Abstract: A computer-implemented method for implementing multi-factor authentication may include 1) receiving, as part of a secondary authentication system, an authentication request from a client system, 2) redirecting the client system to first perform a first authentication with a primary authentication system in response to receiving the authentication request, 3) receiving an assertion of the first authentication from the client system that demonstrates that the first authentication was successful, and 4) performing a second authentication with the client system in response to receiving the assertion of the first authentication. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An application is analyzed, thereby detecting behaviors of the application. Data indicative of the functionality of the application is mined from a plurality of sources. The application is categorized based on the mined data. The categorization of the application indicates expected application behaviors. Multiple categories can be assigned to the application, wherein each assigned category correlates with at least one expected application behavior. Measures of consistency between the detected behaviors of the application and the expected behaviors of the application are determined. Determining the measures of consistency comprises quantifying differences between detected behaviors of the application and expected behaviors of the application. Responsive to the determined measures of consistency, it is adjudicated whether the application is suspect of being malicious.

Abstract: A computer-implemented method for performing security scans may include 1) generating a first hash of a first file, 2) performing a first security scan on the first file, 3) storing the first hash to indicate a result of the first security scan of the first file, 4) identifying a second file and generating a second hash of the second file, 5) determining that the second hash of the second file is equivalent to the first hash of the first file and, in response, determining that the result of the first security scan of the first file applies to the second file, 6) identifying a third file and determining that the third file is volatile, and 7) performing a second security scan on the third file instead of generating a third hash of the third file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method of capturing data relating to a threat in a server processing system is described. Event history data that comprises a sequential chain of one or more events performed by a client processing system is received. Performance of the one or more events in the chain leads to a trigger event. The trigger event that occurred in the client processing system is also received. The server processing system receives the event history data in response to the client processing system detecting the trigger event. The events in the chain are analyzed in a reverse order to determine a starting point for the chain of events. The event history data is compared against past event history data received from a plurality of client processing systems in order to determine if the event history data and the past event history data comprise a series of common events. An entity associated with the series of common events is identified.

Abstract: Geo-tags embedded in user created media files are used to maintain a location history record for a mobile computing device. At least one gap in the location history record for the mobile computing device is identified. The mobile computing device is scanned to identify accessible media files in at least one specific format created during the gap. Such specific media formats can comprise photographs, videos, audio, etc. Identified media files created during the gap are scanned for embedded geo-tags. The location history record for the mobile computing device is updated with data points comprising locations of the mobile computing device as identified by geo-tags embedded in specific identified media files (e.g., locations of the device when specific digital photographs were taken), and the times at which the specific identified media files were created (e.g., the times at which specific digital photographs were taken).

Abstract: A reconfiguration is distributed among multiple nodes of a cluster. Upon detecting an initiation of a reconfiguration of the cluster, reconfiguration functionality is delegated from the master node to one or more slave nodes in the cluster. Thus, multiple nodes perform reconfiguration functionality in parallel, such that one or more slave nodes perform delegated reconfiguration tasks that would conventionally be performed by the master node. The cluster reconfiguration can be in the form of one or more nodes joining or leaving the cluster. Data to facilitate the cluster reconfiguration can be transmitted from the master node to a slave node to which reconfiguration functionality is being delegated. Such data can include, for example, identifiers of nodes joining or leaving the cluster and/or information concerning the architecture and shared storage media of the cluster.

Abstract: A computer-implemented method for detecting malware variants may include (1) identifying an application package file including at least one class file, (2) identifying a set of metadata fields within the class file, (3) comparing the set of metadata fields within the class file with a set of metadata fields within a corresponding class file found in a known malware package to determine a similarity between the application package file and the known malware package, and (4) determining, based on the similarity between the application package file and the known malware package, that the application package file is a threat variant in a same threat family as the known malware package. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: By placing computer specific remotely originated application data under control of a central identity management system, users can seamlessly run remotely originated applications after logging on to different computers in the enterprise. Cached application content received from a streaming server or network file system, as well as additional application specific data (e.g., files created by the application, configuration changes made by the application on the local computer, etc.), can be configured as central identity management system profile object, using a central identity management system such as Active Directory. This data is thus automatically treated as part of the user settings/profile, and made available on any computer within the enterprise. This results in an optimal application experience for users, regardless of which managed computer they logon to within the enterprise.

Abstract: A computer-implemented method for protecting networks from infected computing devices may include providing a computing system with a first level of access to a network. The method may also include determining that the computing system is infected with malware. The method may further include determining that the computing system cannot autonomously neutralize the malware. The method may additionally include modifying by an endpoint management system a network access control policy that controls network access of the first computing system. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Various methods and systems for using adaptive data compression in a backup system are disclosed. One method involves detecting whether to compress a unit of storage that is to be backed up. The detecting involves attempting to compress a portion of the unit of storage. If the attempt to compress the portion of the unit of storage meets a specified compression performance threshold, i.e., if the unit of storage is compressible, the unit of storage is compressed. Otherwise the unit of storage is not compressed.

