Abstract: Techniques are disclosed for identifying and authenticating prospective certificate authority customers of a secure socket layer (SSL) certificate prior to receiving an order from the customer. The CA generates a list of prospective customers of digital certificates (e.g., by scanning networked servers via the Internet for the presence of an installed digital certificate). The CA retrieves data for each customer on the list and determines, based on a set of approval criteria, which prospective customers to target in enrollment campaigns. For each approved customer, the CA initiates an enrollment process prior to receiving a request from the customer to provide a certificate.

Abstract: A web browser that includes a network policy enforcement unit, a storage policy enforcement unit, and an ancillary policy enforcement unit is disclosed. The network policy enforcement unit controls communications between application logic of a web application and data communication APIs. The storage policy enforcement unit controls access between the web application logic and persistent storage APIs. The ancillary policy enforcement unit controls user authentication of the web application logic.

Abstract: A computer-implemented method for classifying documents for data loss prevention may include 1) identifying training documents for a machine learning classifier configured for data loss prevention, 2) performing a semantic analysis on training documents to identify topics within the set training documents, 3) applying a similarity metric to the topics to identify at least one unrelated topic with a similarity to the other topics within the plurality of topics, as determined by the similarity metric, that falls below a similarity threshold, 4) identifying, based on the semantic analysis, at least one irrelevant training document within the set of training documents in which a predominance of the unrelated topic is above a predominance threshold, and 5) excluding the irrelevant training document from the set of training documents based on the predominance of the unrelated topic within the irrelevant training document. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system and method for repairing potentially corrupt file systems are provided. A request to repair an original file system, including a current set of metadata, is received. A metasave image is accessed, in response to the request. The metasave image includes a copy of the metadata included in the original file system at a point-in-time and information identifying a location of each block of metadata in the metasave image. Using the metasave image information, the current set of metadata in the original file system is replaced with the metadata in the metasave image.

Abstract: Techniques are described for generating a monosemous (i.e., single sense) keyword list associated with a particular domain (e.g., a medical or financial domain) for document classification. An input term frequency dictionary, a candidate keyword list, and a document corpus may be used to generate the keyword list. A collection of documents is divided into two sets, one related to a target domain and one not. A statistical approach may be used to evaluate each term in the candidate list to determine a measure of how monosemous each remaining candidate term is, i.e., how strongly the term (or short phrase) identifies with a single sense. Terms with a primarily single sense related to the target domain are added to the monosemous keyword list. The keyword list may be used to identify documents associated with the domain, allowing, the appropriate protections to be applied to the document (e.g., do not send outside an enterprise boundary or permit copying).

Abstract: A computer-implemented method for determining malicious-attack exposure levels based on field-data analysis may include (1) receiving a plurality of attack reports from a plurality of computing systems, wherein at least one attack report includes an identifier of a software component of a computing system within the plurality of computing systems from which the attack report was received and an indication that a malicious attack was detected at the computing system, (2) determining a number of attack reports within the plurality of attack reports that identify the software component, (3) analyzing the plurality of attack reports to determine, based at least in part on the number of attack reports, a level of exposure to malicious attacks of the software component, and (4) making, based at least in part on the level of exposure, a security determination related to the software component. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Various techniques deduplicate common virtual disks during backups of virtual machines. For example, one method involves receiving a request to perform a backup operation to backup one or more virtual machine and then performing the backup operation in response to receiving the request. Performing the backup operation involves detecting whether a virtual disk associated with a virtual machine is already identified in a backup catalog for the backup operation, based upon a globally unique identifier associated with the virtual disk, and selecting to create a reference to a backup copy of the virtual disk instead of creating another copy of the virtual disk, if the backup catalog already identifies the virtual disk. Performing the backup operation can also involve accessing information identifying a hierarchy of virtual disks.

Abstract: A security module determines categories of files normally accessed by a software application. The security module monitors file accesses of the application to determine whether the application accesses files belonging to different categories than it normally accesses. If the categories of the files accessed are the same, then the file accesses are allowed to proceed. If the categories of the files accessed are different, then the security module takes a security action.

Abstract: A computer-implemented method for replicating snapshots across backup domains may include 1) identifying a replication of a snapshot from a source storage device within a source domain to a target storage device within a target domain, 2) identifying a source master system within the source domain and a target master system within the target domain, 3) identifying metadata for managing the snapshot at the source master system, and 4) transmitting the metadata from the source master system to the target master system using a master-to-master communication channel that is separate from a communication channel used for the replication. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A security server renders a plurality of web pages. The security server logs script operations of the plurality of web pages that are performed when the web pages are rendered. Sequences of script data values that result from the script operations are determined. The sequences of script data values are tagged as either malicious or non-malicious based on whether the script operations associated with the sequence of script data values resulted in abnormal behavior in the computer. A statistical analysis is performed on the malicious and non-malicious script data values to determine likelihoods that identified sequences of script data values represent malicious behavior. The security server generates security data based on the statistical analysis. The security data are provided to clients. The clients monitor script operations of web pages accessed by the clients, and use the security data to identify malicious script operations.

