Abstract: A computer-implemented method for managing application availability. The method may include identifying an application running on a first cluster node of a failover cluster and copying configuration data of the application to a storage location accessible by a second cluster node of the failover cluster. The method may also include detecting failure of the first cluster node, restoring the configuration data to the second cluster node, and executing the application on the second cluster node in accordance with the configuration data. Various other methods, systems, and computer-readable media are also disclosed herein.

Abstract: A method for managing offline authentication. The method may include 1) identifying an attempt, by a user, to access a client device, wherein accessing the client device requires the user to be authenticated, 2) determining whether the client device is offline, 3) in response to determining that the client device is offline, authenticating the user using offline authentication, wherein offline authentication does not require an active network connection with a remote authentication service, 4) upon successful authentication of the user using offline authentication, allowing the user to access the client device, 5) monitoring the network-connection state of the client device, 6) detecting that the client device is online, and then 7) in response to detecting that the client device is online, locking the client device in order to require the user to reauthenticate using online authentication, wherein online authentication requires the active network connection with the remote authentication service.

Abstract: Quarantine periods longer than anticipated working lifetimes for phishing websites are used to protect users from phishing attacks. A central server or the like receives data indicating user attempts to submit confidential information to websites from a plurality of user computers. The received data is aggregated, and used to track website activity concerning solicitation of confidential information. The central server acquires and maintains current statistical data concerning phishing website lifetimes. The aggregated data concerning attempts by users to submit confidential information to websites and the current statistics concerning phishing website lifetimes are used to determine appropriate quarantine periods for websites, which can be enforced when users try to transmit confidential information to these websites.

Abstract: A method and apparatus for displaying logical information upon devices within a computer system. The method and apparatus include a logical volume information server coupled to a volume manager that provides the logical information that is created by the volume manager to at least one device. The at least one device comprise a logical volume information client that receives the logical information from the logical volume information server and displays that logical volume information upon the network or storage device. In this manner, an operator may quickly identify the logical information that corresponds to a physical device within a network or a storage appliance.

Abstract: A method and system for protecting identity information comprises determining identity information required by a resource utilized by a user, determining strength of the identity information used by the user to access the resource, and performing an action in view of the strength.

Abstract: A computer-implemented method may include (1) identifying a plurality of specific categories of sensitive information to be protected by a DLP system, (2) obtaining a training data set for each specific category of sensitive information that includes a plurality of positive and a plurality of negative examples of the specific category of sensitive information, (3) using machine learning to train, based on an analysis of the training data sets, at least one machine learning-based classifier that is capable of detecting items of data that contain one or more of the plurality of specific categories of sensitive information, and then (4) deploying the machine learning-based classifier within the DLP system to enable the DLP system to detect and protect items of data that contain one or more of the plurality of specific categories of sensitive information in accordance with at least one DLP policy of the DLP system.

Abstract: A computer-implemented method for data loss prevention may include (1) identifying a network configured with a data loss prevention system, (2) identifying a file subject to a data loss prevention assessment within the network, (3) identifying a source of the file, the source of the file causing an entry of the file onto the network, (4) determining, based on the source of the file, that the file is subject to a data loss prevention policy, and (5) applying the data loss prevention policy to the file based on the determination that the file is subject to the data loss prevention policy. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for adaptively preferring mirrors for read operations may include identifying a volume of data. The computer-implemented method may also include identifying a plurality of mirrors that mirror the volume of data. The computer-implemented method may further include identifying a storage property of at least one mirror in the plurality of mirrors. The computer-implemented method may additionally include identifying at least one attempt to read from the volume of data. The computer-implemented method may also include selecting the mirror for fulfilling the read attempt based at least in part on the storage property of the mirror. The computer-implemented method may further include fulfilling the read attempt from the selected mirror. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computing device categorizes data items as a corporate data items when a first criterion is satisfied and as personal data items when a second criterion is satisfied. The computing device provides identified corporate data items to a first backup system that stores the corporate data items to a corporate data store. The computing device further provides identified personal data items to a second backup system that stores the personal data items to a personal data store.

Abstract: A computing device receives a training data set that includes a plurality of positive examples of sensitive data and a plurality of negative examples of sensitive data via a user interface. The computing device analyzes the training data set using machine learning to generate a machine learning-based detection (MLD) profile that can be used to classify new data as sensitive data or as non-sensitive data. The computing device displays a quality metric for the MLD profile in the user interface.

Abstract: Data blocks are copied from a source (e.g., a source virtual disk) to a target (e.g., a target virtual disk). The source virtual disk format is preserved on the target virtual disk. Offsets for extents stored in the target virtual disk are converted to offsets for corresponding extents in the source virtual disk. A map of the extents for the source virtual disk can therefore be used to create, for deduplication, segments of data that are aligned to boundaries of the extents in the target virtual disk.

