Abstract: A computer-implemented method for selectively applying malware signatures may include (1) receiving a time-sensitive malware signature at a receiving time to apply to a computing environment, (2) identifying a first target object observed within the computing environment at a first observation time, (3) deactivating the time-sensitive malware signature with respect to the first target object based on a difference between the receiving time and the first observation time, (4) observing a second target object within the computing environment subject to malware scans, the second target object being observed within the computing environment at a second observation time that is later than the first observation time, and (5) activating the time-sensitive malware signature with respect to the second target object based on a difference between the receiving time and the second observation time. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for detecting cloning of security tokens may include (i) logging, at an authentic security token, one-time-use security codes that are derived at the authentic security token from a shared secret that is stored at the authentic security token, (ii) logging, at a validation server, one-time-use security codes that are derived from the shared secret and received at the validation server, (iii) determining that the authentic security token has been cloned by determining that the one-time-use security codes logged at the validation server include at least one additional one-time-use security code that is not included in the one-time-use security codes logged at the authentic security token, and (iv) performing a security action in response to determining that the authentic security token has been cloned. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for protecting backed-up data from ransomware attacks may include (1) determining that a backup system periodically backs up at least one file stored at a computing device to a remote storage system by storing a copy of the file at the remote storage system, (2) identifying one or more characteristics of the file backed up by the backup system, (3) storing a tripwire file with the one or more characteristics at the computing device, (4) determining that the file stored at the computing device has likely been encrypted by ransomware executing on the computing device by detecting that the tripwire file has been modified, (5) performing an action that prevents the backup system from replacing the copy of the file at the remote storage system with a copy of the encrypted file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for providing supply-chain trust networks may include (1) identifying a computational partnership between a primary computing entity and a partnered computing entity, wherein the primary computing entity and the partnered computing entity are under separate control and the partnered computing entity handles at least one computing resource to be used by the primary computing entity, (2) receiving, from a computing environment controlled by the partnered computing entity and with permission from the partnered computing entity, security data that comprises information about at least one security characteristic of the computing environment, (3) analyzing the security data to make a security determination about the computing environment controlled by the partnered computing entity, and (4) providing, in response to identifying the computational partnership, the security determination about the computing environment to the primary computing entity.

Abstract: Techniques are disclosed for dynamically managing hardening policies in a client computer (e.g., of an enterprise network). A hardening management application monitors activity on the client computer that is associated with a first hardening policy. The monitored activity is evaluated based on one or more metrics. Upon determining that at least one of the metrics is outside of a tolerance specified in the first hardening policy, the client computer is associated with a second hardening policy. The client computer is reconfigured based on the second hardening policy.

Abstract: A method for detecting application leaks is described. In one embodiment, the method may include the method may include identifying a first application as a known application, assigning a first identifier to the first application, appending the first identifier to data generated by the first application, identifying a second application as an unknown application, assigning a second identifier to the second application, identifying a data usage by the second application, appending the second identifier to data associated with the data usage by the second application, and determining whether the data usage by the second application is associated with the data generated by the first application based at least in part on the first identifier and the second identifier. In some cases, the data usage includes at least one of generating data, modifying data, and transmitting data.

Abstract: An antenna system for wireless communications and other wireless applications is disclosed. In one particular embodiment, the antenna system may comprise a frame with at least three facets and an antenna element mounted on each of the at least three facets, wherein each of the antenna elements are electromagnetically isolated from each other.

Abstract: The disclosed computer-implemented method for protecting computing resources may include (i) computing a degree of commonality between pairs of users within a file sharing system based on which files the users accessed over a period of time, (ii) building a social graph that indicates at least one edge between members of an instance of the pairs of users, (iii) computing an anomaly score for a user within the instance of the pairs of users, (iv) detecting that the anomaly score deviates, according to a statistical measurement, from historical anomaly scores computed for the same user, and (v) performing, in response to detecting that the anomaly score deviates from the historical anomaly scores, a protective action to protect computing resources from anomalous behavior by the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for locating unrecognized computing devices may include (1) identifying a plurality of cooperating computing devices on a wireless network that are each configured with a device location application, (2) determining a physical location for each cooperating computing device within the plurality of cooperating computing devices, (3) receiving, from the device location application on the plurality of cooperating computing devices, data about packets intercepted by the plurality of cooperating computing devices that are directed to the wireless network by an unrecognized computing device, and (4) locating the unrecognized computing device based on information received from the plurality of cooperating computing devices that identifies both the physical location for each cooperating computing device and signal strengths of the packets intercepted by the plurality of cooperating computing devices.

Abstract: The disclosed computer-implemented method for location-aware access to cloud data stores may include (1) obtaining a location policy that governs access to a cloud data store, the location policy specifying one or more location rules to be satisfied in order to access files in the cloud data store, (2) receiving a request, from a client system, to access one or more files in the cloud data store, (3) verifying that the request satisfies the location rule and therefore complies with the location policy, and (4) providing the client system access to the file in the cloud data store. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A massive number of long lived connections is migrated between a source and a destination computer. Connection state information concerning each request being processed on each connection is transferred from the source to the destination computer. The source continues to respond to requests on a given connection while transferring corresponding state information. Once state information for a specific connection has been transferred, the connection is switched from the source to the destination. Connections are kept active during the shifting. While shifting traffic on a specific connection, two versions of the connection can be open simultaneously, one to the source and the other to the destination. Traffic on the connection is routed to the source computer until the shift has been completed, after which the connection on the source computer is closed, and traffic is routed to the destination.

