessments are made with respect to the received communication thereby generating a risk profile associated with the communication. The risk profile is analyzed with respect to data associated with previously received communications to determine if the received communication is anomalous. If the received communication is determined to be anomalous, an anomaly indicator signal is output.

Abstract: Various embodiments, including a method comprising creating a first fuzzy fingerprint of a known malware file, the first fuzzy fingerprint including a first set of calculated complexity approximations and weightings for each of a plurality of blocks within the known malware file, creating a second fuzzy fingerprint of a file to be checked, the second fuzzy fingerprint including a second set of calculated complexity approximations and weightings for each of a plurality of blocks within the file to be checked, comparing the second fuzzy fingerprint to the first fuzzy fingerprint, calculating a similarity probability for each of the block-wise comparisons, the calculation including a respective weightings for each of the plurality of blocks within the known malware file and for each of the plurality of blocks within the file to be checked, and the calculation including a distance between the compared blocks; and calculating an overall similarity probability for the plurality of blocks compared.

Abstract: Methods and systems for processing electronic communications based upon reputation. Reputation of an entity associated with the electronic communication can be generated. The communication can be placed in a queue based upon the reputation. The queued communication can be processed based upon updated information about the entity.

Abstract: Methods and systems for operation upon one or more data processors for detecting image spam by detecting an image and analyzing the content of the image to determine whether the incoming communication comprises an unwanted communication.

Abstract: Methods and systems for operation upon one or more data processors for throttling connections based upon reputation of the entity requesting connection.

Abstract: Methods and systems for operation upon one or more data processors for assigning a reputation to a messaging entity by analyzing the attributes of the entity, correlating the attributes with known attributes to define relationships between entities sharing attributes, and attributing a portion of the reputation of one related entity to the reputation of the other related entity.

Abstract: Methods and systems for operation upon one or more data processors for efficiently processing communications based upon reputation of an entity associated with the communication.

Abstract: Methods and systems for assigning reputation to communications entities include collecting communications data from distributed agents, aggregating the communications data, analyzing the communications data and identifying relationships between communications entities based upon the communications data.

Abstract: A network security modeling system which simulates a network and analyzes security vulnerabilities of the network. The system includes a simulator which includes a network vulnerabilities database and a network configuration module having network configuration data. The simulator determines vulnerabilities of the simulated network based on the network configuration data and the vulnerabilities database.

Abstract: The present invention is directed to systems and methods for detecting unsolicited and threatening communications and communicating threat information related thereto. Threat information is received from one or more sources; such sources can include external security databases and threat information data from one or more application and/or network layer security systems. The received threat information is reduced into a canonical form. Features are extracted from the reduced threat information; these features in conjunction with configuration data such as goals are used to produce rules. In some embodiments, these rules are tested against one or more sets of test data and compared against the same or different goals; if one or more tests fail, the rules are refined until the tests succeed within an acceptable margin of error. The rules are then propagated to one or more application layer security systems.

Abstract: Systems and methods for an associative policy model are provided. One embodiment of the present invention provides a method for implementing an associative policy. In this embodiment, the method includes providing a policy on a policy server, the policy having a service definition that contains first and second relational components, providing first and second network entities, operatively coupling the first and second network entities to the policy server, dynamically associating the first network entity with the second network entity (wherein such associating includes binding the first relational component of the service definition in the policy to the first network entity, and binding the second relational component of the service definition in the policy to the second network entity), and enforcing the policy on the first and second network entities.

Abstract: A system and method for defining and enforcing a security policy. Security mechanism application specific information for each security mechanism is encapsulated as a key and exported to a semantic layer. Keys are combined to form key chains within the semantic layer. The key chains are in turn encapsulated as keys and passed to another semantic layer. A security policy is defined by forming key chains from keys and associating users with the key chains. The security policy is translated and exported to the security mechanisms. The security policy is then enforced via the security mechanisms.

Abstract: An inventive security framework for supporting kernel-based hypervisors within a computer system. The security framework includes a security master, one or more security modules and a security manager, wherein the security master and security modules execute in kernel space.

Abstract: A novel system and method for transmitting and receiving secure data in a virtual private group (VPG). In one embodiment, a method for transmitting secure data from a first node to a second node includes accessing a group membership table on the first node, the group membership table having group membership information for each group, including a first group, to which the first node belongs and group security information associated with each group, wherein the first group has two or more members, and checking the group membership table to determine if the second node is a member of the first group. If the second node is a member of the first group, the method further includes encrypting a data packet using the group security information associated with the first group, processing the encrypted data packet, and transmitting the encrypted data packet from the first node to the second node.

Abstract: Methods and systems for operation upon one or more data processors for assigning reputation to web-based entities based upon previously collected data.

Abstract: Methods and systems for operation upon one or more data processors for aggregating reputation data from dispersed reputation engines and deriving global reputation information for use in handling received communications.

Abstract: The present invention is directed to systems and methods for detecting unsolicited and threatening communications and communicating threat information related thereto. Threat information is received from one or more sources; such sources can include external security databases and threat information data from one or more application and/or network layer security systems. The received threat information is reduced into a canonical form. Features are extracted from the reduced threat information; these features in conjunction with configuration data such as goals are used to produce rules. In some embodiments, these rules are tested against one or more sets of test data and compared against the same or different goals; if one or more tests fail, the rules are refined until the tests succeed within an acceptable margin of error. The rules are then propagated to one or more application layer security systems.