Abstract: Techniques for processing backup data for identifying and handling content are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for analyzing data for backup comprising analyzing data to identify target data, identifying target data, and handling the identified target data according to one or more pre-determined conditions.

Abstract: An embodiment of the present invention is directed to a method and system for making intelligent failover decisions within a server cluster. The method includes receiving temperature information and location information using RFID technology and detecting an error condition. The method further includes responsive to the error condition, selecting a failover target based on said temperature information and location information and transferring operations from a portion of a storage cluster to the failover target based on the selecting.

Abstract: A method for synchronizing, using at least one processor, a physical machine with a virtual machine while the virtual machine is operational in memory is disclosed. In one embodiment, the method includes monitoring a physical machine that utilizes a physical disk for storing computer data, consolidating a virtual disk with modifications to the physical disk, wherein the modifications to the physical disk are replicated on the virtual disk in response to unavailability of the physical machine, operating a virtual machine that utilizes the virtual disk for storing the computer data and migrating the virtual machine, using the virtual disk, to a computer.

Abstract: A method for providing resource throttling management. The method includes accessing a distributed computer system having a plurality of nodes, initiating a new object policy object backup protection for a new object, and implementing a discovery process to determine computer environment components subject to stress. The method further includes generating a physical resource throttling protocol in accordance with the components subject to stress, and processing the new object in accordance with the object management policy and in accordance with the throttling protocol.

Abstract: A method for providing object policy management. The method includes accessing a distributed computer system having a plurality of nodes, and initiating a new object policy object backup protection for a new object. The method further includes processing a list of object attributes available for the new object policy, and processing the list to generate an object management policy. The new object is then processed in accordance with the object management policy.

Abstract: Systems, methods, apparatus and software can provide visualization of the topology of a data protection system. Various devices making up the data protection system are displayed using graphical user interface elements such as icons. The display of the devices making up the data protection system illustrates the topology of the data protection system, connections among various system devices, device status information, device activity information, and/or device configuration information.

Abstract: A computer, computer program product, and method identify referrer context information associated with a remote object link. A network inspection module monitors network traffic and a remote object link identification module identifies remote links and their associated referrer context information. A link storage module stores the referrer context information along with the associated link. A look up module looks up the referrer context information in response to a request for a source of a link. The referrer context information is an important security resource in identifying the true source of a threat, and in avoiding future attacks. In addition, it allows for a more complete picture of how a link moves from one client to another by tracking how the link was sent and received.

Abstract: Wireless endpoints to be secured in a wireless network context are automatically identified. More specifically, wireless endpoints connecting to a wireless access point are detected. It is determined whether detected endpoints are connecting to the wireless access point to join a wireless network. Wireless access points determined to be connecting to the wireless access point to join a wireless network are automatically identified as endpoints to be managed. Identifying information concerning endpoints to be managed (e.g., MAC addresses) is gleaned, and automatically provided to an endpoint management system.

Abstract: Successful logins are distinguished from unsuccessful logins, and only when a login is successful are the user's login credentials stored and associated with the appropriate login page. Attempts by a user to login to a login page with a set of login credentials are identified. It is determined whether an attempt to login to a given login page with a set of login credentials is successful. If the attempt by the user to login to the login page with the set of login credentials is successful, the set of login credentials can be stored and associated with the login page. If the attempt fails, the credentials are not saved.

Abstract: A method and system for detecting captive portals includes a two phase captive portal detection process whereby an initial HTTP ping request is sent from the endpoint captive portal detection application on an end user computing system to an Internet accessible web server. The Internet accessible web server is expected to return an initial response token to the endpoint captive portal detection application in response to the initial HTTP ping request and if the expected initial response token is received, an initial HTTPS query request is then sent together with the returned initial response token that requires server/client mutual authentication. If mutual authentication is accomplished, then it is determined that the user is not in a captive portal. Follow up HTTP ping requests are then periodically generated by the endpoint captive portal detection application and if the responses to the follow up HTTP ping requests do not change, i.e., the token does not change, no new HTTPS query request is sent.

Abstract: A computer-implemented method for identifying polymorphic malware may include identifying a sample of a variant within a polymorphic malware strain. The computer-implemented method may also include identifying a set of filters for identifying the polymorphic malware strain. The computer-implemented method may further include determining that the set of filters incorrectly excludes the sample from being identified as within the polymorphic malware strain. The computer-implemented method may additionally include modifying the set of filters to not exclude the sample from being identified as within the polymorphic malware strain. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and apparatus for minimizing the effects of rogue security software leverages the fact that virtually all rogue security software generates malware alerts to scare the user/victim into submitting their payment information, and the fact that the malware alerts generated by rogue security software are almost never changed. In one example, a user computing system is monitored/scanned for any alerts being presented to the user. Once an alert is detected, the alert content is sampled and analyzed for defined keywords that indicate the alert is a malware alert and any alert including the defined keywords is considered a malware alert and is treated as being potentially generated by rogue security software. All malware alerts are therefore subjected to an initial malware alert analysis before the user is allowed to see, and/or respond, at least without a warning, to the malware alert.

