Abstract: A method for managing migration may include detecting an attempt to perform migration from an existing off-host storage array to a new off-host storage array by 1) identifying a new communication path that appears to a host system as a path from the host system to the existing off-host storage array, 2) determining whether the new communication path comprises a standby path that is not actively being used for communication between the host system and the existing off-host storage array, 3) determining whether the new communication path actually comprises a path to the new storage array configured to appear to the host system as though it were the existing storage array, and 4) concluding that non-disruptive data migration is being attempted. The method may also include performing a management operation with respect to the new off-host storage array. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Monitoring for potential misuses of identity information is disclosed. A profile comprising a user's identity information is received. An indication from a third party website that at least a portion of the identity information in the user's profile is being or has been provided to register at the third party website, alter user information stored by the third party website, or both is received. Whether the indicated use of the identity information is a potential misuse is evaluated.

Abstract: A technique for intrusion detection analysis is disclosed. The technique comprises performing a first analysis, wherein the analysis results in a first event; performing a second analysis, wherein the second analysis analyzes the first event; and performing an action associated with the second analysis.

Abstract: A computer-implemented method may include identifying a file that includes one or more data blocks stored within a storage device. The computer-implemented method may also include determining that the file has been accessed more frequently than one or more other files stored within the storage device and then tracking the number of times that at least one data block associated with the file is accessed in the storage device. The computer-implemented method may further include determining that the number of times that the data block associated with the file has been accessed in the storage device is above a predetermined threshold. In addition, the computer-implemented method may include caching the data block associated with the file in a caching mechanism to decrease the amount of time required to access the data block. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A streamed application includes a plurality of application blocks. A first subset of the plurality of application blocks is pre-stored in a cache on a host computer system prior to initiating execution of the streamed application. The streamed application may then be executed. One or more application blocks of the first subset of the plurality of application blocks may be retrieved from the cache during execution of the streamed application in response to one or more requests to access the one or more application blocks of the first subset. A second subset of the plurality of application blocks may be received from a server computer system during the execution of the streamed application and may be stored in the cache. The second subset may include one or more application blocks that were not stored in the cache when the streamed application was installed.

Abstract: Providing security for a network is disclosed. Network traffic associated with a host is monitored. If an activity pattern associated with a configuration change of the host is observed, access by the host to the network is restricted based at least in part on the observed activity pattern.

Abstract: A method and apparatus for remediating backup data to control access to sensitive data is described. In one embodiment, the method for facilitating sensitive data remediation from backup images without a separate data store includes examining the backup images to identify sensitive data and modifying remediation information associated with the sensitive data, wherein the remediation information restricts access to the sensitive data to at least one corresponding access group.

Abstract: A computing device receives a document that was incorrectly classified as sensitive data based on a machine learning-based detection (MLD) profile. The computing device modifies a training data set that was used to generate the MLD profile by adding the document to the training data set as a negative example of sensitive data to generate a modified training data set. The computing device then analyzes the modified training data set using machine learning to generate an updated MLD profile.

Abstract: A computer-implemented method for fault recovery in multi-tier applications may include: 1) identifying a plurality of clusters, 2) identifying a multi-tier application that includes a plurality of components, each cluster within the plurality of clusters hosting a component, 3) identifying a fault of a first component within the plurality of components on a first cluster within the plurality of clusters, the fault requiring a first recovery action, 4) identifying at least one dependency relationship involving the first component and a second component within the plurality of components on a second cluster within the plurality of clusters, 5) determining, based on the fault and the dependency relationship, that the second component requires a second recovery action to ensure that the multi-tier application operates correctly, and 6) performing the second recovery action on the second component. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and apparatus for asynchronous analysis of URLs in messages in a live message processing environment whereby an identified URL included in a message identified for further analysis is extracted and prioritized based on one or more prioritization parameters. The URL is then sent from a live message processing stream to a URL analysis process and the live message processing stream is stalled, with respect to that message, until the results of the URL analysis process are received, or until a defined “timeout” period passes. The results, or “verdict”, of the URL analysis process are then sent back to the live message processing stream in an asynchronous manner based on the prioritization of the URL. If the results of the URL analysis process are not received by the live message processing stream before the defined “timeout” period passes, then the “best” action is taken based on the best available data/verdict.

