Abstract: A mechanism for providing inventory information from distributed computing resources in an enterprise network in a manner that minimizes network traffic being sent from those computing resources to a centralized inventory server is provided. Bandwidth minimization is performed by generating a value corresponding to identifying information for each item inventoried on a computing resource and transmitting only those values to the inventory server. The generated value is shorter than a string containing the detailed information regarding the inventoried item, but is unique to that item. The inventory server then only requests more detailed information about an individual inventory item if a reported value has not previously been reported to the inventory server. In this manner, detailed information about a specific inventoried item is only transmitted through the network the first time that the item is inventoried and reported from any computer in the network.

Abstract: Application authorization management is provided without installation of an agent at an operating system level. A component runs outside of the operating system, in an AMT environment. AMT is utilized to examine the operating system for applications. Identified applications are checked against a whitelist or a blacklist. Responsive to determining that an identified application is not authorized, AMT is used to redirect input/output requests targeting the application to an alternative image, which can, for example, warn the user that the application is not authorized.

Abstract: A computer-implemented method for detecting security events may include (1) identifying facets of candidate security events detected by a network security system, (2) assigning each of the facets of the candidate security events to one of multiple groups of facets to create permutations of the facets, (3) comparing, for each group of facets, the candidate security events according to a similarity algorithm that indicates similarity between the candidate security events, (4) generating, for each group of facets, a weak classifier for detecting security events based on a nearest neighbor graph, and (5) performing, by the network security system, a remedial action in response to classifying a candidate security event as a security threat by applying a combination of the weak classifiers for the groups of facets to the candidate security event. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computing system assigns an anonymous cloud account to a user in response to a determination that identity information of the user is validated for a request to access a cloud. The anonymous cloud account does not reveal an identity of the user to the cloud. The computing system creates mapping data that associates the user with the anonymous cloud account. The cloud does not have access to the mapping data. The computing system facilitates user access to the cloud based on the anonymous cloud account. The cloud generates cloud access pattern data for the anonymous cloud account without determining the identity of the user.

Abstract: A computer-implemented method for evaluating reputations of wireless networks may include (1) identifying an endpoint computing system that is connected to a wireless network, (2) receiving, by a backend security server from the endpoint computing system, information that identifies the wireless network and that indicates in part a security state of the wireless network, (3) calculating, by the backend security server, a reputation of the wireless network based at least in part on the received information that identifies the wireless network and that indicates in part the security state of the wireless network, and (4) transmitting information about the calculated reputation of the wireless network to another endpoint computing system that is within range of the same wireless network. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for detecting potentially malicious applications may include (1) detecting a request issued by an application running on a client device to download a file from a remote device, (2) determining that the request calls an application programming interface that enables the client device to download the file from the remote device, (3) determining that a parameter passed to the application programming interface in the request has been implicated in a previous attempt to download a known malicious file, and then in response to determining that the parameter has been implicated in a previous attempt to download a known malicious file, (4) classifying the application that issued the request as potentially malicious. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Computer security threats are increasing in customization and complexity of attacks, expanding the burden on security companies in addressing the wide-array of threats. Functional classification is used here to determine the likely role a client and its user play to personalize computer security according to client/user role. A security module analyzes the client to identify data or applications present on the client or activities performed using the client. Based on this analysis, the security module predicts the role of the client or a user of the client. The module further dynamically generates a security policy that is personalized to and optimized for the client or the user based on the role predicted and on computer security threats expected to affect the client or user based on the role. The module then applies the security policy generated to provide personalized security.

Abstract: The disclosed computer-implemented method for protecting against unauthorized network intrusions may include (1) identifying a signal received by one or more antennas of a network from a transceiver of a device attempting to access the network, (2) detecting one or more signal strengths of the signal received by the antennas of the network in connection with the attempt to access the network, (3) determining, based at least in part on the signal strengths of the signal, that the attempt to access the network is potentially malicious, and then in response to determining that the attempt to access the network is potentially malicious, (4) initiating at least one security measure to address the potentially malicious attempt to access the network. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for managing enterprise application configurations is described. Configuration information of an enterprise application deployed across multiple servers at a single point in time is collected. An application footprint of the configuration information is generated. The application footprint is stored in a source control format.

Abstract: A computer-implemented method for applying data-loss-prevention policies. The method may include (1) maintaining a list of applications whose access to sensitive data is controlled by data-loss-prevention (DLP) policies, (2) detecting an attempt by a process to access sensitive data, (3) determining that the process has a parent-child relationship with an application within the list of applications, and (4) applying, based at least in part on the determination that the process has the parent-child relationship with the application, a DLP policy associated with the application to the process in order to prevent loss of sensitive data. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for generating a virtual private container (VPC) are disclosed. In one embodiment, the techniques may be realized as a virtual container defining a self-contained software environment, comprising one or more analytic components configured to carry out specified analytic functions on data within the container, wherein the one or more analytic components are isolated to run within the self-contained software environment of the container; an interface configured to identify and authenticate a particular user and provide analysis results generated by the one or more analytic components; and a gateway configured to receive data from one or more secure data sources external to the virtual container and associated with the particular user for use by the one or more analytic components.

