Abstract: A method may include detecting initiation of a power-management mode that suspends the functionality of at least one component of a computing device while maintaining the functionality of the device's memory. The method may also include, before the device enters the power-management mode, (1) identifying, within the device's memory, an encryption key that is required to access encrypted data stored in the device's storage device, and (2) removing the encryption key from the device's memory in order to protect against unauthorized access of the encrypted data during implementation of the power-management mode. The method may also include, upon detecting discontinuation of the power-management mode, (1) obtaining user credentials from a user of the device in order to authenticate the user and, upon successfully authenticating the user, (2) using the user credentials to regenerate the encryption key in order to enable access to the encrypted data stored in the storage device.

Abstract: Techniques for behavior based malware analysis are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for behavior based analysis comprising receiving trace data, analyzing, using at least one computer processor, observable events to identify low level actions, analyzing a plurality of low level actions to identify at least one high level behavior, and providing an output of the at least one high level behavior.

Abstract: Techniques for mitigating forgotten password attacks are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for mitigating forgotten password attacks comprising receiving an indication of a forgotten password communication for a user, identifying verification information associated with the forgotten password communication, determining a level of difficulty of inferring the verification information based on public information associated with the user, and calculating a level of risk associated with the verification information.

Abstract: A computer-implemented method for using property tables to perform non-iterative malware scans may include (1) obtaining at least one malware signature from a security software provider that identifies at least one property value for an item of malware, (2) accessing a property table for a computing device that identifies property values shared by one or more application packages installed on the computing device and, for each property value, each application package that shares the property value in question, and (3) determining, by comparing each property value identified in the malware signature with the property table, whether any of the application packages match the malware signature without having to iterate through the individual property values of each application package. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and apparatus for securing a computer from malicious threats through generic remediation is described. In one embodiment, the method for securing a computer from malicious threats through generic remediation includes processing at least one malicious threat to the computer, wherein the at least one malicious threat is not associated with a specific remediation technique and examining information regarding prior remediation of the at least one malicious threat by at least one computer to determine at least one remediation technique for the at least one malicious threat.

Abstract: Outbound communication from a computer is monitored, and requests to access remote links are identified. This process identifies attempts by users to access links provided by third parties in emails and such, as well other attempts by users to access remote domains. Domains in the identified requests are profiled, by testing them for properties associated with known legitimate domains, and for properties associated with known fraudulent domains. A trustworthiness score for a domain is calculated based on the results of the profiling. The trustworthiness score is compared to a predetermined threshold, and from the results it is determined whether or not the domain is legitimate. If the domain is fraudulent, appropriate action is taken, such as blocking the attempt to access the domain.

Abstract: A method and apparatus for employing honeypot systems to identify potential malware containing messages whereby a decoy system to receive illegitimate e-mails is established. E-mails sent to the spam e-mail honeypot decoy are initially scanned/filtered and e-mails that are not considered possible malware containing e-mails are filtered out while the remaining e-mails sent to the spam e-mail honeypot decoy are identified as potential malware containing e-mails. One or more features, and/or feature values, of the identified e-mails are then identified, extracted and ranked. Once a given feature, and/or feature value, occurs more than a burst threshold number of times, the status of the given feature, and/or feature value, is transformed to that of suspicious e-mail parameter.

Abstract: A computer-implemented method for predictive responses to internet object queries may include receiving a query from a client to evaluate a first internet object. The computer-implemented method may also include analyzing the query to predict a set of additional internet objects for which the client may subsequently request an evaluation. The computer-implemented method may further include transmitting an evaluation of the first internet object and of each additional internet object in the set of additional internet objects to the client. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Computer-implemented methods, systems, and computer-readable media for automatically generating computer-assistance videos based on remote interactive-guidance sessions are disclosed. In one example, an exemplary method for performing such a task may comprise: 1) detecting initiation of a remote interactive-guidance session between a local computing device and a remote computing device, 2) recording the remote interactive-guidance session, 3) storing the recorded interactive-guidance session in a media file, and then 4) providing access to the media file.

Abstract: In the field of communications technology, a method and a system for forwarding data between private networks are provided, which can enable terminals in different private networks to securely communicate with each other by using private network addresses. The method includes the following steps. A Secure Socket Layer (SSL) tunnel to an SSL Virtual Private Network (VPN) device in another private network is established. Address allocation information of the another private network is received through the SSL tunnel. The address allocation information and a mapping relation between the address allocation information and a public network IP address of the SSL VPN device transmitting the address allocation information and a session ID of the SSL tunnel transmitting the address allocation information are saved.