Abstract: A method for replicating data in cluster environments may include (1) identifying a cluster of nodes configured to replicate common storage of the cluster, (2) identifying a first write operation issued by a first node to the common storage, (3) identifying a second write operation issued by a second node to the common storage after the first write operation, (4) identifying a completion time of the first write operation, (5) identifying a start time of the second write operation, (6) identifying a maximum potential skew between the first system clock and the second system clock, (7) determining that the first and second write operations are mutually independent by determining that the start time of the second write operation precedes the completion time of the first write operation by a span greater than the maximum potential skew, and then (8) replicating the first and second write operations in parallel.

Abstract: A valid entry point for each boot driver running under an operating system is gleaned. When the operating system is rebooted, a security boot driver is loaded prior to loading other boot drivers. The security boot driver reads the actual entry points of each boot driver, before the boot drivers have run. The security boot driver compares the actual entry points to the corresponding valid entry points. Responsive to an actual entry point not matching its corresponding valid entry point, it is determined that the boot driver is infected. Infected boot drivers are corrected, by replacing their actual entry points with the corresponding, valid entry points. After infected boot drivers have been corrected, the infecting malicious code can be identified and disabled. Sections of boot drivers other than entry points can be gleaned, read and compared, up to entire boot drivers.

Abstract: The accuracy of geotag information embedded in digital photographs is reduced. Network traffic is monitored, and transmission of a file stream comprising a digital photograph is identified. A geotag is identified in the file stream, as well as integrity verification information. It is determined that the identified geotag corresponds to a private location. The identified geotag is modified so as to reduce the accuracy of its content. Once the geotag is modified, the integrity verification information is updated to account for the modified geotag.

Abstract: Various methods and systems for selectively protecting against chosen plaintext attacks when encrypting data for storage on an untrusted storage system are disclosed. One method involves generating an encryption key for use in encrypting data and generating an identifier for the data. Generation of the encryption key is based upon a hash of the data to be encrypted, and generation of the identifier is based upon the data to be encrypted and/or the encryption key. The method also involves detecting whether an encrypted copy of the data is already stored by a storage system, based upon the identifier. The method also detects whether a higher level of security has been specified for the data and, if so, modifies the data to be encrypted or the encryption key, based upon a client-specific value, prior to generating the identifier.

Abstract: Systems, methods and computer readable media for authenticating one or more client devices (1) to a server (5). A shared unpredictable secret (50) is generated. The shared unpredictable secret (50) is stored in the client device (1) and in the server device (5). The client device (1) proves possession of the correct shared unpredictable secret (50) to the server (5). The shared unpredictable secret (50) is replaced by a new shared unpredictable secret (54) each time the client device (1) logs in to the server device (5).

Abstract: A method and apparatus for achieving high availability for applications and optimizing power consumption within a datacenter is provided. In one embodiment, a method for providing high availability and optimizing power consumption within a datacenter comprises upon execution of an application at a target node amongst a plurality of nodes in a datacenter, selecting a failover target node amongst the plurality of nodes for the application, and reserving a failover capacity of at least one resource of the selected failover target node.

Abstract: SecureFusion is a knowledge management system that integrates asset and risk management of Information technology resources for enterprises and provides metrics for the holistic representation of voluminous technical data. Integration of risk management, security operations and asset management creates an efficient and effective synergistic solution. SecureFusion is a solution that enables enterprises to perform real-time high speed operations research of Information Technology assets and security risks in a process-driven methodology. SecureFusion is comprised of modular, scalable components, utilizing web services to communicate with a centralized SecureFusion Portal. The myriad of data elements discovered and analyzed are converted into a knowledge-based information system. The knowledge-based system and portal provide real-time, dynamic reporting and graphic portrayal of management information for the enterprise. Metrics are used to provide a graphical global security status and scorecard.

Abstract: A computer-implemented method for safely migrating to virtualized platforms may include (1) identifying a virtual machine that is a target of a physical-to-virtual conversion from a physical server, (2) determining that the physical-to-virtual conversion includes at least one future step before the physical-to-virtual conversion is complete, (3) based on determining that the physical-to-virtual conversion includes the future step, creating a snapshot of the virtual machine before the future step, and (4) reverting the virtual machine to the snapshot before the future step. Various other methods, systems, and computer-readable media are also disclosed.