Abstract: A host-based replication snapshot method. The method includes synchronizing a set of data objects stored at both a replication source node and a secondary node. The method further includes identifying changed data objects out of the set of data objects from the replication source node that have been modified during a time period between a first time and a subsequent second time. Metadata indicating the changed data objects from the replication source node is transmitted to the secondary node. A snapshot is then generated at the second time on the secondary node by using the metadata.

Abstract: An individualized time-to-live (TTL) is determined for a reputation score of a computer file. The TTL is determined based on the reputation score and the confidence in the reputation score. The confidence can be determined based on attributes such as the reputation score, an age of the file, and a prevalence of the file. The reputation score is used to determine whether the file is malicious during a validity period defined by the TTL, and discarded thereafter.

Abstract: Various methods and systems for performing cascaded replication are disclosed. For example, one method involves receiving an acknowledgment at a primary replication site from an intermediate replication site. The acknowledgment identifies whether a change has been applied to a remote replication site. The method also involves updating a journal, in response to the acknowledgment. The journal identifies whether the change is currently being replicated. The method can also involve detecting that the intermediate replication site is inaccessible. In response, the method synchronizes a copy of application data at the remote replication site by applying one or more changes identified in the journal to the copy of the application data at the remote replication site.

Abstract: A streaming server which streams an application to a client computer (“endpoint”), as well as the client on which the streamed application runs, makes predictions as to what sections of the application the client is likely to execute in the future. Upon receipt of an indication (e.g., from a system administrator) of a planned service outage of the server or the network, the server transmits the application content that is predicted to be needed by the client during the outage in order to continue executing the application without interruption. The client receives and caches the content. Provided that the prediction is sufficiently accurate, the client can continue to seamlessly execute the application during the service outage.

Abstract: Techniques for data backup management are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for data backup management comprising identifying a base image for a plurality of data backup endpoints, creating, using at least one computer processor, a backup of the base image, storing the backup of the base image as a common backup for the plurality of data backup endpoints, and tracking changes to the base image at one or more of the plurality of data backup endpoints.

Abstract: A computer-implemented method for authenticating devices may include (1) identifying a request from a device for a credentialing service to issue a credential to the device, the request including an application identifier encrypted with a first encryption key, the first encryption key having been derived by the device based on a token provisioned to the device by a vendor of the device, (2) transmitting the request to the credentialing service, (3) receiving, from the credentialing service, the credential encrypted using a second encryption key, the second encryption key having been derived by the device based on the token, and (4) providing the encrypted credential to the device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and apparatus for determining whether a document is to be protected is described. In one embodiment, a computer system identifies a document to be categorized. The computer system then determines one or more probabilities that the document belongs to one or more of a plurality of predefined categories, the probabilities based on profiles of the predefined categories. The computer system then determines whether the probabilities indicate that the document is to be protected, and, if the document is to be protected, causes the document to be used in data loss detection.

Abstract: A computer-implemented method for prioritizing the monitoring of malicious uniform resource locators for new malware variants may comprise: 1) identifying at least one malicious uniform resource locator, 2) collecting priority information relating to the malicious uniform resource locator, wherein the priority information comprises information relevant to prioritizing monitoring of the malicious uniform resource locator for new malware variants, 3) determining, based on the priority information, a monitoring-priority level for the malicious uniform resource locator, and then 4) allocating, based on the monitoring-priority level, a monitoring resource for monitoring the malicious uniform resource locator. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for indexing backup content may include identifying a backup of live data. The computer-implemented method may also include identifying a content index that indexes at least a part of the live data. The computer-implemented method may further include identifying a set of files in the backup that correspond to a set of files indexed by the content index. The computer-implemented method may additionally include indexing the content of the set of files in the backup based on the index information of the set of files indexed by the content index. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for directory data resolution are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for directory data resolution comprising receiving data identifying one or more groups of interest of a directory server, traversing, using a processor, one or more directory entries contained in hierarchical directory data, the traversal starting at a directory entry corresponding to a current group of interest, reading a first directory entry to identify a member contained in the first directory entry, adding, in the event a member is contained in the first directory entry, the current group of interest to a mapping for the member. The method may also include use of caching and recursion.

Abstract: A method and apparatus for detecting preselected data embedded in electronically transmitted messages is described. In one embodiment, the method comprises monitoring messages electronically transmitted over a network for embedded preselected data and performing content searches on the messages to detect the presence of the embedded preselected data using an abstract data structure derived from the preselected data.

