Abstract: A computer-implemented method for securing data at third-party storage services may include (1) receiving, at a server-side computing system, a request to provide a user with access to a file that is encrypted, (2) determining, in response to the request, whether a transitory symmetric key of the user is available to encrypt a decryption key with which the file may be decrypted, (3) encrypting the decryption key with the transitory symmetric key of the user if the transitory symmetric key of the user is available or encrypting the decryption key with the public key of an asymmetric key pair designated for the user if the transitory symmetric key of the user is unavailable, and (4) storing the encrypted decryption key. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method to determine a reputation of at least one telephone number associated with an unclassified source. A first device is monitored for an incoming contact originating from at least one unclassified source. When an incoming contact is detected, at least one attribute of the incoming contact is computed at the first device. The at least one attribute of the incoming contact is transmitted to a second device. A representation of the telephone number associated with the at least one unclassified source of the incoming contact is transmitted to the second device. The reputation of the telephone number is computed at the second device using the at least one attribute.

Abstract: The present invention provides for an efficient method, apparatus, and system for updating file system information when shared memory contents are moved from one physical location in memory to another. Traditional file systems manage such memory movement at the granularity of physical memory blocks. However, it will often be the case that multiple blocks will be moved, and the present invention takes advantage of the fact that it is more efficient to process the shared memory movement of memory contents at the granularity of an extent. The invention employs a data structure, where each record in the data structure contains information about the shared memory extents of the file system.

Abstract: Various systems and methods for migrating data between deduplication systems. For example, one method involves receiving a fingerprint, where the fingerprint is received from a source computing device at a destination computing device, and the fingerprint is associated with a data segment stored at the source computing device. The method also involves identifying a fingerprint type associated with the fingerprint. The method also involves performing a migration operation from the source computing device to the destination computing device. The migration operation involves determining whether the fingerprint is stored in a fingerprint sub-index. The migration operation also involves determining whether a second fingerprint that corresponds to the data segment is stored in a second sub-index, where the second fingerprint is of a second fingerprint type.

Abstract: A computer-implemented method for file-level replication may include 1) identifying a selection of at least one source file to replicate from a primary volume to a secondary volume, 2) identifying extent information that indicates a volume location of the source file within the primary volume, 3) identifying a volume offset within the primary volume of a write operation performed on the source file within the primary volume, 4) converting the volume offset to a file offset within the source file using the extent information, and 5) replicating the write operation and the file offset to the secondary volume. Various other methods and systems are also disclosed.

Abstract: The disclosed computer-implemented method for optimizing data loss prevention (DLP) systems may include (1) monitoring data distributed via at least one data-distribution channel, (2) detecting, by analyzing the distributed data, a plurality of partial violations of a set of DLP policies, (3) determining, based on a correlation between the plurality of partial violations, that the plurality of partial violations suggest a previously undetected DLP threat, and (4) formulating an adjustment to apply to the set of DLP policies to enable the set of DLP policies to detect the DLP threat in the future. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for populating and maintaining a local cache with archived data items is described. A request to organize archived data items into one or more bundles is sent. The one or more bundles of archived data items are downloaded to the local cache. Each of the archived data items are organized in the one or more bundles according to a time period associated with each archived data item. An index file is extracted from each of the one or more bundles. The extracted index file is inserted into a master index file.

Abstract: Techniques are disclosed for evaluating the effectiveness of a malware signature. A query tool translates a markup language malware signature definition into a database query. The query is then executed against a database of application features to identify software packages that the signature would identify as malware. The results of the query are compared with threat information stored in the database and classified as being true/false positives and true/false negatives.

Abstract: A computer-implemented method for automatically identifying changes in deliverable files may include (1) identifying, within first and second versions of a program file, at least one post-file-header section that is located after a file header of the program file, (2) locating, within the post-file-header section of the first version of the program file, a first set of characters that correspond to at least one data field that is known to potentially change between builds of the program file even when source code of the program file has not changed, (3) locating, within the post-file-header section of the second version of the program file, a second set of characters that correspond to the data field, and (4) masking both the first and second sets of characters from a comparison between the first and second versions of the file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A communication between an entity and a host is identified. Reputation information associated with a set of other entities that communicate with the host is identified. A reputation score associated with the host is generated based on the reputation information associated with a set of other entities. A reputation score associated with the entity is generated based on the reputation score associated with the host.

