Abstract: A computer-implemented method may include identifying a request to restore an image to a target disk while a first operating system is running on the target disk and creating a file in a first file system of the first operating system. The method may also include mapping a position in the file to a location on the target disk to provide a map that associates the position in the file with the location on the target disk. The method may further include using the map to write at least a portion of the image to the target disk to provide a restored operating system on the target disk. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for enabling community-tested security features for legacy applications may include: 1) identifying a plurality of client systems, 2) identifying a legacy application on a client system within the plurality of client systems, 3) identifying a security-feature-enablement rule for the legacy application, 4) enabling at least one security feature for the legacy application by executing the security-feature-enablement rule, 5) determining the impact of the security-feature-enablement rule on the health of the legacy application, and then 6) relaying the impact of the security-feature-enablement rule on the health of the legacy application to a server. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system and method for escalating a level of backup protection for a cluster of nodes are described. A backup software application may be configured to backup application data used by the cluster of nodes according to a first level of backup protection. In response to detecting a failure of a node in the cluster, the backup software application may be reconfigured to backup the application data used by the cluster of nodes according to an escalated level of backup protection. For example, reconfiguring the backup software application to backup the application data according to the escalated level of backup protection may cause the backup software application to increase a frequency at which backup operations for backing up the application data are performed.

Abstract: A technique for providing computer security is described. The technique comprises providing network configuration information on a dynamic network; determining whether the network configuration information meets a criterion; and in the event the configuration information meets the criterion, configuring a decoy associated with the network.

Abstract: A method and apparatus for detecting an intermittent path to a storage system comprising accessing path statistics comprising indicia of path state of a path to a storage system, determining whether the path state has changed during a predefined period and, if the path state has changed at least a predefined number of times during the predefined period, identifying the path as intermittent. Once a path is deemed intermittent, the path is aged until either the path is no longer intermittent or the path is deemed dead.

Abstract: A system and method for efficient transfer of encrypted data over a low-bandwidth network. A backup server and a client computer are coupled to one another via a first network. The backup server is coupled to a remote data storage via another network, such as the Internet, also referred to as a cloud. The backup server encrypts received data for backup from the client computer. Cryptography segment and sub-segment sizes may be chosen that are aligned on a byte boundary with one another and with selected backup segment and sub-segment sizes used by backup software on the remote data storage. A selected cryptography algorithm has a property of allowing a given protected sub-segment with the cryptography sub-segment size to be decrypted by initially decrypting an immediate prior protected sub-segment that has the same cryptography sub-segment size. Therefore, the size of data transmitted via the cloud may be smaller than the cryptography segment size.

Abstract: Methods, apparati, and computer-readable media for updating proxy executable code. An apparatus embodiment of the present invention comprises generic universal proxy executable code that can be instantiated multiple times, with each instance being driven by a different set of files comprising a protocol specification file and a proxy activity code file, to control protocol decomposition and proxy functions, respectively. In a method embodiment of the present invention, a protocol specification is created or updated; proxy activity code, separate from the protocol specification, is created or updated; and the proxy executable code is executed using the protocol specification and the proxy activity code.

Abstract: A system and method for transmitting packets over two different network protocols without protocol conversion in any switches. A computer system comprises host computers and target storage arrays, or targets, coupled to one another through a Enhanced Ethernet network. Each of the host computers and the targets is configured to transmit encapsulated packets, such as a Fiber Channel over Ethernet (FCoE) packet. During system configuration, each of the targets is set to be the only target included in a virtual local area network (VLAN) with a corresponding unique VLAN identifier (ID). A given host computer logins to multiple assigned targets using a predefined Fiber Channel protocol. In response to a login request, a corresponding target assigns and conveys a N_Port ID that comprises a VLAN ID and a unique Host ID to the host computer in a reply message. A virtual link is established between the host computer and the target storage array.

Abstract: A method for simultaneously configuring multiple independent backups. The method may include (1) identifying a backup environment managed by a backup system, (2) identifying a request from a user to configure a plurality of backups within the backup environment, wherein each backup within the plurality of backups specifies, independent of any other backup, a backup operation to be performed by the backup system on a computing resource within the backup environment, (3) providing a graphical user interface that allows the user to simultaneously configure each backup within the plurality of backups, (4) receiving a request, from the user via the graphical user interface, to simultaneously configure each backup within the plurality of backups, and (5) in response to the request to simultaneously configure each backup within the plurality of backups, independently configuring each backup within the plurality of backups so as to maintain the independence of each backup.

Abstract: A system and method for restoring multiple content databases of a web application are disclosed. A restoration GUI may indicate one or more available recovery times. User input selecting a particular recovery time may be received. The selected recovery time may correspond to a first time when a first database was backed up. The system may determine that the web application also included one or more other databases in addition to the first database at the first time. Information indicating the first database together with the one or more other databases may be displayed in association with the selected recovery time in the graphical user interface.

