Abstract: A method, apparatus and system for providing access to data comprising launching an image of a virtual machine, determining a file system or a storage container being unsupported by an operating system coupled to the virtual machine, mapping the file system or the storage container onto the operating system and accessing data within the file system or the storage container through the operating system.

Abstract: The disclosed computer-implemented method for securing wireless networks may include (1) receiving, at a physical access point, a request to improve the security of a wireless network that includes a client device and is serviced by an active virtual access point of the physical access point, (2) configuring a substitute virtual access point to service the wireless network by (a) configuring the substitute virtual access point to identify the wireless network using a substitute SSID and/or (b) secure the wireless network using a substitute passcode, (3) transmitting a notification that includes the substitute SSID and/or the substitute passcode to the client device that instructs the client device to connect to the wireless network via the substitute virtual access point, (4) connecting the client device to the substitute virtual access point, and (5) disabling the active virtual access point. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for estimating ages of network devices may include (1) identifying at least one networked device that may be attached to a network, (2) identifying a media access control address of the networked device, the media access control address comprising an organizational unique identifier, (3) querying an organizational-unique-identifier database with the organizational unique identifier and receiving, in response, device-age information relating to an estimated age of the networked device and (4) determining the estimated age of the networked device based at least in part on the device-age information. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for detecting calls from illegitimate calling parties may include (1) collecting information about a plurality of calls received at a plurality of telephonic devices, (2) analyzing the information about the plurality of calls to identify at least one call pattern of illegitimate calling parties, (3) detecting, at a telephonic device, an incoming call, (4) determining whether one or more calls from the calling party of the incoming call fit the call pattern of illegitimate calling parties, and (5) disposing of the incoming call based at least in part on determining whether the one or more calls from the calling party of the incoming call fit the call pattern of illegitimate calling parties. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for anticipating file-security queries may include (1) monitoring queries from client devices for information that describes the security of files, (2) determining that a threshold number of the client devices are querying for information describing the security of a file within a threshold amount of time, (3) anticipating, based on the determination, that at least one client device that did not query for the information will query for the information, and (4) delivering, in response to anticipating that the client device that did not query for the information will query for the information, the information to the client device that did not query for the information. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for configuring computing systems may include (1) detecting an event associated with a client device that potentially impacts a group to which the client device is assigned and, in response to detecting the event, (2) discovering at least one attribute of the client device that has the potential to impact the client device's group assignment, (3) identifying at least one rule that defines conditions for assigning client devices to groups, (4) determining, by applying the rule to the discovered attribute of the client device, that the client device's group assignment should be modified, and (5) modifying, in response to determining that the client device's group assignment should be modified, the client device's group assignment based on the discovered attribute of the client device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Each node of a metric tree comprises a similarity hash of a member of a dataset of known message threats, calculated using a given similarity hashing algorithm. The nodes are organized into the tree, positioned such that the differences between the similarity hashes are represented as distances between the nodes. Messages are received and tested to determine whether they are malicious. When a message is received, a similarity hash of the message is calculated using the same similarity hashing algorithm that is used to calculate the hashes of the members of the dataset. The tree is searched for a hash of a known message threat that is within a threshold of distance to the hash of the received message. Searching the tree can take the form of traversal from the root node, to determine whether the tree contains a node within the similarity threshold.

Abstract: Various techniques are described to authenticate the identity of a proxy in a client-proxy-server configuration. The configuration may have a client-side and a server-side SSL session. In the server-side session, if the proxy has access to the private keys of the client, the proxy may select a client certificate from a collection of client certificates and send the selected certificate to the server to satisfy a client authentication request of the server. If the proxy does not have access to the private keys, the proxy may instead send an emulated client certificate to the server. Further, the client certificate received from the client may be embedded within the emulated client certificate so as to allow the server to directly authenticate the client, in addition to the proxy. An emulated client certificate chain may be formed instead of an emulated client certificate. Similar techniques may be applied to the client-side session.

Abstract: IoT devices are secured on multiple local area networks. Each local network contains a router which monitors activities of IoT devices, and transmits corresponding information to a backend server. The backend amalgamates this information, calculates dynamic reputation scores, and determines expected authorized activities for specific IoT devices. Based thereon, the backend creates a constraint profile for each IoT device, and transits the constraint profiles to the routers for enforcement. Enforcing a constraint profile can include creating multiples VLANs with varying levels of restricted privileges on a given local area network, and isolating various IoT devices in specific VLANs based on their reputation scores. Constraint profiles can specify to enforce specific firewall rules, and/or to limit an IoT device's communication to specific domains and ports, and/or to specific content.

