Abstract: Techniques for automatic management of file system encryption drivers are disclosed.

Abstract: A method, in one embodiment, can include receiving a key and associated data via a computing device. Furthermore, the method can include searching a B+ tree data structure using the key to find a leaf node. The B+ tree data structure is stored by a persistent storage coupled to the computing device. The B+ tree data structure can include a first plurality of nodes that each contains a key-value entry that is not maintained in a sorted order based on its key. In addition, the key and associated data are appended to the leaf node. A sector that includes the leaf node and the key and associated data can be flushed to the persistent storage.

Abstract: The probability of a computer file being malware is inferred by iteratively propagating domain knowledge among computer files, related clients, and/or related source domains. A graph is generated to include machine nodes representing clients, file nodes representing files residing on the clients, and optionally domain nodes representing source domains hosting the files. The graph also includes edges connecting the machine nodes with the related file nodes, and optionally edges connecting the domain nodes with the related file nodes. Priors and edge potentials are set for the nodes and the edges based on related domain knowledge. The domain knowledge is iteratively propagated and aggregated among the connected nodes through exchanging messages among the connected nodes. The iteration process ends when a stopping criterion is met.

Abstract: A method and apparatus for determining whether a second computing system meets a minimum level of protection for a DLP policy of a first computing system are described. A DLP agent may monitor outbound data transfers performed by the first computing system, and determines a violation of a DLP policy in a current one of the outbound data transfers to a second computing system. The DLP agent initiates a handshake protocol with the second computing system to determine whether the second computing system meets a minimum protection level for the DLP policy. If the second computing system does not meet the minimum protection level for the DLP policy, the DLP agent prevents the current data transfer to the second computing system; otherwise, the DLP agent permits the current data transfer.

Abstract: A method includes assigning a port identifier to a first port on a node and communicating data on a first path between the first port and a logical unit on an active/passive storage array. The port identifier is registered in a persistent reservation scheme for the logical unit. The method also includes detecting a failure of the first path, de-assigning the port identifier from the first port, assigning the port identifier to a second port on the first node, and resuming communications between the node and the logical unit. One implementation of a system includes a first port configured to communicate with a storage device, a second port configured to communicate with the storage device, and an identifier management block. The identifier management block executes a failover with N_Port ID Virtualization commands that transfer a world wide port name from the first port to the second port.

Abstract: Various systems and methods for migrating replicated storage arrays. For example, one method can involve transferring a set of data from a first storage device to a second storage device. The method also involves terminating a replication relationship between the first storage device and establishing a new replication relationship between the second storage device and either the third storage device or a fourth storage device. Between the time that the replication relationship with the first storage device is terminated and the new replication relationship with the second storage device is established, the second storage device receives a plurality of change operations. The method involves applying the change operations to either the third storage device or fourth storage device.

Abstract: The process of acquiring SSL certificates for enterprise SSL customers is improved by reducing the number of steps used to acquire the SSL certificate and streamlining the process. An on-line CSR generator on the certificate enrollment form is used to submit the customer information (i.e. Common Name, Organizational Unit, Organization, City/Locality, State/Province, and Country Code) and generate the CSR. By making the CSR generation part of the enrollment process, the administrator can use the same enrollment form to submit the customer information along with the contact information pertinent to the enterprise.

Abstract: Behavior based signatures for identifying applications are generated. An application is monitored as it runs. Specific behaviors concerning the execution of the application are detected, and a behavior based signature representing detected behaviors is created, such that the behavior based signature can be used subsequently to identify instances of the application. Behavior based signatures identifying known malicious and/or non-malicious applications can be used to determine whether other applications comprise malware. To do so, a running application is monitored, and specific behaviors concerning the execution of the application are detected. The detected behaviors are compared to one or more behavior based signatures. Responsive to whether the detected behaviors match, a behavior based signature, it can be determined whether the application comprises malware.

Abstract: Systems and methods for information storage replication are presented. In one embodiment a storage flow control method includes estimating in a primary data server what an outstanding request backlog trend is for a remote secondary data server; determining a relationship of an outstanding request backlog trend to a threshold; and notifying a client that the primary data server can not service additional requests if the trend exceeds the threshold. In one embodiment the estimating comprises: sampling a number of outstanding messages at a plurality of fixed time intervals; and determining if there is a trend in the number of outstanding messages over the plurality of fixed time intervals. It is appreciated the estimating can be performed in a variety of ways, (e.g., utilizing an average, a moving average, etc). Determining the trend can include determining if values monotonically increase. The estimating in the primary server can be performed without intruding on operations of the remote secondary data server.

