Abstract: Techniques are described for generating a monosemous (i.e., single sense) keyword list associated with a particular domain (e.g., a medical or financial domain) for document classification. An input term frequency dictionary, a candidate keyword list, and a document corpus may be used to generate the keyword list. A collection of documents is divided into two sets, one related to a target domain and one not. A statistical approach may be used to evaluate each term in the candidate list to determine a measure of how monosemous each remaining candidate term is, i.e., how strongly the term (or short phrase) identifies with a single sense. Terms with a primarily single sense related to the target domain are added to the monosemous keyword list. The keyword list may be used to identify documents associated with the domain, allowing, the appropriate protections to be applied to the document (e.g., do not send outside an enterprise boundary or permit copying).

Abstract: A method and apparatus for detecting violations of data loss prevention (DLP) policies based on reputation scores. Using a DLP agent, monitors outbound data transfers performed by the computing system, and determines a reputation score for at least one of the data transfers to a destination entity specified to receive the at least one data transfer based on a data type of the data being transferred to the destination entity.

Abstract: A parental policy is enforced for online purchases. A parent enters a parental policy indicating items that are prohibited for a child. When the child attempts to add an item to a wish list, it is determined whether the item is permitted according to the policy. If so, the addition of the item to the wish list is allowed to proceed. If the policy prohibits the item, the addition of the item to the wish list is blocked. Additionally, the parent can be informed (via email, telephone, etc.) of the attempt to add the item to the wish list. The same logic can be applied to attempts to purchase items for children, or attempts to purchase items by children.

Abstract: A system and method for determining the data that should be backed up by a plurality of backup policies are described. A global file change log that lists which files have been changed may be maintained. The global file change log may be processed to distribute the file change information into policy-specific file change logs. A global block change bitmap may also be maintained. The global block change bitmap may indicate which data blocks of the files have been changed. Performing a respective backup operation for a respective backup policy may include backing up only the data blocks that have changed in the files listed in the respective policy-specific file change log since a previous backup operation for the respective backup policy was performed. The data blocks that have changed may be specified in a respective policy-specific block change bitmap for the respective backup policy.

Abstract: Techniques are disclosed for implementing dynamic endpoint management. In accordance with one embodiment, whenever an endpoint joins a managed network for the first time, or rejoins that network, a local security module submits a list of applications (e.g., all or incremental) to a security server. The server validates the list and sends back a rule set (e.g., allow/block rules and/or required application security settings) for those applications. If the server has no information for a given application, it may further subscribe to content from a content provider or service. When the server is queried regarding an unknown application, the server sends a query to the service provider to obtain a trust rating for that unknown application. The trust rating can then be used to generate a rule set for the unknown application. Functionality can be shifted from server to client, and vice-versa if so desired.

Abstract: A computing system identifies shared cloud accounts of a cloud that are created for an entity. The computing system resides outside of the cloud. The number of shared cloud accounts is less than a number of entity users that use the cloud. The computing system determines that one of the users is authorized to use any of the shared cloud accounts in response to a determination that identity information of the user is valid. The computing system receives a request from the user to access the cloud and determines whether one of the shared cloud accounts is available to be assigned to the user. The computing system adds the request to a queue based on a determination that none of the shared cloud accounts is available and assigns one of the cloud accounts to the user based on a determination that one of the shared cloud accounts is available.

Abstract: A computer-implemented method for safely migrating to virtualized platforms may include (1) identifying a virtual machine that is a target of a physical-to-virtual conversion from a physical server, (2) determining that the physical-to-virtual conversion includes at least one future step before the physical-to-virtual conversion is complete, (3) based on determining that the physical-to-virtual conversion includes the future step, creating a snapshot of the virtual machine before the future step, and (4) reverting the virtual machine to the snapshot before the future step. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for managing authentication may include identifying authentication-capabilities information of an online service. The computer-implemented method may also include identifying, within the authentication-capabilities information, a specification indicating how a remote computing agent may interact with the online service to perform an authentication function supported by the online service. The computer-implemented method may further include using the specification to interact with the online service to perform the authentication function. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Analyzing backup objects maintained by a de-duplication server. A plurality of first objects may be maintained. Each first object may refer to second object(s) and each second object may refer back to at least one first object. For each respective first object, the respective first object may be analyzed to determine the one or more second objects referred to by the respective first object. Correspondingly, a command may be generated for each respective second object of the determined second object(s), thereby generating a plurality of commands. Each command may be used to verify that the respective second object refers back to the respective first object. The plurality of commands may be sorted into a disk access order. The commands may be used to verify that each second object refers back to first objects that refer to the second object.

Abstract: A filtering policy is defined responsive to parental directives. The filtering policy specifies to filter a child's access to content based on fact-based categorization and subjective factors, such as the emotional tone, expressed sentiment, extremity and/or expressed subjectivity. Content is categorized based on the occurrence of predefined words. A sentiment-based analysis of content is also performed. The categorization and/or analysis can occur prior to a child's attempt to download the content, or in real-time in conjunction with a download attempt. Attempts by the child to access content are detected. It is determined whether the filtering policy permits the child to access the content in question, responsive to results of the categorization and sentiment-based analysis of that content. If so, the attempted access is allowed to proceed. If not, the access attempt is blocked.

