Abstract: Systems and Methods are disclosed that provide for organizing a first plurality of email documents into a plurality of document groups, reviewing a document group from the plurality of document groups, and associating review content with the document group. Review content may then be propagated to one or more email documents associated with the document group to produce a second plurality of email documents. One or more email documents may be annotated in accordance with the review content. Depending on the embodiment, review content may include text, graphics, audio, tag, and multimedia information. Produced documents can be searched and browsed in accordance with information in the review content. Email documents can be grouped by information in meta information and/or header information associated with the email documents into various groups, including threads or conversations.

Abstract: A method for calculating a partial risk score for a data object may include identifying a request to calculate a partial risk score for a data object, the request including a partial risk score filter, and the data object being associated with one or more policies. The method may further include for each policy associated with the data object, determining whether characteristics associated with the policy match a parameter in the partial risk score filter, and when the characteristics associated with the policy match information in the partial risk score filter, including a data object risk score associated with the policy in the partial risk score for the data object.

Abstract: Various embodiments of a system and method for restoring a data volume to a client computer system from a backup image are disclosed. A backup image at a remote backup server computer system may first be selected as a data source for the volume. The volume may be “instantly restored” on the client computer system without first requiring all of the data in the remote backup image to be transmitted from the backup server computer system. Instead, a lazy restore technique may be used where volume data is retrieved from the backup image on the backup server computer system as needed. Further embodiments of the system and method may enable the data source for the volume to be switched from the remote backup server computer system to a local data source at a later time.

Abstract: A computer-implemented method for restoring distributed applications within virtual data centers may include (1) receiving a request to restore a distributed application that includes at least one virtual machine to a virtual data center, (2) identifying a backup of the virtual machine stored within backup storage, (3) exposing the backup of the virtual machine stored within the backup storage to a hypervisor, (4) regenerating the virtual machine by accessing the backup of the virtual machine at the backup storage, (5) adding the virtual machine to the distributed application, and (6) restoring, before completely recovering the virtual machine from the backup storage to the datastore of the virtual data center, the distributed application by starting the virtual machine as part of the distributed application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for treating locally created files as trustworthy may include identifying at least one file created on a computing system protected by a security system that determines whether files encountered by the computing system are trustworthy. The method may also include identifying a software application used to create the file on the computing system. The method may further include determining that the software application used to create the file on the computing system comprises a reputable software application used to create trustworthy files within a user community comprising users of computing systems protected by the security system. In addition, the method may include establishing a trustworthiness exception that causes the security system to treat the file as trustworthy on the computing system that created the file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for validating login attempts based on user location may include (1) detecting a login attempt by a user to log into a user account, where the login attempt originates from an atypical location, (2) determining that the atypical location is inconsistent with a pattern of past login locations for the user, (3) retrieving location information that indicates a current location of the user from at least one third-party Internet resource, (4) determining, based on the location information, that the atypical location of the login attempt matches the current location of the user, and (5) trusting that the login attempt legitimately originates from the user based at least in part on the atypical location matching the current location of the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for duplicating backup images may include (1) identifying at least one storage device, (2) identifying a plurality of backup images to be duplicated to the storage device, (3) creating a composite image of the plurality of backup images, and then (4) storing the composite image on the storage device instead of duplicating the plurality of backup images to the storage device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A cloud service access and information gateway receives, from a user device, a request to access a cloud service. The cloud service access and information gateway compares a security status of the user device to a network access control policy for the cloud service. If the security status satisfies a condition of the network access control policy, the cloud service access and information gateway grants the user device access to the cloud service. If the security status does not satisfy the condition of the network access control policy, the cloud service access and information gateway requests an update to the security status of the user device to satisfy the condition.

Abstract: A computer-implemented method for determining that uniform resource locators are malicious may include identifying a uniform resource locator that may be posted on a social networking platform and that may be subject to a security assessment, gathering contextual data from the social networking platform that describes at least one instance of the uniform resource locator within the social networking platform, generating, based on the contextual data, a social fingerprint of the uniform resource locator and classifying the uniform resource locator as malicious based at least in part on the social fingerprint. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A server computer system receives mobile device activity data from a mobile device. The server computer system verifies that the mobile device activity data matches mobile device activity data that is stored at the mobile device and generates a shared secret at the server computer system using the received mobile device activity data. The shared secret at the server computer system matches a shared secret generated at the mobile device.

Abstract: Reputations of objects are determined by a reputation system using reports from clients identifying the objects. Confidence metrics for the clients are generated using information determined from the reports. Confidence metrics indicate the amounts of confidence in the veracity of the reports. Reputation scores of objects are calculated using the reports from the clients and the confidence metrics for the clients. Confidence metrics and reputation scores are stored in correlation with identifiers for the objects. An object's reputation score is provided to a client in response to a request.