Abstract: A communication in a social network involving a social networking profile is detected. One or more catalogs are applied to the communication. Each catalog is associated with an attribute and applying a catalog to the communication produces a catalog score measuring an appropriateness of the associated attribute in the communication. The one or more catalog scores of the one or more catalogs applied to the communication are combined to produce a communication score measuring an appropriateness of the communication. Based on the communication score, a determination is made on whether to issue an alert.

Abstract: Trojanized apps for mobile environments are identified. Multiple apps for a specific mobile environment are obtained from one or more external sources. Code and digital signers are extracted from the apps and stored. For each given specific one of the obtained apps, the code of the specific app is compared to the code of other obtained apps, to determine whether the specific app 1) contains at least a predetermined threshold amount of code in common with one of the other apps, and 2) contains additional code not contained therein. If so, the digital signer of the specific app is compared to the digital signer of the other app. If it is also the case that the digital signer of the specific app is not the same as the digital signer of the other app, the specific app is identified as being trojanized.

Abstract: Storage systems and methods are presented. In one embodiment, a data storage resource management method comprises: performing a data update process, including communicating a data update input output packet between a primary storage resource and a secondary storage resource, wherein corresponding data updates in the secondary storage resource are a mirror of data updates in the primary storage resource; and performing a reclamation process, including: communicating reclamation information in a reclamation input output packet through the same interface as the data update input output packet, wherein the reclamation input output packet is communicated between the primary storage resource and the secondary storage resource; and reclaiming storage locations on the secondary storage resource in accordance with reclamation information in the reclamation input output packet communicated between the primary storage resource and secondary storage resource.

Abstract: A method and apparatus for automating controlled computing environment protection is disclosed. In one embodiment, the method for automating controlled computing environment protection includes monitoring a controlled computing environment to process user activity information associated with a user computer and comparing the user activity information with abnormal behavior indicia to identify hostile user activity that denotes browser control circumvention.

Abstract: Various systems and methods for enabling use of analytic functions for distributed storage data are described. For example, one method involves generating an index for a data stream that includes a plurality of objects. The index indicates a location of each of the plurality of objects. The method also involves performing a plurality of first functions that generate a plurality of first outputs. Performing these first functions includes accessing objects based on the index and generating an output for each object. Each output also includes the respective object. The method also involves performing one or more second functions, where the second functions use the first outputs.

Abstract: A DNS security system collects and uses aggregated DNS information originating from a plurality of client computers to detect anomalous DNS name resolutions. A server DNS security component receives multiple transmissions of DNS information from a plurality of client computers, each transmission of DNS information concerning a specific instance of a resolution of a specific DNS name. The server component aggregates the DNS information from the multiple client computers. The server component compares DNS information received from a specific client computer concerning a specific DNS name to aggregated DNS information received from multiple client computers concerning the same DNS name to identify anomalous DNS name resolutions. Where an anomaly concerning received DNS information is identified, a warning can be transmitted to the specific client computer from which the anomalous DNS information was received.

Abstract: A method for maintaining group membership records includes 1) maintaining a record of group memberships for a membership hierarchy, the membership record identifying a direct relationship between a first object and a second object in the membership hierarchy, 2) receiving a membership update indicating that, as of a first point in time, a direct relationship between the second object and a third object changed, 3) updating the record of group memberships to reflect the change in the relationship between the second object and the third object, 4) deducing, based on the membership update and the record of group memberships, a change in an indirect relationship between the first object and the third object as of the first point in time, and 5) providing a view of object relationships within the membership hierarchy as the object relationships exist at the first point in time and a historical record of object relationships.

Abstract: A computer-implemented method for fetching troubleshooting data may include 1) receiving a request for information describing at least one potential cause of a failure within a computing environment, and, in response to the request, 2) identifying a set of relationships between a plurality of subsystems within the computing environment, 3) identifying a plurality of potential causes of the failure based on the set of relationships, and 4) responding to the request by providing the plurality of potential causes of the failure. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A log manager may store a validation indicator with each data block of a log entry. The log manager may create a header block for each log entry that may include a validation indicator or tag. Such a validation indicator may be stored within the metadata for each data block. The validation indicator may additionally be stored in the metadata for the header block and it may be stored in header block itself. When recovering such a log, according to some embodiments, the validation indicators for each data block are checked against the validation indicator in the header block.

Abstract: A method for displaying backup-status information for computing resources. The method may include (1) identifying at least one protected resource that is scheduled to be backed up periodically, (2) identifying a request to view backup-status information for the protected resource, (3) in response to the request, identifying each backup of the protected resource that was scheduled to occur during a prior window of time, (4) determining whether each scheduled backup of the protected resource was successful, and (5) displaying, within a graphical user interface, a visual backup status indicator for the protected resource for the prior window of time, wherein the visual backup status indicator visually indicates whether any scheduled backups of the protected resource failed during the prior window of time. Various other methods, systems, and computer-readable media are also disclosed.