Abstract: A computer-implemented method for detecting a process to establish a backdoor connection with the computer is described. An application programming interface (API) is hooked. Calls to the hooked API are monitored. A call directed to the hooked API is intercepted. The call instructs the API to initiate a user interface. Structures included in the intercepted call are analyzed. The intercepted call is prevented from arriving at the hooked API if the structures are directed to a socket on the computer.

Abstract: A computer-implemented method for detecting potentially malicious content within NFC messages may include identifying an NFC message received by a mobile device via wireless transmission from an NFC device located in proximity of the mobile device. The method may also include determining that the NFC message is formatted in a suspicious format type capable of importing potentially malicious content into the mobile device and then scanning the NFC message for potentially malicious content in response to the determination. The method may further include detecting at least one instance of potentially malicious content while scanning the NFC message. In addition, the method may include performing at least one security action on the mobile device in response to the detection of the instance of potentially malicious content within the NFC message. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: File reputations are used to identify malicious file sources. Attempts to access files from external sources are monitored. For each monitored attempt to access a file, a reputation of the specific file is determined. Responsive to a determined reputation of a file meeting a threshold, the file is adjudicated to be malicious. Attempts by sources to distribute malicious files are tracked. Responsive to tracked attempts by sources to distribute malicious files, reputations of file sources are determined. Responsive to a determined reputation of a source meeting a threshold, the source is adjudicated to be malicious, and files the source distributes are analyzed to determine whether they comprise malware. Malicious sources are blocked. Malware and malicious sources are analyzed to identify exploits and distribution patterns.

Abstract: A mechanism for evaluating the security posture of a computer system is described. In one embodiment, a method includes receiving data representing an event associated with a security component operating in an endpoint device, analyzing the received data to determine a score to assign to the event and a weighting factor to apply to the assigned score, updating a security component score of the security component with the assigned weighted score for the event, updating an overall security score for the endpoint device with the updated security component score, and providing the updated overall security score to an analysis component.

Abstract: A method for fast I/O path failure detection and cluster wide failover. The method includes accessing a distributed computer system having a cluster including a plurality of nodes, and experiencing an I/O path failure for a storage device. An I/O failure message is generated in response to the I/O path failure. A cluster wide I/O failure message broadcast to the plurality of nodes that designates a faulted controller. Upon receiving I/O failure responses from the plurality of nodes, an I/O queue message is broadcast to the nodes to cause the nodes to queue I/O through the faulted controller and switch to an alternate controller. Upon receiving I/O queue responses from the plurality of nodes, an I/O failover commit message is broadcast to the nodes to cause the nodes to commit to a failover and un-queue their I/O.

Abstract: Installer package information is presented to a user in response to an attempted installation of an application on an endpoint. The attempted installation is detected and the installer package is identified to an information server. The installer package may be identified using a hash key or other unique identifier. In response, the information server provides to the endpoint information associated with the identified installer package based on information received from a plurality of other endpoints. The endpoint may also provide installation and application information related to the installer package to the information server. In one embodiment, when the information server obtains more than the threshold amount of information for an installer package, the information server may analyze the information and provide the analysis to requesting endpoints. The analysis may include the risk or performance impact of the installer package, or the category or functionality of the application.

Abstract: Sensitive file accessing trends can be visually represented. In one embodiment, the present invention includes receiving, in a graphical user interface (GUI), a first user input indicating a selection of one folder from a plurality of folders, and identifying a plurality of sensitive files in the selected folder using one or more data loss prevention policies. In one embodiment access usage data for the sensitive files can be obtained and the number of users accessing the sensitive files within a plurality of time intervals can be determined using the access usage data. Finally, a usage trend representation comprising a visual illustration of the number of users accessing the sensitive files within each of the plurality of time intervals can be displayed to a user.

Abstract: A computer-implemented method for recovering primary sites after failovers to remote secondary sites may include: 1) identifying a primary system configured to replicate data to both a local bunker system and a remote secondary system, 2) failing the primary system over to the remote secondary system, 3) replicating, to the local bunker system, data changes made on the remote secondary system, and then 4) updating the primary system with the data changes stored on the local bunker system. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method to detect power consumption of a computing device is described. At least one component of the computing device is identified to monitor. A state of the identified component is determined. A database is accessed to determine a power consumption rate of the identified component. The power consumption rate is based on the determined state of the component. An overall power consumption value of the computing device is calculated based on a power consumption rate for each monitored component of the computing device.