Abstract: A computer-implemented method for automatically configuring virtual private networks may include 1) broadcasting by a client on a network to discover a virtual private network server configured to manage virtual private networks, 2) discovering, by the client in response to the broadcast, the virtual private network server, 3) establishing a secure connection between the client and the virtual private network server in response to the discovery, and 4) receiving, by the client from the virtual private network server through the secure connection, configuration settings that enable the client to automatically connect to a virtual private network. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for filtering interprocess communications may include (1) identifying a service process that provides a service on the computing device, (2) authenticating the service process, (3) identifying a request by a client process to use the service provided by the service process, (4) authenticating the client process, (5) receiving an interprocess communication from the client process directed toward the service process, (6) determining that the interprocess communication is malicious, and (7) in response to determining that the interprocess communication is malicious, blocking the interprocess communication from being communicated to the service process. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Methods, computer program products, computer systems, and the like, which protect messages in an electronic messaging system, are disclosed. The methods, computer program products, computer systems, and the like include detecting an occurrence of an event, and, in response to the detecting the occurrence of the event, scanning a message. The occurrence of the event indicates that the message should be scanned. The message includes recipient information, which identifies a recipient of the message, and is stored in a message store. The message has been received at a message destination associated with the recipient. The scanning uses a malware definition. The scanning is performed prior to the message being retrieved from the message store in response to a request by the recipient to retrieve the message from the message store. The event is other than the request by the recipient to retrieve the message from the message store.

Abstract: A security gateway appliance is configured to evaluate network traffic according to security rules that classify traffic flows according to specifically identified application programs responsible for producing and/or consuming the network traffic and to enforce policies in accordance with network traffic classifications. The appliance includes an on-box anti-virus/anti-malware engine, on-box data loss prevention engine and on-box authentication engine. One or more of these engines is informed by an on-box dynamic real tie rating system that allows for determined levels of scrutiny to be paid to the network traffic. Security gateways of this type can be clustered together to provide a set of resources for one or more networks, and in some instances as the backbone of a cloud-based service.

Abstract: A computing system intercepts a message generated by an application at runtime. The message has content to be logged in a log data store. The computing system identifies sensitive information in the message content and modifies the message content to protect the sensitive information. The computing system causes the modified message content to be logged in the log data store.

Abstract: A computer-implemented method for monitoring programs may include (1) placing a program within an enclave that includes a protected address space that code outside of the protected address space is restricted from accessing, (2) hooking an application programming interface call within the program in the enclave to monitor the behavior of the program, (3) inserting an enclave entry instruction into code outside of the protected address space that the program accesses through the hooking of the application programming interface call, and (4) monitoring the behavior of the program by executing the program within the enclave in an attempt to force the program to use the hooked application programming interface call in order to access data outside the enclave. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for attributing potentially malicious email campaigns to known threat groups may include (1) identifying a potentially malicious email campaign targeting at least one organization, (2) detecting, within the potentially malicious email campaign, an incriminating feature that has been linked to a known threat group, (3) determining, based at least in part on detecting the incriminating feature linked to the known threat group, that the known threat group is likely responsible for the potentially malicious email campaign, and then in response to determining that the known threat group is likely responsible for the potentially malicious email campaign, (4) attributing the potentially malicious email campaign to the known threat group. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for smart cipher selection may include (1) receiving, at a server and from a client, a request to communicate according to a cipher for encryption, the request containing a client list of ciphers available at the client, (2) identifying a server list of ciphers available at the server, (3) measuring, in response to receiving the request, a resource load at the server and a risk factor indicating a degree of risk posed by the client, and (4) selecting a common cipher, from the client list and the server list, for encrypted communication based on the measured resource load at the server and the measured risk factor indicating the degree of risk posed by the client. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for recognizing behavioral attributes of software in real-time is described. An executable file is executed. One or more runtime events associated with a behavior of the executable file are traced. The one or more traced runtime events are translated to a high level language. A recognizable pattern of the translated traced runtime events is produced. The pattern is a unique behavioral set of the translated traced runtime events.

Abstract: A method for filtering shortcuts may include: 1) identifying a user logged onto a computing system; 2) identifying a profile of the user that stores data associated with the user; 3) searching the user's profile for one or more shortcuts that target one or more computing resources; 4) for each computing resource targeted by one or more shortcuts in the user's profile, searching the computing system for the computing resource; 5) determining, based on a result of the search, that at least one computing resource targeted by a shortcut in the user's profile is not available on the computing system; and 6) filtering the shortcut that targets the unavailable computing resource by preventing the shortcut from being displayed to the user in a user interface when other items associated with the user's profile are displayed in the user interface. Various other methods, systems, and computer-readable media are also disclosed.