Abstract: Techniques for improving snapshot performance are disclosed. In one embodiment, the techniques may be realized as a method for improving snapshot performance comprising initiating change block tracking for each unit of storage associated with each of a plurality of virtual machines, creating backup images of each unit of storage associated with each of the plurality of virtual machines, quiescing each of the plurality of virtual machines, and creating snapshots of each unit of storage associated with each of the plurality of virtual machines. The techniques may include identifying one or more changed blocks in at least one of the backup images using the change block tracking, editing the at least one of the backup images by replacing the identified one or more changed blocks using corresponding blocks from at least one snapshot of the snapshots, and releasing the at least one snapshot based upon a determination that editing has completed.

Abstract: A method and apparatus for protecting sensitive information from disclosure through virtual machine files is disclosed. In one embodiment, the method includes processing virtual machine files using at least one processor to access data objects in memory that are associated with at least one virtual machine, examining the data objects using the at least one processor in accordance with a data loss prevention policy in the memory to identify, using the at least one processor, sensitive information within at least one data object of the data objects and securing, using the at least one processor, the sensitive information within the virtual machine files in the memory.

Abstract: A method and apparatus for reliable I/O performance anomaly detection. In one embodiment of the method, input/output (I/O) performance data values are stored in memory. A first performance data value is calculated as a function of a first plurality of the I/O performance data values stored in the memory. A first value based on the first performance data value is calculated. An I/O performance data value is compared to the first value. A message is generated in response to comparing the I/O performance value to the first value.

Abstract: A computing device receives a file. The computing device determines whether the file has previously been scanned for violations of a data loss prevention policy. If the file was previously scanned, a result of the previous scan is used to decide whether or not the file violates the data loss prevention policy. If the file was not previously scanned, the file is scanned to decide whether or not the file violates the data loss prevention policy.

Abstract: A computer-implemented method for generating catalogs for snapshots may include (1) identifying an initial snapshot and a subsequent snapshot for a protected volume, (2) providing identifiers of the initial snapshot and the subsequent snapshot to a storage vendor application programming interface (API), (3) receiving, from the storage vendor API, an indication of at least one difference between the initial snapshot and the subsequent snapshot, and (4) synthetically generating a catalog for the subsequent snapshot based on a preexisting catalog for the initial snapshot such that the synthetically generated catalog reflects the difference between the initial snapshot and the subsequent snapshot indicated by the storage vendor API. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques are disclosed for generating multiple key pairs using different algorithms and similarly installing certificates signed using the different algorithms. A customer server receives a selection of algorithms for generating a public/private key pair (e.g., RSA, ECC, DSA, etc.). The customer server generates key pairs for each selection and also generates corresponding certificate signing requests (CSR). The customer server sends the CSRs to a certificate authority (CA). The CA generates certificates associated with algorithm and sends the certificates to the customer server. The customer server may prompt a user to select one or more of the certificates to install, and upon receiving the selection, the customer installs the certificates.

Abstract: A computer-implemented method for introducing variation in sub-system output signals to prevent device fingerprinting may include (1) intercepting, on a computing device, an output signal sent from a sub-system device on a computing device to a software component on the computing device, (2) identifying a margin of error for the output signal, (3), creating a modified output signal by introducing variation into the output signal in such a way that (a) the variation does not exceed the margin of error for the output signal and (b) the modified output signal cannot be used to identify the computing device, and (4) sending the modified output signal to the software component. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques are disclosed for providing a device-based PIN authentication process used to protect encrypted data stored on a computing system, such as a tablet or mobile device. A client component and a server component each store distinct cryptographic keys needed to access encrypted data on the client. The mobile device stores a vault encryption key used to decrypt encrypted sensitive data stored on the mobile device. The vault key is encrypted using a first encryption key and stored on the mobile device. The first encryption key is itself encrypted using a second encryption key. The second encryption key is derived from the PIN value.

Abstract: A computer-implemented method for determining trustworthiness of software programs may include (1) determining, for at least one software program, a prevalence score that indicates a prevalence of the software program within a local network, (2) obtaining, for the software program, a reputation score that indicates a reputation of the software program, (3) determining a trustworthiness of the software program based on both the reputation score of the software program and the prevalence score of the software program, and (4) performing a security action based on the trustworthiness of the software program. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A malware detection agent operating on a computing device detects one or more indicators of a potential data loss threat. Sensitive data is identified based on at least one of a logical location or a physical location of the sensitive data. One or more data loss prevention policies are enabled to protect the sensitive data until the potential data loss threat is resolved.