Abstract: A method and apparatus for processing transactional file system operations to enable point in time consistent file data recreation and recovery from transactional file systems is described. In one embodiment, the method includes processing input/output activity associated with file data that is used in a computing environment to identify at least one transaction and segregating the input/output activity based upon the at least one transaction to enable point in time consistent data recreation for the file data.

Abstract: A method for inserting a validated time-image on a primary CDP subsystem in a continuous data protection and replication (CDP/R) subsystem. In one embodiment, the method includes processing data of RI1 at a secondary system in accordance with a recovery process, wherein RI1 is a first image of a replication of a data object. First data is generated in response to processing the data of RI1 in accordance with the recovery process, wherein the first data relates to processing the data of RI1 in accordance with the recovery process. Once the first data is generated, a copy of the first data is transmitted to a primary system that stores the data object.

Abstract: Multiple versions of a sequential dataset are maintained without storing the full file set for each version. A full file set for the current version is stored, as well as a chain of forward and/or reverse patches between adjacent versions. New content for the dataset is received, and a new current version is built that includes this new content. Patches between the new and immediately previous versions are built and stored. When a request is received from a client for an update to the current version, multiple patches of the chain are merged, from the client version of the dataset to the current version. This merging of patches creates a single direct delta, which comprises all operations for updating the client version to the current version. The direct delta is then transmitted to the client.

Abstract: A computer-implemented method for determining whether an application impacts the health of a system may comprise detecting an application, performing a first system-health evaluation, allowing the application to install on the system, performing a second system-health evaluation after the application is installed on the system, and comparing the second system-health evaluation with the first system-health evaluation to determine whether the application impacted the health of the system. Exemplary methods for determining the potential impact of an application on the health of a system and for calculating a system-health-impact score for an application based on information gathered from a plurality of systems are also disclosed. Corresponding systems and computer-readable media are also disclosed.

Abstract: Systems and methods for information storage replication are presented. In one embodiment a replication method includes performing an intelligent synchronization process of selected portions of a primary image and intelligent verification of the accuracy of the replication. The intelligent synchronization process can include forwarding information if the information is in use (e.g., has been altered, written to, etc.) and the intelligent verification can be performed on the information in use.

Abstract: A computing device receives a training data set that includes a plurality of positive examples of sensitive data and a plurality of negative examples of sensitive data. The computing device analyzes the training data set using machine learning to generate a machine learning-based detection (MLD) profile that can be used to classify new data as sensitive data or as non-sensitive data. The computing device computes a quality metric for the MLD profile.

Abstract: Quality of service is provided to prioritized VMs and applications, based on the varied quality of different shared computing resources. Each VM or application has an associated priority. A quality rating is dynamically assigned to each shared computing resource. Requests for shared computing resources made by specific VMs or applications are received. For each specific received request, the current priority of the requesting VM or application is identified. In response to each received request, a specific shared computing resource is assigned to the specific requesting VM or application. This assignment is made based on the current priority of the requesting VM or application and the current quality rating of the shared computing resource, thereby providing quality of service to the requesting VM or application corresponding to its current priority.

Abstract: A computer-implemented method for detecting malicious digitally-signed applications. The method may include 1) identifying an application package file that has been digitally signed, wherein the application package file is used to distribute an application, 2) comparing the application package file to a set of known application package files, 3) determining that the application package file has been repackaged from a known application package file, 4) comparing a public key associated with a digital signature of the application package file to a public key associated with a digital signature of the known application package file, 5) determining that the public key associated with the digital signature of the application package file and the public key associated with the digital signature of the known application package file are different, and 6) performing a security action on the application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for creating and synchronizing security metadata for data objects within a synchronized-data network is disclosed. This method may comprise: 1) identifying a data object, 2) determining the trustworthiness of the data object, 3) generating security metadata for the data object that identifies the trustworthiness of the data object, and 4) synchronizing the security metadata within the synchronized-data network. The method may also comprise identifying a need to perform a security operation on the data object to determine the trustworthiness of the data object and then offloading or load balancing the security operation within the synchronized-data network. Corresponding systems and computer-readable media are also disclosed.

Abstract: A system and method for creating a consistent view of previously backed up data. In one embodiment, a point in time copy of a set of data is requested. The point in time copy includes a base image of the set of data and additional data corresponding to transactions targeted to the set of data which are received during creation of the point in time copy. A subset of the additional data usable to generate a consistent view of the set of data from the base image is determined. A file that includes a set of changes to the base image represented by the subset is created and stored in association with the base image. Responsive to a request for access to the copy, the previously stored subset is utilized to create a consistent virtual view of the copy from the base image.