Abstract: In embodiments of the present invention improved capabilities are described for virtual machine scan optimization.

Abstract: A computer program product embodied in a non-transitory computer readable medium that reduces computer file system access time associated with on-access scanning in a computing facility by receiving file access information describing a pattern of access of each accessed computer file, processing the file access information to generate a file access performance cost statistic for each of the accessed computer files, maintaining the file access performance cost statistic for each of the files, generating a file access performance cost mapping of the computing facility's file system relating to the computer files, generating a locality statistic from the performance cost map of a probability that the second computer file will be accessed near the time that the first computer file is accessed, and pre-scanning the second computer file when the probability is high that the second computer file will be accessed when that first computer file has been accessed.

Abstract: In embodiments of the present invention improved capabilities are described for providing protected computer communications. The present invention may provide for computer communications where in response to a receipt of a communication at a first computing facility from a second computing facility, the first computing facility may be caused to send a request to a compliance center for security compliance information relating to the second computing facility. In response to the request for security compliance information, the first computing facility may receive compliance information related to the second computing facility, which may cause the first computing facility to perform an action regulating further communications from the second computing facility if the second computing facility security compliance information indicates that the second client computing facility is not compliant with a current security policy.

Abstract: In embodiments of the present invention improved capabilities are described for the steps of identifying a functional code block that performs a particular function within executable code; transforming the functional code block into a generic code representation of its functionality by tokenizing, refactoring, or the like, the functional code block; comparing the generic code representation with a previously characterized malicious code representation; and in response to a positive correlation from the comparison, identifying the executable code as containing malicious code.

Abstract: In embodiments of the present invention improved capabilities are described for improving network quality of service, such as through controlling the bandwidth consumed by a client computing facility. To affect this, the software applications operating through the client computing facility may be identified to determine which applications are requesting network access, and confirming which are permitted only restricted bandwidth when making network communications. The requesting software application that is permitted only restricted bandwidth may then be allowed to make the network communications through a bandwidth restricted network connection.

Abstract: In embodiments of the present invention improved capabilities are described for providing data protection through the detection of tags associated with data or a file. In embodiments the present invention may provide for a step A, where data may be scanned that is intended to be communicated from the client computing facility. In response to step A, at step B, restricted data may be identified by identifying an absence of a tag associated with the data. And finally, in response to step B, at step C, an interruption to the intended communication may be caused.

Abstract: In embodiments of the present invention improved capabilities are described for systems, methods, and devices that determine whether a website request is from a proxy website or an anonymizer. Embodiments intercept a website request from an end point; identify at least one cookie present in said website request; analyze a predetermined characteristic of said website request, where the predetermined characteristic associated with the cookie; and apply a rule corresponding to said predetermined characteristic to make the determination as to whether the request is from a proxy website or anonymizer.

Abstract: In embodiments of the present invention improved capabilities are described for accessing a DNS server, where the DNS server may be a DNS server within the control of a administrator. A pair of name and IP address may be stored on the DNS server. A client may then transmit the name to a DNS server to request the DNS server to lookup the IP address related to the client transmitted name. This client to DNS server communication may be performed as part of a network request from the client. The IP address may then be returned to the client in response to the connection request, which may allow the client to interpret the return of the security IP address as an indication of a known DNS server and therefore a known network. As a result, the client may then be able to set its security rules according to known network rules.

Abstract: Certain embodiments of the present invention provide methods and systems for software classification. Certain embodiments provide a method for identification of malware. Certain embodiments provide a method for identification of unwanted software. The method includes identifying one or more functional blocks and/or properties of software. The method further includes identifying genes in the functional blocks and/or properties. The method also includes matching the resulting list of genes against one or more combinations of classifications of groupings of genes. Additionally, the method includes classifying the software. Certain embodiments provide a method for generating classifications. The method includes identifying functional blocks and/or properties. Furthermore, the method includes combining a plurality of genes to form a classification.

Abstract: In embodiments of the present invention improved capabilities are described for contextual information caused to be attached to data as it passes through a series of computing devices, the contextual information relating to the series of computing devices. The data and the contextual information may then be scanned to determine if the data is a target data. In response to the identification of a target data, the contextual information may be communicated to a central repository. The contextual information may then be analyzed in relation to other information stored in the central repository to determine a target source.

Abstract: In embodiments of the present invention improved capabilities are described for scanning a data set for the presence of a target string. The data set may be received at a computing facility and cause a scanning program to execute. A first character pair in the data set may be identified where each character making up the first character pair is identified in a vector map. It may then be confirmed that the first character pair matches a positive indicated bitmask in a bitmap matrix, and verify that the position of the first character pair matches a position of a matching character pair in the target string. An action may be caused to be taken as a result of the verification.

Abstract: In embodiments of the present invention, improved capabilities are described for a method presenting a client, providing client information and requesting an IP address from a DHCP server, where the DHCP server may formulate a first IP assignment and a first multiple DHCP options. A policy management facility may be associated with the interception of the first IP assignment and the first multiple DHCP options, which may result in the first IP assignment and the first multiple DHCP options not being sent to the client. The method may send client information to the policy management facility. The policy management facility may formulate a second multiple DHCP options and may send it to the DHCP server. The DHCP server may change first IP assignment and first multiple DHCP option to a second IP assignment and the second multiple DHCP options. The second IP assignment and the second multiple DHCP options may then be forwarded to the client.