Abstract: A computer-implemented method for reclaiming storage space on striped volumes may include: 1) identifying a volume striped across a set of storage devices, 2) identifying a reclamation request to reclaim storage space allocated to the striped volume and then, for at least one device in the set of storage devices, 3) identifying stripes of storage on the device that are covered by the reclamation request, 4) creating a consolidated reclamation request for the device that identifies each stripe of storage on the device that is covered by the reclamation request, and then 5) issuing the consolidated reclamation request to the device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computing device executing a data loss prevention (DLP) system tracks bait data on at least one of the computing device or a network. The DLP system identifies a potential security threat in response to detecting unscripted activity associated with the bait data. The DLP system performs an action in response to identifying the potential security threat.

Abstract: A system and method are disclosed for providing security for a computer network. Content is generated for a computer associated with the network. It is determined whether a user should be routed to the generated content. If it is determined that the user should be routed to the generated content, the user is so routed.

Abstract: Techniques for parsing electronic files are disclosed. In one particular exemplary embodiment, the techniques may be realized as an apparatus for parsing electronic files comprising an input module operable to read one or more electronic files, a syntax element store, associated with one or more syntax elements, a mutation module operable to mutate one or more of the one or more syntax elements and parse the one or more electronic files read from the input module, and an output module operable to create one or more normalized electronic files from the one or more parsed electronic files.

Abstract: A computer-implemented method for secure third-party data storage may include 1) identifying, at a server-side computing device, a request from a client system to access an encrypted file stored under a user account, 2) identifying, in response to the request, an asymmetric key pair designated for the user account that includes an encryption key and a decryption key that has been encrypted with a client-side key, 3) receiving, from the client system, the client-side key, 4) decrypting the decryption key with the client-side key, and 5) using the decryption key to access an unencrypted version of the encrypted file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for secure third-party data storage may include 1) identifying, at a server-side computing device, a request from a client system to access an encrypted file stored under a user account, 2) identifying, in response to the request, an asymmetric key pair designated for the user account that includes an encryption key and a decryption key that has been encrypted with a client-side key, 3) receiving, from the client system, the client-side key, 4) decrypting the decryption key with the client-side key, and 5) using the decryption key to access an unencrypted version of the encrypted file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for diagnosing a network configuration of a computing device is described. A test network configuration is captured. A test network signature is generated from the test network configuration. A label is assigned to the test network signature. A determination is made as to whether the test network signature is labeled as an unsuccessful network signature. If the test network signature is labeled unsuccessful, one or more procedures to change the label are generated.

Abstract: Various techniques for coordinating the resource allocation and management capabilities of a backup application with the power saving features provided by a storage array are disclosed. One method involves accessing power management information associated with a logical storage unit (LSU) and image property information that indicates a future pattern of access to a backup image. The method also involves selecting the LSU, based upon both the power management information and the image property information, and then causing the backup image to be written to the LSU. Another method, performed by a backup module, involves receiving power management information associated with a storage array, selecting a logical storage unit (LSU) implemented on the storage array, based upon the power management information, and performing a backup storage management operation on the LSU, in response to selecting the LSU.

Abstract: A computer-implemented method to detect a potentially malicious uniform resource locator (URL) is described. A presentation of a URL on a display of a computing device is detected. An actual URL associated with the URL presented on the display is obtained. The URL presented on the display is compared to the actual URL associated with the presented URL. If the URL presented on the display does not match the actual URL, the actual URL is prevented from being accessed.

Abstract: A system and method for detecting and protecting against potential data loss from unknown applications is described. In one embodiment, a method includes detecting, by an endpoint data loss prevention (DLP) system running on a client computing device, that a local application has accessed a document on the client computing device. The method further includes determining that the document contains sensitive data according to one or more DLP polices of the endpoint DLP system and determining that a combination of the local application and a type of the document is not included in a whitelist of the DLP policies. Then, the method includes capturing at least one of one or more screenshots, and video of one or more operations that the application performs on the document and sending the captured at least one of the one or more screenshots, and the video to an enforcement server associated with the endpoint DLP system.