Abstract: An apparatus identifies a request from a user device to access data on a storage server. The apparatus determines a sensitivity level of response data for a response to the request, security context of the response, and a routing action to perform for the response by applying a policy to the sensitivity level of the response data and the security context of the response. The apparatus executes the routing action for the response.

Abstract: A method and apparatus to provide a cryptographic protocol for secure authentication, privacy, and anonymity. The protocol, in one embodiment, is designed to be implemented in a small number of logic gates, executed quickly on simple devices, and provide military grade security.

Abstract: A computer system receives a request to access a server. The request includes a first device tag set. When the first device tag set matches a previously assigned device tag set, the computer system allows access to the server without requesting full access credentials of a user. The computer system invalidates the first device tag set, and sends a second device tag set. When the first device tag set does not match the previously assigned device tag set, the computer system requests full access credentials from the user.

Abstract: Threat emergence dates as well as file modification and scanning history are tracked to determine which files need to be scanned for possible infection by various attacking agents. Information concerning which scan engines are used to scan for the presence of different attacking agents is also tracked. Where given files only need to be scanned for a subset of all possible threats and the relevant scanning code resides in only a subset of all the scan engines, only the required scan engines are initialized, loaded or called in order to scan those files.

Abstract: In response to a trigger indicating to prevent access to confidential information on a specific user's mobile device, access is prevented to all parties, until a successful reauthorization occurs. Preventing access can comprise storing encrypted confidential information and removing the decryption key. In order to subsequently access the confidential information, a reauthorization attempt is made. The current geo-location of the mobile device at the time of the attempt is compared to at least one authorized geo-location associated with the specific user. In response to a) the password and user identifier being correct and to b) the current geo-location of the mobile computing device being an authorized geo-location associated with the specific user, the attempt to reauthorize is successful, whereas otherwise the attempt is unsuccessful. Only in response to a successful attempt is access to the confidential information re-allowed.

Abstract: A computer-implemented method for regulating the receipt of data transmitted from a messaging device is described. A security application that includes a blocking application is initialized. At least one setting for the blocking application is initialized. Incoming data transmitted from the messaging device are detected. At least a portion of the incoming data is blocked based on the initialized at least one setting for the blocking application.

Abstract: A graphical authentication identifier is used to facilitate automatic authentication of a user. A graphical identifier authentication system receives a request from an authenticating entity for a onetime use graphical authentication identifier. In response to the received request, a onetime use graphical authentication identifier to be displayed by the authenticating entity is generated. A request for user authentication information by the authenticating entity is encoded in the graphical authentication identifier, which is transmitted to the authenticating entity for display (e.g., on a login screen). The onetime use graphical authentication identifier being displayed by the authenticating entity is captured by a registered user operated computing device.

Abstract: A host validation system runs on a portable storage device, and protects data stored thereon from unauthorized access by host computers. The system identifies a host to which the portable device is coupled, for example by using the host's TPM. This can further comprise identifying the host's current configuration. The system uses the identification and configuration information to verify whether the host is approved to access data stored on the portable device. The system provides the host a level of data access responsive to this verification. This can involve denying all data access to the host, or providing at least some access to data stored on the portable device, for example based on a stored access policy specifying levels of access to provide to specific hosts with specific configurations.

Abstract: A graphical user interface can be provided for creating a digital certificate profile for a digital certificate. In one embodiment, a security metric is determined using a first subset certificate profile attributes selected by a user, and a usability metric is determined using a second subset of certificate profile attributes. Graphical representations of the security metric and a graphical representation of the usability metric can then be provided the graphical user interface. In one embodiment, the first subset of certificate profile attributes is the same as the second subset.

Abstract: A computer-implemented method for identifying fraudulent websites. The method may include identifying a fraudulent-website toolkit. The fraudulent-website toolkit may be programmed for use in creating a fraudulent website. The method may also include determining a characteristic of the fraudulent-website toolkit and using the characteristic of the fraudulent-website toolkit to identify a website created using the fraudulent-website toolkit. The website created using the fraudulent-website toolkit may be identified by searching for websites that comprise the characteristic of the fraudulent-website toolkit. The website created using the fraudulent-website toolkit may also be identified by determining that a web browser is attempting to access the website. Various other methods and computer-readable media are also disclosed.