Abstract: A computer-implemented method for detecting information leakage by an organizational insider may include (1) identifying a set of organizational insiders of an organization, (2) identifying a set of public forums used by one or more organizational insiders, (3) identifying a set of messages posted to one or more public forums, (4) creating a message record corresponding to each message, with the record including a message summary, and a set of message metadata fields, (5) consolidating message records with common metadata fields into a message summary record, and (6) identifying, based on the message summary record, an information leakage threat. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for pre-installation detection of malware on mobile devices may include intercepting one or more communications of an application installation agent that installs applications on a mobile computing device. The method may further include identifying, based on the one or more intercepted communications, an application that has been at least partially downloaded by the application installation agent. The method may also include, in response to identifying the application, and before the application is installed on the mobile computing device, scanning the application for malware. The method may additionally include determining, based on the scan, that the application contains malware. The method may finally include performing a security action in response to determining that the application contains malware. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A list of servers known to a client is compared with lists of servers stored on the servers. An instance of content (e.g., a data file) can be accessed from a server on the list if at least a simple majority of the servers have the same version of the list.

Abstract: Various embodiments of a system and method for enabling electronic discovery (e-Discovery) searches to be performed on backup data in a computer system are disclosed. The system and method may operate to receive backup data for a set of files and backup catalog information indicating meta-data for the files, such as the data locations of the files within the backup data. The system and method may also receive event data indicating access history for the files, and may create e-Discovery mapping information based on the event data and the backup catalog information. The e-Discovery mapping information may map file access events specified by the event data may to the meta-data for the respective files in the backup data. The e-Discovery mapping information may enable the backup data to be searched to find files relevant to a legal proceeding or investigation.

Abstract: A computer-implemented method for recovering an application is described. A priority level is assigned to a process that interacts with the application. A state of the application is monitored. A determination is made that the state of the application is unstable. A first process that is assigned a first priority level is disabled. A determination is made as to whether the state of the application remains unstable.

Abstract: A method and apparatus for identifying information as protected information using a structure is described. A DLP system, incorporating a structure analyzer, monitors outbound data transfers performed by the computing system for violations of a DLP policy. The DLP system analyzes a structure of information contained in an outbound data transfer against a protected structure defined in a DLP policy. The DLP system identifies the information as protected information to be protected by the DLP policy based on the analysis, and, when the information is identified as protected, the DLP system detects a violation of the DLP policy. The protected structure may be derived from document templates, document forms, or from a set of training documents.

Abstract: A system and method for creating shortcuts within a database for archived items. A client computer sends a retrieval request for a given item to a web server. The given item may be an electronic document. A custom HTTPModule within the web server intercepts the request. The HTTPModule uses a uniform resource locator (URL) provided in the request to locate a record associated with the given item. If a given fixed string value is read from the record in place of the original content data, then the web server requests original content data for the given item from an archive store. The record still maintains identification information, such as a document identifier and the URL in order to maintain links and workflows. The retrieval request is not rerouted to an alternate path, and the client computer receives the original content data, rather than an indication of a shortcut.

Abstract: A computing system invokes a proxy agent in a virtual environment hosted by the computing system to obtain configuration change data for a virtualized application from an agent residing in a physical environment hosted by the computing system. The proxy agent changes a configuration of the virtualized application based on the configuration change data to cause the virtualized application to load a plug-in in the virtual environment. The computing system launches the virtualized application and the virtualized application loads the plug-in in the virtual environment to utilize a function of the plug-in in the virtual environment.

Abstract: A computer-implemented method to deploy a pre-boot environment in a computing system is described. A protected area may be created at a first location on a data storage device of the computing system. An operating system may be installed in the protected area at the first location on the data storage device. The pre-boot environment is modified to enable an address offset mode. The pre-boot environment is installed in an unprotected area at a second location on the data storage device.

Abstract: A computer-implemented method for securely managing multimedia data captured by a mobile computing device is disclosed. The method may include (1) identifying a mobile computing device, (2) receiving multimedia data captured by the mobile computing device that has been encrypted using an asymmetric public key, (3) decrypting the multimedia data captured by the mobile computing device using an asymmetric private key, and (4) auditing the multimedia data captured by the mobile computing device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for storage network bandwidth management are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for storage network bandwidth management comprising sampling, using at least one computer processor, application Input/Output (I/O) requests associated with the unit of storage during a specified period of time, determining a maximum latency value based on the sampling of the application Input/Output (I/O) requests, comparing the maximum latency value with a current latency value, and throttling administrative I/O requests in the event that the current latency value exceeds the maximum latency value.