Abstract: A computer-implemented method may create a first full backup of a set of data units at a first point in time. The method may create, at a second point in time, a representation of one or more data units in the set of data units that have been modified since the first point in time. The method may determine, based at least in part on the representation of one or more data units that have been modified since the first point in time, a difference between a state of the set of data units at the first point in time and a state of the set of data units at the second point in time. The method may use the difference to update the first full backup to a second full backup that comprises modifications made to the set of data units between the first and second points in time.

Abstract: Misuse of a trusted seal by a website is detected. Web browsing activities at a client are monitored. Upon detecting a website visited by the client, the client requests evaluation of the website by a security server. The security server replies with a reputation score indicating whether the website is trustworthy. If the website is not trustworthy, perceptual hashes of selected images in the website are computed and compared with perceptual hashes of known trusted seals. If there is a match between the hash of a website image and the hash of a seal image, a query is made as to whether the website is authorized to use the trusted seal. If the website is not authorized to use the seal, the website is reported to be misusing the trusted seal.

Abstract: A computer-implemented method for directing application updates may include (1) identifying information that indicates a rate at which an earlier version of an application is exploited in attacks on computing system security, (2) identifying additional information that indicates a rate at which a later version of the application is exploited in attacks on computing system security, (3) determining how updating the application from the earlier version to the later version will impact computing system security by comparing the rate the earlier version of the application is exploited with the rate at which the later version of the application is exploited, and (4) directing a computing system with a determination about updating an installation of the earlier version of the application to the later version of the application based on determining how updating the application will impact computing system security. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method is disclosed. The method includes encrypting a first data, wherein the encrypting the first data set is performed using a first key, and the encrypting the first data set is performed using a dedicated encryption circuit. The first data set is stored on a first storage medium. A second data set is encrypted, wherein the encrypting the second data set is performed using a second key, and the encrypting the second data set is performed using the dedicated encryption circuit. The second data set is stored on the first storage medium.

Abstract: Techniques for virtual environment-based web client management are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for virtual environment-based web client management comprising monitoring web requests of a first web client of a first virtual machine, detecting a web request from the first web client matching one or more indicators, the one or more indicators corresponding to content to be handled on a second virtual machine, capturing a state of the first web client on the first virtual machine, transferring captured state information and web request information to a second web client on the second virtual machine, transitioning a user interface from the first web client to the second web client automatically using at least one of a keyboard controller driver and a hypervisor API, the second web client handling the web request from the first web client.

Abstract: A computer-implemented method for performing customized large-scale data analytics may include (1) providing a logical-data-model user interface to enable modifying a logical data model of a relational multi-dimensional analytic database, (2) receiving, via the logical-data-model user interface, user input to modify the logical data model of the relational multi-dimensional analytic database, (3) modifying the logical data model of the relational multi-dimensional analytic database based on the user input, (4) providing a visualization user interface, based on the logical data model, to enable performing online analytical processing operations, and (5) receiving, via the visualization user interface, a request to perform an online analytical processing operation that provides a view of data stored within the relational multi-dimensional analytic database in accordance with the logical data model. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Method and apparatuses for detecting violations of data loss prevention (DLP) in NTFS removable media and non-NTFS removable media are described. In NTFS, when an application opens a data file, a DLP file system filter driver internally opens the same data file using file system transaction and is transparent to the application. Application read/writes are redirected to the remote transaction. When the application tries to close the file, the DLP agent scans the data being written to the file for detection of violations and commits or aborts the remote transaction depending upon the detection of a violation of the policy.

Abstract: A method, system, and computer-readable storage medium for automatically performing operations on applications based on dependencies on other applications are disclosed. A command to start a first application can be received. The first application is configured to use data provided by at least one another application. A determination is made whether the first application is configured to use data provided by a second application. This determining is performed in response to a receipt of the command. In response to a determination that the first application is configured to use data provided by the second application, execution of the second application is initiated.

Abstract: Techniques for managing electronic message distribution are disclosed. In one particular embodiment, the techniques may be realized as a method for managing electronic message distribution, the method includes analyzing an electronic message, determining whether the electronic message satisfies one of a plurality of predetermined conditions, converting at least a portion of the electronic message from a first format to a second format based on the determination of whether the electronic message satisfies the one of the plurality of predetermined conditions, and transmitting the converted electronic message.