Abstract: A computer-implemented method for determining whether profiles associated with social-networking websites have been compromised may include (1) creating a database of validated-content identifiers that identify valid content published on a social-networking profile, (2) determining, by monitoring the social-networking profile, that at least one item of content has been illegitimately published on the social-networking profile, and then (3) performing at least one security action on the social-networking profile. Various other systems, methods, and computer-readable media are also disclosed.

Abstract: The disclosure is directed to dynamic insertion and removal of virtual software sub-layers. In one example, a virtual layer associated with a software application is virtually installed and activated in a computing device. A virtual sub-layer associated with a component of the software application is dynamically inserted in the virtual layer. The virtual layer remains active during the dynamic insertion of the virtual sub-layer. In certain embodiments, a process is executed from the virtual layer, a determination is made as to whether the process launched before or after the insertion of the virtual sub-layer, and the inserted virtual sub-layer is selectively made visible or invisible to the process based on the determination.

Abstract: Shared storage access management systems and methods are presented. A method can comprise: performing an endpoint I/O source authority tracking process in which permission of an endpoint I/O source to perform an I/O with at least a portion of an endpoint storage target is tracked at least in part based on a corresponding endpoint I/O source ID value, and performing an I/O operation based upon results of the endpoint I/O source authority tracking process. In one embodiment, the endpoint I/O source ID value is associated with an endpoint I/O source that is a virtual machine. The endpoint I/O source ID value can be unique and can be bound to an endpoint I/O source. In one exemplary implementation, the endpoint I/O source ID value does not depend upon intermediate communication channel characteristics between a corresponding endpoint I/O source and endpoint storage target.

Abstract: Techniques are disclosed for authenticating users to a computing application. A relying application transmits a login page to a user requesting access to the application. The login page may include a QR code (or other barcode) displayed to the user. The QR code may encode a nonce along with a URL address indicating where a response to the login challenge should be sent. In response, the user scans the barcode with an app on a mobile device (e.g., using a camera on a smart phone) to recover both the nonce and the URL address. The mobile device may also include a certificate store containing a private key named in a PKI certificate. The app signs the nonce using the private key and sends the signed nonce in to the URL in a response message.

Abstract: Various systems and methods for management and provisioning of virtual machines are disclosed. This invention may be used, e.g., in conjunction with clusters of nodes that are potentially capable of hosting one or more virtual machines. In one aspect of this invention, the nodes may rank themselves, or be ranked, based on their ability to support a requested virtual machine configuration. Each of the clusters may also be ranked based on, for example, the aggregate ranks of the nodes within that cluster. After the nodes and/or clusters have been ranked, a cluster and/or a node may be selected to host the virtual machine, and the virtual machine may be provisioned on that cluster and/or node.

Abstract: A computing device determines counts of documents that are similar to a reference document for a set of similarity ratings. Each similarity rating is based on a number of co-occurring terms between the reference document and corresponding similar documents. The computing device present the reference document and a GUI element pertaining to the documents similar to the reference document in a graphical user interface (GUI). Upon a selection of the GUI element, the computing device presents a visual representation of a correlation between the counts of similar documents and the similarity ratings in the GUI. The visual representation is provided prior to displaying at least one of the similar documents.

Abstract: Techniques for managing disaster recovery sites are disclosed. In one particular embodiment, the techniques may be realized as a method for managing disaster recovery sites comprising generating a heartbeat at a first node, transmitting the heartbeat from the first node to a second node, determining whether a network connection between the first node and the second node has failed, determining whether the second node has received an additional heartbeat from the first node, and changing a state of the secondary node based on the determination of whether the second node has received the additional heartbeat.

Abstract: A first value is calculated as a function of data in an nth data block of a backup copy. The first value is then compared with each of a plurality of values in a plurality of entries, respectively, of a first data structure. The plurality of entries in the first data structure include a plurality of pointers, respectively, that correspond to a plurality of data blocks, respectively, in a storage system. If the first value compares equally to a value contained in one of the plurality of entries of the first data structure, a pointer of the one entry is added to an nth entry of a second data structure. This pointer corresponds to a copy of the nth data block that is stored in the storage system. If the first value does not compare equally with any value contained in the plurality of entries of the first data structure, (1) the nth data block is stored in the storage system, and (2) a first pointer is added to the nth entry of the second data structure.

Abstract: Making a trust decision is disclosed. One or more members of a social trust network are polled for information associated with a trust decision about a computing environment. The information includes information collected automatically with respect to activities of one or more of the one or more members of the social trust network. At least one action is taken based at least in part on the information.