Abstract: An SP's default user authentication is automatically augmented. An access request from a user is redirected from the SP to an authentication augmentation system. The SP also sends an augmentation request. The augmentation system redirects the access request to an IdP, and receives back an authenticated user identity. The default authentication is automatically augmented with additional techniques such as identity proofing and/or multifactor authentication, without the SP or the IdP modifying their code to implement or integrate the augmented authentication. Responsive to successfully authenticating the user according to the additional techniques, an augmented authenticated user identity is redirected to the SP. The augmentation system can use an identity management protocol such as SAML to communicate with the SP and IdP. Authentication performed by a third party and extended to the SP can be augmented, in which case a session id can be used to access third party services.

Abstract: A computer-implemented method for detecting an obfuscated executable may include identifying an executable file programmed to execute on a target architecture. The method may also include disassembling a first section of the executable file and determining whether the first section of the executable file comprises a valid instruction. The method may further include determining, based on whether the first section of the executable file comprises a valid instruction, whether the executable file poses a security risk. Various other methods, computer-readable media, and systems are also disclosed.

Abstract: A system and method for determining the model information of a device. A mapping database that maps a plurality of network device identifiers of a set of devices to model information of the devices may be automatically created. A request to determine model information of an unknown based on a network device identifier of the unknown device may then be received. The database may be analyzed to determine the model information of the unknown device. For example, the model information of the unknown device may be determined by extrapolating it based on the network device identifier of the device and the database information.

Abstract: Reputations of domain registrars are calculated based on the hosting of risky domains. The more undesirable domains a registrar hosts, the lower is its reputation. The risk level of the hosted domains is also a factor in determining the reputation. When a user attempts to access a hosted domain, the calculated reputation of the hosting domain registrar is used in determining what security steps to apply to the access attempt. The worse the reputation of the hosting registrar, the more security is applied, all else being equal.

Abstract: A computer-implemented method for variable-length chunking may include 1) identifying a first data stream subject to deduplication, 2) identifying a predetermined chunk of the first data stream that starts at a first location and ends at a second location within the first data stream, 3) identifying a second data stream with a matching chunk for the predetermined chunk that starts at a third location and ends at a fourth location within the second data stream, 4) identifying a subsequent chunk within the second data stream that starts at the fourth location and ends at a fifth location within the second data stream, 5) calculating a candidate boundary offset within the first data stream based on exceeding the second location by a difference between the fifth location and the fourth location, and 6) performing a boundary test at the candidate boundary offset. Various other methods, systems, and computer-readable media are disclosed.

Abstract: Various systems and methods can integrate a deduplicating backup server with cloud storage. For example, one method involves detecting a trigger condition associated with a storage device that stores backup images for a backup server. The method then selects to move a unit of data from the storage device to a cloud storage system, in response to detecting the trigger condition. The method selects the unit of data based on a most recent time at which the unit of data was accessed during a restore operation. The selection of the unit of data can also be based on a number of references to the unit of data, in systems in which the storage device is a deduplicated storage device.

Abstract: Techniques for avoiding dynamic domain name system (DNS) collisions are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for avoiding dynamic domain name system (DNS) collisions comprising: storing a first location associated with a first client device, a second location associated with a second client device, and a third location associated with a network, receiving, from the first client device, a first notification indicating an Internet Protocol (IP) address via the network, receiving, from the second client device, a second notification indicating the IP address via the network, determining a most likely owner of the network between the first client device and the second client device based on the first location, the second location, and the third location, and applying a content filtering policy associated with the first client device when the first client device is determined to be the most likely owner.

Abstract: A computer-implemented method for enhancing virtual machine backup image data may include identifying a virtual machine to be stored as a backup image. The computer-implemented method may also include collecting configuration information that identifies at least one aspect of how the virtual machine is configured. The computer-implemented method may further include storing the backup image of the virtual machine in a backup repository. The computer-implemented method may additionally include associating the configuration information within the backup image in a catalog of virtual machine backup images, the catalog being searchable by the configuration information. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and apparatus for performing file-level restoration from a block-based backup file stored on a sequential storage device is described. In one embodiment, a method of processing a backup file to perform file-level restoration from a sequential storage device comprises generating extent information, wherein the extent information pertains to at least one file system object associated with a backup file, wherein the backup file is to be stored on a sequential storage device, wherein the backup file is block-based and processing a backup catalog, wherein the backup catalog indicates locations of various portions of the extent information and is used to restore a file system object.