Abstract: A method for preventing Domain Name System (DNS) spoofing includes: performing uppercase/lowercase conversion for letters of a DNS question field in a DNS request packet according to a preset rule; sending the DNS request packet; receiving a DNS response packet; obtaining uppercase/lowercase distribution of the letters of the DNS question field in the DNS response packet; and forwarding the DNS response packet to a target DNS client if the uppercase/lowercase distribution of the letters of the DNS question field in the DNS response packet complies with the preset rule. Corresponding to the method, a device for preventing DNS spoofing is disclosed. The method and device reduce occupation of storage resources of the device.

Abstract: A method and apparatus for autonomously managing a computer resource using a security certificate is described. In one embodiment, the method includes identifying attribute information from secure communications within the computing environment, wherein the attribute information is associated with a trusted relationship and establishing at least one resource parameter for customizing the computer resource based on the attribute information.

Abstract: A method and apparatus for automatically obtaining web page content in the presence of redirects whereby an incoming message is received and analyzed to determine if the message contains any URLs. Any detected URLs are then extracted and activated to analyze the contents of the web page linked to by the URL. The HTTP response headers and content sent from a web page server in response to the browser HTTP requests to activate the URL link are analyzed to determine if the response includes a redirect to a new, or destination, URL, and associated web page, i.e., to determine if the detected URLs result in redirects. If the HTTP response indicates a redirect, a URL redirect analysis process is initiated that includes a set of redirect processing procedures that are selectively applied depending on the type of redirect encountered, and each redirect is automatically followed. For chains of redirects, the process is recursive, i.e.

Abstract: Various methods and systems for automatically obtaining documents that are referenced by an electronic communication, such as an email or instant message, for archival are disclosed. One method involves searching at least a portion (e.g., the header and/or body) of an electronic communication for a reference to a document and, in response to detecting the reference, automatically obtaining an electronic copy of the document. The electronic copy of the document can then be archived.

Abstract: An execution environment of a computer computes an initial effective permissions set for managed code based on user identity evidence, code evidence and/or a security policy and executes the code with this permissions set. If the managed code requests a data access, the execution environment considers data evidence that indicates the trustworthiness of the requested data. The data evidence can be based on the source of the data, the location of the data, the content of the data itself, or other factors. The execution environment computes a new effective permissions set for the managed code based on the data evidence and the security policy. This new effective permissions set is applied to the managed code while the code accesses the data. The execution environment restores the initial permissions set once the managed code completes the data access.

Abstract: A computer-implemented method for altering the state of a computing device via a contacting sequence is described. A contacting sequence is detected on a display of the computing device in a first state. The contacting sequence is compared to at least one contacting sequence stored in a database. A determination is made whether the detected contacting sequence matches at least one contacting sequence stored in the database. If the detected sequence matches at least one contacting sequence stored in the database, the first state of the computing device is altered to a second state.

Abstract: A computer-implemented method for preventing heap-spray attacks may include identifying an object-oriented program. The computer-implemented method may also include identifying, within the object-oriented program, a request to allocate memory for a polymorphic object. The polymorphic object may include a pointer to a virtual method table that supports dynamic dispatch for at least one method of the polymorphic object. The computer-implemented method may further include identifying an area of memory reserved for polymorphic objects. The computer-implemented method may additionally include allocating memory for the polymorphic object from the reserved area of memory. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and apparatus for providing claim validation without storing user information within the IDM system. During enrollment, the IDM system creates a hash representative of the identification information provided by a user. The user information is discarded, i.e., not stored within the IDM system. Only a hash representing that information is stored within the system. Upon a user providing information to a service provider, the service provider requests that the user's information be authenticated by a third party IDS system. The service provider will request such authentication from the IDM system identified by the user. The IDM system generates, from the user's information that was provided to the service provider, a signed token that is sent to the user for use by the user to access the service provider's services. In this manner, the IDM system does not store identification information of the user.

Abstract: A method and apparatus for monitoring a computer system for malicious software is provided. The method for monitoring malicious software proliferation includes processing a deceptive contact address associated with a monitoring device and inserting the deceptive contact address into a contact list, wherein malicious software self-propagates through the contact list, wherein the monitoring device receives a copy of the malicious software through the deceptive contact address.