Abstract: A computer-implemented method for providing caching for applications with solid-state storage devices may include (1) identifying a plurality of solid-state drives that are available for caching input/output operations, (2) detecting at least one distinguishing hardware property of at least one solid-state drive within the plurality of solid-state drives, (3) determining at least one attribute of an application, and (4) selecting the solid-state drive for caching at least one input/output operation of the application based at least in part on the attribute of the application in combination with the distinguishing hardware property of the solid-state drive. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Descriptions of files detected at endpoints are submitted to a security server. The descriptions describe the names of the files and unique identifiers of the files. The security server uses the unique identifiers to identify files having different names at different endpoints. For a given file having multiple names, the names are processed to account for name differences unlikely to have been caused by malware. The processed names for the file are analyzed to determine the amount of dissimilarity among the names. This analysis is used to generate a score indicating a confidence that the computer file contains malicious software, where a greater amount of dissimilarity among the names generally indicates a greater confidence that the computer file contains malicious software. The score is weighted based on file name frequency, the age of the file, and the prevalence of the file. The weighted score is used to determine whether the computer file contains malicious software.

Abstract: A computer-implemented method for enforcing geolocation-based policies may include (1) identifying a request from a computing system to access a computing resource, (2) identifying a public key certificate associated with the computing resource, the public key certificate including location data that indicates where the computing resource may be accessed from, (3) determining a current location of the computing system, (4) determining that the location data within the public key certificate indicates that the computing resource may be accessed from the current location of the computing system, and (5) allowing access to the computing resource based on the determination that the computing resource may be accessed from the current location of the computing system. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Various systems and methods can provide a flexible database schema. One method can store information identifying a first entity in a first table. A unified data model includes several tables, including the first table and a metadata table. Each of the tables stores information describing one or more entities belonging to a respective archetype. The first table already stores information identifying a second entity when the information identifying the first entity is stored. The second entity is already related to another entity when the information identifying the first entity is stored. The first entity is a new type of entity not already stored in the first table when the information identifying the first entity is stored. The method then stores metadata associated with the first entity in a metadata table. The metadata then identifies the new type of entity.

Abstract: Method and apparatus for simultaneous comparison of multiple backup sets maintained in a computer system are described. A plurality of backup sets of data maintained in a computer system including a hierarchy of objects is managed. In some examples, a graphical user interface (GUI) is displayed on a display coupled to the computer, the GUI having views configured show a first group of backup sets from the plurality of backup sets. Individual objects of a selected backup set in the first group of backup sets are pinned in a pinned view of the views in response to a first command. A second group of backup sets from the plurality of backup sets is shown in the views in response to a second command by sliding individual objects of at least one backup set in the plurality of backup sets across at least one unpinned view of the views with respect to the individual objects of the selected backup set in the pinned view.

Abstract: A computer-implemented method for managing system resources allocated for backup validation may include (1) identifying a computing system that is to be backed up, (2) monitoring at least one resource of the computing system in order to determine to what extent the resource is utilized, (3) identifying a minimum utilization level of the resource, (4) determining an amount of the resource required to validate a backup of the computing system, (5) configuring a validation system to validate the backup of the computing system, wherein resources of the validation system are allocated based at least in part on the amount of the resource required to validate the backup of the computing system, and (6) using the validation system to validate the backup of the computing system in order to reduce backup-validation resource consumption. Various additional methods, systems, and encoded computer-readable media are also disclosed.

Abstract: A computer-implemented method for validating members of social networking groups may include identifying a named social networking group with a plurality of members on a social networking platform, creating a social graph of the named social networking group based at least in part on a plurality of connections on the social networking platform between a plurality of members of the named social networking group, determining a connecting member of the named social networking group that exceeds a predetermined threshold of connections within the social network group, removing the connecting member of the named social networking group from the social graph, and determining that a disconnected member of the social graph may not be a valid member of the named social networking group, based on the disconnected member not meeting a second predetermined threshold of connections within the social graph. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: In a centralized credential management system, website credentials are stored in a vault storage at a vault. The website credentials are encrypted based upon a key not available to the vault and are for authenticating a user to a third party website. Through a client, a user authenticates to the vault and retrieves the encrypted website credentials and parameters and code for properly injecting the credentials into a website authentication form. The website credentials are decrypted at the client and injected into the authentication form using the parameters and code.

Abstract: A computer-implemented method for enforcing data loss prevention policies on sandboxed applications may include identifying an application process that is in a sandbox, wherein a broker process has created a file handle for a file on behalf of the application process within the sandbox, intercepting an input/output request performed on the file handle by the application process, wherein the input/output request comprises an identifier of the application process, extracting the identifier of the application process from the input/output request and enforcing a data loss prevention policy on the file by attributing the input/output request to the application process instead of to the broker process based on the identifier of the application process. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Embodiments of the present invention are directed to a method and system for virtual device communication filtering. The method includes receiving, within an electronic system, an instantiation request for a first virtual device and determining whether the first virtual device and a second virtual device are allowed to communicate based on an authorization record datastore. The method further includes modifying an authorization record of the authorization record datastore. The modifying comprises setting an indicator of a data filtering module to filter communication between the first virtual device and the second virtual device. A response can then be sent to the instantiation request.