Abstract: In embodiments of the present invention improved capabilities are described for the detection of uncategorized web-based proxy sites, where an action may be provided in association with access to restricted network locations. In a step A, a network location access request may be received from a computing facility. In a step B, a URL database may be assessed that contains categorized URLs and it may be determined that a URL associated with the network location access request is previously uncategorized URL. In a step C, it may be determined that the URL associated with the network location access request includes a secondary URL. In a step D, the URL database may be accessed that contains categorized URLs and it may be determined that the client is restricted from accessing the secondary URL. In a step E, the action may be provided in association with the network location access request as a previously uncategorized proxy website when steps B, C, and D are all met.

Abstract: In embodiments of the present invention, improved capabilities are described for a method presenting a client, providing client information and requesting an IP address from a DHCP server, where the DHCP server may formulate a first IP assignment and a first multiple DHCP options. A policy management facility may be associated with the interception of the first IP assignment and the first multiple DHCP options, which may result in the first IP assignment and the first multiple DHCP options not being sent to the client. The method may send client information to the policy management facility. The policy management facility may formulate a second multiple DHCP options and may send it to the DHCP server. The DHCP server may change first IP assignment and first multiple DHCP option to a second IP assignment and the second multiple DHCP options. The second IP assignment and the second multiple DHCP options may then be forwarded to the client.

Abstract: In embodiments of the present invention improved capabilities are described for predicting the reputation of a communication identifier, such as a web address, a domain name, an IP address, host name, email address, IM address, telephone number, VoIP telephony address, and the like. In embodiments, the present invention may receive a communication from a first communication identifier, parse the first communication identifier into its components, and assign the components to a hierarchical tree structure, where the hierarchical tree structure maintains the hierarchical relationship between the components of the communication identifier. The present invention may monitor and keep count of a number of communications from the first communication identifier, wherein the number of communications may be kept for both malicious and/or unwanted communications and non-malicious and/or unwanted communications.

Abstract: User interface and policy loading aspects of a policy-based, outsourced, network management system. In one aspect, a user selects policies using a graphical user interface (GUI) with a two paned window having a tree view of the policies in one pane. In another aspect, the policies are (1) created in the GUI format (e.g., XML), (2) sent over a network (e.g., the internet) to a service center in the same format, and (3) are loaded, manipulated and stored in the same format. In another aspect, the initial loading of the policies is done using a bulk loader in a logic layer. In another aspect, the logic layer also includes a configuration checker which handles changes or additions to policies in a finished network management system. Any aspects of the new or changed policy that are inconsistent with the finished system are parsed and stripped out. In another aspect, where the details of a new policy or change aren't specified, a base configuration creator creates a policy with minimal attributes.

Abstract: User interface and policy loading aspects of a policy-based, outsourced, network management system. In one aspect, a user selects policies using a graphical user interface (GUI) with a two paned window having a tree view of the policies in one pane. In another aspect, the policies are (1) created in the GUI format (e.g., XML), (2) sent over a network (e.g., the internet) to a service center in the same format, and (3) are loaded, manipulated and stored in the same format. In another aspect, the initial loading of the policies is done using a bulk loader in a logic layer. In another aspect, the logic layer also includes a configuration checker which handles changes or additions to policies in a finished network management system. Any aspects of the new or changed policy that are inconsistent with the finished system are parsed and stripped out. In another aspect, where the details of a new policy or change aren't specified, a base configuration creator creates a policy with minimal attributes.

Abstract: Certain embodiments of the present invention provide methods and systems for providing access to network content. Certain embodiments provide a proxy system for providing access to network content. The system includes a content retriever for retrieving a first content on a network. The content retriever is configured to pre-fetch additional content linked or connected to the first content. The system also includes a content analyzer for analyzing the first content and the pre-fetched additional content according to a content policy and allowing access to the first content and the pre-fetched additional content in accordance with the content policy. The system further includes a content renderer for rendering allowed content for provision to a user upon user request. The renderer can also modify links to content based on a status of the linked content.

Abstract: Certain embodiments of the present invention provide methods and systems for dynamic classification of electronic vendors. Certain embodiments provide a method for dynamic vendor classification. The method includes analyzing a vendor based on a comparison of vendor features; categorizing the vendor based on the analysis; and permitting access to the vendor according to the categorization of the vendor. The categorization may include trusted, not trusted, or unsure, for example. Analysis may include comparing a first outlet of the vendor with a second outlet of the vendor, for example. Analysis may include comparing an outlet of the vendor with an outlet of a second vendor, for example. A vendor may be defined as a particular outlet for a vendor and/or all outlets associated with a vendor (a vendor entity).

Abstract: Certain embodiments of the present invention provide methods and systems for providing access to network content. Certain embodiments provide a proxy system for providing access to network content. The system includes a content retriever for retrieving a first content on a network. The content retriever is configured to pre-fetch additional content linked or connected to the first content. The system also includes a content analyzer for analyzing the first content and the pre-fetched additional content according to a content policy and allowing access to the first content and the pre-fetched additional content in accordance with the content policy. The system further includes a content renderer for rendering allowed content for provision to a user upon user request. The renderer can also modify links to content based on a status of the linked content.