Abstract: Techniques are disclosed to automate the discovery, installation, and renewal of multiple digital certificates deployed on a server application, such as a web server. For example, a management tool may discover and manage multiple digital certificates associated with a server application hosted at an internet protocol (IP) address and port on a server computing system. A certificate management tool examines server configuration data to identify a set of certificates associated with the server application. Based on the information from the configuration data, the tool retrieves and examines each certificate to identify certificate metadata needed to manage the lifecycle of each identified certificate.

Abstract: A computer-implemented method for identifying suspicious text-messaging applications on mobile devices may include (1) identifying at least one outgoing text message on a mobile device, (2) analyzing at least one attribute of the outgoing text message identified on the mobile device, (3) determining that the outgoing text message is illegitimate based at least in part on analyzing the attribute of the outgoing text message, (4) identifying, in response to the determination, a suspicious text-messaging application that created the illegitimate outgoing text message on the mobile device, and then (5) performing, in response to the determination, at least one security action on the suspicious text-messaging application to prevent the suspicious text-messaging application from creating additional illegitimate text messages on the mobile device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for automatically synchronizing online communities may comprise identifying login information for a first user account associated with the first online community, accessing the first user account using the login information for the first user account, obtaining information from the first user account, and modifying, based on the information obtained from the first user account, a second user account associated with a second online community. Corresponding systems and computer-readable media are also disclosed.

Abstract: A computer-implemented method for protecting sensitive data is described. In one embodiment, the method includes identifying data stored at a first storage system. The identified data is classified as sensitive data. The method includes copying at least a portion of the identified sensitive data from the first storage system, transferring the copied portion of the identified sensitive data from the first storage system to a file stored at a second storage system, and storing a virtual symbolic link at the first storage system. The virtual symbolic link includes information regarding the file stored at the second storage system.

Abstract: Clients send telemetry data to a cloud server, where the telemetry data includes security-related information such as file creations, timestamps and malware detected at the clients. The cloud server analyzes the telemetry data to identify malware that is currently spreading among the clients. Based on the analysis of the telemetry data, the cloud server segments malware definitions in a cloud definition database into a set of local malware definitions and a set of cloud malware definitions. The cloud server provides the set of local malware definitions to the clients as a local malware definition update, and replies to cloud definition lookup requests from clients with an indication of whether a file identified in a request contains malware. If the file is malicious, the client remediates the malware using local malware definition update.

Abstract: A computer-implemented method for managing launch activities on a mobile device may include maintaining a plurality of launch activities associated with an application. Each launch activity in the plurality of launch activities may be associated with a different launch icon. The method may further include identifying a mobile device environment within which the application is being used. The method may also include selecting, from the plurality of launch activities, a launch activity that corresponds to the mobile device environment. The method may additionally include enabling the launch activity that corresponds to the mobile device environment. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A minimum font size to display for a specific user is received, for example as entered through a user interface. The retrieval of webpages by a web browser on a computer system is monitored. For each specific view of a retrieved webpage to be displayed, the text in the specific view is resized based on the minimum font size for the user. Text in the smallest font in the view is resized to the minimum font size for the specific user. Larger text is resized so that the proportionality between different font sizes in the view is maintained. The view of the retrieved webpage with the resized text is displayed to the user. As the user scrolls through a retrieved webpage, the text of each view is resized, and the current view of the retrieved webpage is displayed with the resized text.

Abstract: A virtual element includes a communication component that controls, from a remote location, communication with an Internet of Things (IoT) device of a plurality of IoT devices. The virtual element also includes a capabilities augmenting component that facilitates access to resources that augment the capabilities of the IoT device of the plurality of IoT devices. The tasks of the IoT device are allocable to one or more different devices and are performed by the one or more different devices. An interface accessing component facilitates access to information that is directed to the IoT device from an interface that is common to the plurality of IoT devices, and facilitates access to information that is provided from the IoT device.

Abstract: Herein described is a collection of traffic classifiers communicatively coupled to a classification aggregator. Traffic classifiers may use conventional techniques to classify network traffic by application name, and thereafter may construct mappings that are used to more efficiently classify future network traffic. Mappings may associate one or more characteristics of a communication flow with an application name. In a collaborative approach, these mappings are shared among the traffic classifiers by means of the classification aggregator so that one traffic classifier can leverage the intelligence (e.g., mappings) formulated by another traffic classifier.