Abstract: A machine has a bus, an input port connected to the bus to receive inbound network traffic, an output port connected to the bus to convey outbound network traffic and a processor complex connected to the bus. The processor complex is configured as a pipeline with individual processor cores assigned individual network traffic processing tasks. The pipeline includes a first set of processor cores to construct network traffic trees characterizing the inbound network traffic and the outbound network traffic. Each network traffic tree characterizes traffic type and traffic rate. A second set of processor cores enforces network traffic policies utilizing the network traffic trees. The network traffic policies apply traffic rate control by traffic type for the inbound network traffic and the outbound network traffic.

Abstract: The disclosed computer-implemented method for categorizing virtual-machine-aware applications for further analysis may include (1) identifying a plurality of virtual-machine-aware applications, where each of the plurality of virtual-machine-aware applications exhibits different behavior when the virtual-machine-aware application detects that the virtual-machine-aware application is executing in a physical computing environment rather than in a virtual computing environment, (2) identifying a plurality of non-virtual-machine-aware applications that do not exhibit different behavior when executed in the physical computing environment rather than in the virtual computing environment, (3) determining at least one characteristic that differentiates the virtual-machine-aware applications from the non-virtual-machine-aware applications, (4) analyzing an uncategorized application to determine whether the uncategorized application includes the characteristic, and (5) preventing the uncategorized application from evadi

Abstract: A method for authenticating messages is provided. The method includes calculating a hash value based on a key and a message count value and receiving a data message associated with the message count value. The method includes receiving an authentication message that includes the message count value and a message authentication code derived from the data message, the message count value and the key. The method includes applying portions of the data message to look up portions of the hash value and combining the portions of the hash value to form a verification version of the message authentication code. The method includes determining whether the message authentication code matches the verification version of the message authentication code.

Abstract: A method of automating security provisioning is provided. The method includes receiving a request to start a virtual application and determining an owner of the virtual application. The method includes determining a workload based on the virtual application, the workload including an application and a virtual machine and assigning the workload to a security container or sub-container, among a plurality of security containers, based on the owner of the virtual application.

Abstract: The disclosed computer-implemented method for selecting identifiers for wireless access points may include (1) receiving a request to establish an identifier for a configurable wireless access point, (2) identifying an existing access-point identifier that is used to identify at least one additional wireless access point, (3) determining a physical location of the configurable wireless access point, (4) verifying that the existing access-point identifier is not being used within a predetermined proximity of the physical location of the configurable wireless access point, and (5) assigning the existing access-point identifier to the configurable wireless access point. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for verifying user attributes may include (1) receiving a request to verify an attribute of a user who claims to be a particular person, (2) determining that the attribute can be verified using a trusted record that is associated with the particular person, (3) determining that the trusted record is associated with a vehicle to which the particular person has access rights, (4) confirming that the user has physical access to the vehicle by performing an access-validation check, and (5) in response to confirming that the user has physical access to the vehicle, using the trusted record to verify the attribute of the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems and methods for selective proxification of applications are disclosed. One or more computer readable storage media may be encoded with instructions executable by one or more processing units of a computing system. The instructions encoded on the computer readable storage media may comprise authenticating a single sign-on access at a proxy server, receiving a request at the proxy server to access an application on an application server requiring authentication, accessing the application on the application server, authenticating a user to the application without additional authentication input from the user, and selectively providing a proxified session between the user and the application.

Abstract: An apparatus identifies a request from a user device to access data on a storage server. The apparatus determines a sensitivity level of response data for a response to the request, security context of the response, and a routing action to perform for the response by applying a policy to the sensitivity level of the response data and the security context of the response. The apparatus executes the routing action for the response.

Abstract: The disclosed computer-implemented method for controlling content for child browser users may include (1) identifying one or more indicators that a browser session user is a child, (2) calculating a session score indicating a likelihood that the browser session user is a child, (3) determining, based at least in part on the session score being above a threshold, that the browser session user is a child and therefore content controls should apply to a browser session of the child, and (4) initiating one or more content control actions. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for logging out of cloud-based applications managed by single sign-on services may include (1) identifying an attempt by a single sign-on service to log a user out of a set of cloud-based applications, (2) in response to identifying the attempt to log the user out of the set of applications, tracking a logout status of each application within the set of cloud-based applications by, for each application (a) identifying a logout request sent by the single sign-on service to the application and (b) determining whether the application has sent a logout response to the single sign-on service that verifies that the user has been successfully logged out of the application, and (3) determining that the user is still logged into at least one application managed by the single sign-on service by determining that the application did not send a logout response to the single sign-on service.