Abstract: Techniques are disclosed for encrypting application data files using a format-friendly encryption process. A software agent may create an encrypted version of an application file using the same data file format of the unencrypted file. For example, when a user encrypts a word processing document, the software agent outputs a word processing document which includes an encrypted copy of the first word processing document. Application data files for other file formats may be encrypted in a similar manner. Further, format-friendly encrypted documents may include instructions for accessing the encrypted content, allowing the standard applications for accessing a given file format to present the instructions to a user. Creating encrypted document using the format-friendly encryption formats allows users who access an encrypted file hosted by a cloud storage provider to receive the information needed to access that application file.

Abstract: A method and apparatus for resolving a cousin domain name to detect web-based fraud is described. In one embodiment, the method for resolving cousin domain names of a legitimate domain name comprising applying at least one rule to a domain name to generate one or more candidate cousin domain names and comparing the at least one candidate cousin domain name with legitimate domain information to identify the legitimate domain name that is imitated by at least one portion of the domain name.

Abstract: Techniques for identifying optimized malicious search engine results are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for identifying optimized malicious search engine results comprising receiving a search item result, analyzing, using a computer processor, the search item result in a secure environment to detect malicious content hidden using network redirection, determining that the search item result is associated with malware, and providing an indicator that the search item result is associated with malware.

Abstract: A computer-implemented method may include monitoring a computing system for evidence of potential data failures within the computing system. The computer-implemented method may also include detecting evidence that indicates a potential data failure while monitoring the computing system and identifying data implicated in the potential data failure based on the detected evidence. The computer-implemented method may further include initiating an action configured to proactively facilitate restoration of at least a portion of the data implicated in the potential data failure prior to determining whether the data implicated in the potential data failure needs to be restored. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and apparatus for automatically configuring and provisioning cryptographic certificates is described. A certificate management sensor receives instructions from a first computing device to analyze a second computing device to identify an application on the second computing device associated with cryptographic network traffic on the second computing device, generates an application fingerprint based on application characteristics of the application, transmits the application fingerprint and a certificate signing request (CSR) to a certificate management system (CMS), and receives second instructions from the CMS to automatically install a cryptographic certificate on the second computing device based on the application fingerprint and CSR.

Abstract: A method and apparatus for preserving virtual desktops for e-discovery using an agent-less solution is provided. In one embodiment, the method for providing an agent-less solution to prevent at least one virtual desktop from expiration comprises processing a directory to identify at least one virtual machine used by at least one data custodian as at least one virtual desktop and automatically communicating at least one snapshot of the at least one virtual machine to preserve the at least one virtual desktop.

Abstract: A computer-implemented method for determining a file set may include identifying a file set and identifying a key file for the file set. The method may also include transmitting a key-file identifier to a second computing system. A first computing system may receive first and second file identifiers from a second computing system. The first computing system may determine whether the file set comprises a file identified by the first file identifier, and whether the file set comprises a file identified by the second file identifier. The method also includes transmitting a result of the determination to the second computing system. A method for determining a file set on a second computing device is also disclosed. Corresponding systems and computer-readable media are also disclosed.

Abstract: A key set is registered. The registering the key set includes registering a first shared data resource key. The first shared data resource key includes a first identifier associating a first process with a first shared data resource. The registering the key set further includes registering a second shared data resource key, and the second shared data resource key includes a second identifier associating a second process with a second shared data resource. A failure of a first process is detected, and in response to the detecting the failure of the first process, the first shared data resource key is de-registered. The second shared data resource key remains registered after the de-registering the first shared data resource key.

Abstract: Fake exception handlers resulting from malicious stack buffer overflows that overwrite an exception handling record on the stack are detected. The operating system exception processing logic is monitored. Responsive to an exception occurring, an exception handler to be called by the monitored operating system exception processing logic is identified. A specific number of the first bytes of the identified exception handler are scanned to determine whether a return instruction is present therein. Instructions of the identified exception handler that are positioned prior to the return instruction are analyzed to determine whether they modify the value of the stack pointer so as to shrink the stack. The identified exception handler is adjudicated as being fake, responsive to determining that a return instruction is present in the first specific number of bytes of the exception handler and/or that the instructions positioned prior to the return instruction shrink the stack.

Abstract: Techniques are disclosed for authenticating users to a computing application. A relying application transmits a login page to a user requesting access to the application. The login page may include a QR code (or other barcode) displayed to the user. The QR code may encode a nonce along with a URL address indicating where a response to the login challenge should be sent. In response, the user scans the barcode with an app on a mobile device (e.g., using a camera on a smart phone) to recover both the nonce and the URL address. The mobile device may also include a certificate store containing a private key named in a PKI certificate. The app signs the nonce using the private key and sends the signed nonce in to the URL in a response message.