Abstract: A computer-implemented method for detecting malicious email attachments may include (1) identifying a shortcut file received as an attachment to an email, wherein the shortcut file is configured to open a target file, (2) analyzing the shortcut file to identify at least one attribute of the shortcut file, wherein the attribute comprises information about the shortcut file useful for determining whether text accurately characterizes the shortcut file, (3) identifying accompanying text in the email that characterizes the attachment, and (4) determining that the attachment is malicious by comparing the attribute of the shortcut file with the accompanying text in the email that characterizes the attachment and, based on the comparison, determining that the accompanying text does not accurately characterize the shortcut file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for predicting the impact of security-policy changes on users may include (1) identifying at least one end-user computing system that may potentially be regulated using a security policy, (2) predicting, prior to activating the security policy on the end-user computing system, how activating the security policy may impact at least one user of the end-user computing system by monitoring at least one behavior of the user on the end-user computing system and by determining how activating the security policy on the end-user computing system may have impacted the behavior, and (3) notifying, based at least in part on predicting how activating the security policy may impact the user, an administrator of the end-user computing system with information that indicates how activating the security policy may impact future user behavior. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for providing targeted data loss prevention on unmanaged computing devices may include (1) identifying a data loss prevention policy that defines permissible data handling within set bounds to prevent unauthorized data exfiltration from the set bounds, (2) identifying an application to install on at least one unmanaged endpoint device, where (i) the unmanaged endpoint device lacks a data loss prevention agent configured to apply the data loss prevention policy to the entire unmanaged endpoint device and (ii) the application is to be provided to the unmanaged endpoint device to operate on sensitive data from within the set bounds, and (3) wrapping the application in an application wrapper that intercepts system calls from the application and applies the data loss prevention policy to sensitive data implicated in the system calls. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Various systems and methods for detecting and resolving a reparse point conflict are disclosed. One method involves receiving a request to perform a file operation, where the file operation includes generation of a reparse point associated with the file. In response to receipt of the request, the method includes detecting a reparse point conflict, where detection of the reparse point conflict indicates a conflict between the reparse point and an existing reparse point. In response to detection of the reparse point conflict, the reparse point conflict is resolved.

Abstract: A computer-implemented method for enabling deduplication of attachment files within a database is described. A database file comprising data blocks of an attachment file positioned intermittently among data blocks of the database file is inspected. A first map may be generated from the inspection of the database file and the attachment file. The data blocks of the database file and the data blocks of the attachment file are identified according to the first map. The data blocks of the database file are written to a database data file. The data blocks of the attachment file are written to an attachment data file. The attachment data file is deduplicated with at least one other data file.

Abstract: A computer-implemented method for synchronizing mobile computing platforms may include (1) identifying a set of applications installed on a mobile computing platform, (2) detecting a request from an additional mobile computing platform to synchronize the additional mobile computing platform and the mobile computing platform with respect to the set of applications, and then (3) synchronizing the additional mobile computing platform and the mobile computing platform with respect to the set of applications by (a) querying an application-matching engine to determine an equivalent set of applications that corresponds to the set of applications on the additional mobile computing platform and then (b) directing the additional mobile computing platform to download the equivalent set of applications. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for data loss prevention may include (1) identifying a network configured with a data loss prevention system, (2) identifying a file subject to a data loss prevention assessment within the network, (3) identifying an origin of the file, (4) determining that the origin of the file is outside the network, and (5) determining that the origin of the second file does not contain sensitive information intended to be protected by the data loss prevention system. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for enforcing data loss prevention policies on mobile devices may include (1) identifying a mobile device that connected to a network and that may include sensitive data and that is in a predetermined state that is designated for transferring data for data loss prevention analysis, (2) requesting, from a data loss prevention policy database via the network, a data loss prevention policy category for the sensitive data based on an analysis the sensitive data, (3) receiving the data loss prevention policy category, tagging, based on the data loss prevention policy category, the sensitive data on the mobile device with a data loss prevention policy tag and (4) enforcing on the mobile device, based on the data loss prevention policy tag, a data loss prevention rule for the data loss prevention category of the sensitive data. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Method and apparatus for securing confidential data related to a user in a computer is described. In one example, rules are obtained that provide a representation of the confidential data. A storage system in the computer is searched using the rules to detect a file having at least a portion of the confidential data. The file is encrypted the in-place within the storage system using symmetric encryption based on a secret associated with the user.