Abstract: A computer-implemented method for detecting malware is described. In some embodiments, the method includes identifying an application identifier of a first application paired with a universal resource locator (URL) scheme, and storing the identified pairing of the application identifier and URL scheme of the first application in a database. In some cases, the database stores URL scheme pairings of a plurality of applications. In some embodiments, the method includes identifying an application identifier of a first application paired with a universal resource locator (URL) scheme, identifying a second application as an unknown application, detecting a request to register a URL scheme pairing of the second application, querying the database based on the request to register the URL scheme pairing of the second application, and determining whether the second application is potential malware based on a result of the querying.

Abstract: A peering relationship among two or more network appliances is established through an exchange of control messages among the network appliances. The peering relationship defines a cluster of peered network appliances, and at each network appliance of the cluster traffic flow state information for all the network appliances of the cluster is maintained. Network traffic associated with traffic flows of the network appliances of the cluster is managed according to the state information for the traffic flows. This managing of the network traffic may include forwarding among the network appliances of the cluster (i.e., to those of the appliances handling the respective flows) at least some of the network traffic associated with one or more of the traffic flows according to the state information for the one or more traffic flows. The traffic flows may be TCP connections or UDP flows.

Abstract: Techniques are disclosed for monitoring and evaluating video game activity by scanning for communications between a gaming console and peripherals that wirelessly communicate with the gaming console. An activity tracker receives wireless communications sent between the gaming console and a peripheral. The activity tracker generates one or more usage metrics describing the wireless communications. The activity tracker evaluates the network data based on or more specified rules. Upon determining that the usage metrics trigger a specified rule, the activity tracker generates a notification to describing those usage metrics.

Abstract: A SPOC server receives a request to initiate a transaction utilizing multiple separate distributed cloud based services located on separate datacenters, from an endpoint. The SPOC server generates a transaction identifier for the transaction. The SPOC server transmits the generated transaction identifier to the endpoint. Receipt of the generated transaction identifier directs the endpoint to call each one of the separate services, with the transaction identifier. Over time, the SPOC server receives a separate service completion notification with the generated transaction identifier from each one of the separate services. Each separate service completion notification indicates that the corresponding service has completed. Only in response to receiving a separate service completion notification from each one of the separate distributed cloud based services, the SPOC server transmits a transaction completion notification with the generated transaction identifier to the endpoint.

Abstract: A method for detecting network intrusion, performed by a processor is provided. The method includes coupling a computing or communication device to a network device and determining a geolocation of the network device. The method includes comparing the geolocation of the network device to an expected value and determining whether to connect to a network based on the comparing. A computer readable media containing instructions and a device are also provided.

Abstract: A computer-implemented method for detecting malware may include (1) identifying a behavioral trace of a program, the behavioral trace including a sequence of runtime behaviors exhibited by the program, (2) dividing the behavioral trace to identify a plurality of n-grams within the behavioral trace, each runtime behavior within the sequence of runtime behaviors corresponding to an n-gram token, (3) analyzing the plurality of n-grams to generate a feature vector of the behavioral trace, and (4) classifying the program based at least in part on the feature vector of the behavioral trace to determine whether the program is malicious. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for detecting security threats may include (1) detecting, by a software security program, a security incident at a client device such that the software security program generates a signature report to identify the security incident, (2) querying an association database with the signature report to deduce another signature report that a different software security program would have predictably generated at the client device, the different software security program having been unavailable at the client device at a time of detecting the security incident, and (3) performing at least one protective action to protect the client device from a security threat associated with the security incident based on the other signature report deduced by querying the association database. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Various systems and methods can provide a flexible database schema. One method can store information identifying a first entity in a first table. A unified data model includes several tables, including the first table and a metadata table. Each of the tables stores information describing one or more entities belonging to a respective archetype. The first table already stores information identifying a second entity when the information identifying the first entity is stored. The second entity is already related to another entity when the information identifying the first entity is stored. The first entity is a new type of entity not already stored in the first table when the information identifying the first entity is stored. The method then stores metadata associated with the first entity in a metadata table. The metadata then identifies the new type of entity.

Abstract: A computer-implemented method for predicting security threats may include (1) predicting that a candidate security target is an actual target of a specific security attack according to a non-collaborative-filtering calculation, (2) predicting that the candidate security target is an actual target of a set of multiple specific security attacks, including the specific security attack, according to a collaborative filtering calculation, (3) filtering, based on the specific security attack also being predicted by the non-collaborative-filtering calculation, the specific security attack from the set of multiple specific security attacks predicted by the collaborative filtering calculation, and (4) notifying the candidate security target to perform a security action to protect itself from another specific security attack remaining in the filtered set of multiple specific security attacks based on an analysis of the filtered set of multiple specific security attacks.