Abstract: The disclosed computer-implemented method for identifying detection-evasion behaviors of files undergoing malware analyzes may include (1) monitoring, by a plurality of monitor components related to an automated execution environment, a file that is undergoing a malware analysis in the automated execution environment, (2) detecting a suspicious discrepancy among the monitor components with respect to computing activity observed in connection with the malware analysis by (A) identifying a monitor component that has observed the computing activity in connection with the malware analysis and (B) identifying another monitor component that has not observed the computing activity in connection with the malware analysis, and then (3) determining, based at least in part on the suspicious discrepancy, that the file demonstrates a detection-evasion behavior that led to the other monitor component not observing the computing activity in connection with the malware analysis.

Abstract: A method for signing a wrapped computer application is described. In some embodiments, methods may include receiving a wrapped computer application via a first secure communication connection from a first remote server, authenticating the first secure communication connection, modifying the wrapped computer application based at least in part on the authenticating, and transmitting the wrapped computer application via a second secure communication connection to a second remote server based at least in part on the modifying.

Abstract: A server computer system identifies a request from an application hosted on a mobile device to consume a protected resource hosted by a cloud. The request is transmitted via a resource authorization protocol. The server computer system identifies a token state of an application on the mobile device. The token state is stored in a policy data store that is separate from expiration data that is stored on an access token on the mobile device. The server computer system determines whether the token state violates a security policy that is associated with a user that is assigned to the mobile device and prevents consumption of the protected resource in response to a determination that the token state violates the security policy. The server computer system allows consumption of the protected resource in response to a determination that the token state does not violate the security policy.

Abstract: The disclosed computer-implemented method for protecting computing devices from imposter accessibility services may include (1) registering a security application with the computing device as an accessibility service that has special permissions on the computing device that are not available to other applications, (2) ensuring that the security application is the first registered accessibility service on the computing device, and (3) performing, by the security application, a security action after ensuring that the security application is the first registered accessibility service. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method to identify machines infected by malware is provided. The method includes determining whether a universal resource locator in a network request is present in a first cache and determining whether a fully qualified domain name from the uniform resource locator is present in a second cache. The method includes evaluating a parent hostname as to suspiciousness. The method includes indicating the computing device has a likelihood of infection, responsive to one of: the universal resource locator being present in the first cache with a first indication of suspiciousness, the fully qualified domain name being present in the second cache with a second indication of suspiciousness, or the evaluating the parent hostname having a third indication of suspiciousness, wherein at least one method operation is performed by the processor. A system and computer readable media are provided.

Abstract: A policy distribution server provides, on a subscription basis, policy updates to effect desired behaviors of network intermediary devices. The policy updates may specify caching policies, and may in some instances, include instructions for data collection by the network intermediary devices. Data collected in accordance with such instructions may be used to inform future policy updates distributed to the network intermediary devices.

Abstract: A method for prioritizing vulnerabilities of an asset in a virtual computing environment is provided. The method includes determining a vulnerability score for the asset, based on at least one of a base vulnerability score or a temporal vulnerability score and receiving information about a threat. The method includes correlating the information about the threat with information about the open vulnerabilities on the asset and also about the asset to determine a threat score for the asset and determining a contextual score for the asset based on at least one tag of the asset. The method includes deriving a prioritization score for the asset, the prioritization score a combination of the vulnerability score, the threat score and the contextual score, wherein at least one method action is performed by a processor.

Abstract: Techniques are disclosed for configuring a server to establish a secure network communication session. An application monitors one or more resource utilization metrics of the server. Upon determining that at least one of the monitored resource metrics satisfies a specified condition, an optimization algorithm is selected based on the resource metrics and a configuration of the server. The optimization algorithm determines an updated configuration of the server while maintaining the security at par or better. The selected optimization algorithm is performed to modify determine the updated configuration of the server. Once determined, the application applies the updated configuration to the server.

Abstract: The disclosed computer-implemented method for evaluating content provided to users via user interfaces may include (1) monitoring, as part of a security application via an accessibility application program interface provided by an operating system of a computing device, accessibility events that indicate state transitions in user interfaces of applications running on the computing device, (2) receiving, at the security application, an accessibility event that indicates that a user of the computing device is viewing a user interface of an application running on the computing device, (3) identifying, as part of the security application via the accessibility application program interface, content that the user is attempting to access via the application, (4) determining, as part of the security application, that the content is harmful, and (5) performing, as part of the security application, at least one security action in response to determining that the content is harmful.