Abstract: The present disclosure provides for implementing a two-level fingerprint caching scheme for a client cache and a server cache. The client cache hit ratio can be improved by pre-populating the client cache with fingerprints that are relevant to the client. Relevant fingerprints include fingerprints used during a recent time period (e.g., fingerprints of segments that are included in the last full backup image and any following incremental backup images created for the client after the last full backup image), and thus are referred to as fingerprints with good temporal locality. Relevant fingerprints also include fingerprints associated with a storage container that has good spatial locality, and thus are referred to as fingerprints with good spatial locality. A pre-set threshold established for the client cache (e.g., threshold Tc) is used to determine whether a storage container (and thus fingerprints associated with the storage container) has good spatial locality.

Abstract: A method and apparatus for classifying behavior of an application based on its data access pattern is described. In one embodiment, the method includes monitoring file access events associated with an application, and determining whether at least one of the file access events indicates the application's attempt to manipulate data of a file. If at least one file access event indicates the application's attempt to manipulate the data within the file, then at least one action is caused to be performed.

Abstract: A computer-implemented method for performing backups may include identifying a volume of data targeted for backup. The computer-implemented method may also include identifying at least one data object within the volume of data. The computer-implemented method may further include locating a copy of the data object within an archival data store. The computer-implemented method may additionally include backing up a reference to the copy of the data object within the archival data store instead of backing up the data object. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system and method for efficiently accessing replicas of a storage object. A first node may perform a find operation to determine a plurality of nodes that each store a replica of a first storage object. For each node in the plurality of nodes, the first node may establish a direct connection to the node. The first node may then access the replicas of the first storage object using the respective direct connections to the plurality of nodes. In one embodiment, the nodes may be nodes in a peer-to-peer network. Establishing a direct connection to each storage object replica may enable the first node to communicate with each node in a single hop without having to pass messages via intermediate nodes in the peer-to-peer network.

Abstract: A computer-implemented method for determining the impact of a software change on the health of a computing system or an application installed on the computing system may comprise identifying the software change, performing a first health evaluation, allowing the software change to occur, performing a second health evaluation, and then determining the impact of the new application by comparing the results of the second health evaluation with the results of the first health evaluation. Exemplary methods for providing guidance on the potential impact of a software change and for determining the health impact of a software change based on information obtained from a plurality of computing systems are also disclosed. Corresponding systems and computer-readable media are also disclosed.

Abstract: A computer-implemented method for enhancing domain-name-server responses may include: 1) receiving a domain-name-system request, 2) identifying a domain of the domain-name-system request, 3) retrieving classification information relating to the domain from a third-party system, and 4) including the classification information in a response to the domain-name-system request. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and system for implementing network proxy are provided. The method includes: establishing a first connection between a client and a server through a proxy adapter, so as to enable the client to acquire status information of the server through the first connection; and if the status information of the server shows that the server is in a turn-on state, establishing a second connection between the client and the server, so as to enable the client and the server to transmit a data packet through the second connection. Through the method for implementing network proxy, the client acquires the status information of the server through the first connection, and only when the status information of the server is the turn-on state, could the second connection between the client and the server be established, thereby ensuring the reliability of establishing the second connection, and improving the user experience.

Abstract: A method and apparatus for logging write requests to a storage volume in a network data switch is described. In one example, a switch component in a switch receives a write request from a host server. The write request is associated with a destination in the storage volume. A logging element is identified that is associated with the destination of the write request. The logging element may be a switch component in the switch (e.g., a virtualization card), or may be dedicated logging circuitry in the switch. The identified logging element then logs a write intent for the destination in a log.

Abstract: A virtual disk can be created by using data from critical sectors of a primary physical disk. The creation of a virtual disk involves receiving sector numbers and corresponding data for critical sectors of a primary physical disk on a primary computing system, creating a virtual disk that comprises sectors, and writing data from the critical sectors of the primary physical disk into respective sectors of the virtual disk.

Abstract: A computer-implemented method may include (1) identifying a plurality of specific categories of sensitive information to be protected by a DLP system, (2) obtaining a training data set for each specific category of sensitive information that includes a plurality of positive and a plurality of negative examples of the specific category of sensitive information, (3) using machine learning to train, based on an analysis of the training data sets, at least one machine learning-based classifier that is capable of detecting items of data that contain one or more of the plurality of specific categories of sensitive information, and then (4) deploying the machine learning-based classifier within the DLP system to enable the DLP system to detect and protect items of data that contain one or more of the plurality of specific categories of sensitive information in accordance with at least one DLP policy of the DLP system.

Abstract: A method and apparatus for displaying data. In one embodiment, the method displays a summary icon at an intersection of a row and a column in a first display state. The method similarly displays the summary icon and the data represented by the summary icon by expanding a display pane to accommodate the data in a second display state.