Abstract: Disclosed herein are methods, apparatuses, and systems for operating a tiered queuing system that includes: identifying a first segment to be evicted from a local storage in a first region based on an eviction policy; storing the first segment in a cold storage provided by a cloud service provider in the first region; deleting at least one instance of the first segment from the local storage in the first region; indicating in a segment index that the first segment is stored in the cold storage; responsive to receipt of a read request, reading an entry in the segment index for a second segment; and responsive to an indication that the second segment is stored by the cloud service provider, copying the second segment to the local storage and responding to the read request using the second segment stored in the local storage.

Abstract: Some embodiments provide Internet access to a local client device, such as a host computer or mobile device, via a configurable misattribution network. A user of the local client device can quickly and easily declare, via a simple user interface, their desired ephemeral node topology and within a small time window, seamlessly access the Internet via a bounce/egress tunnel. In some embodiments, the misattribution network is ephemeral. A tunnel or point-of-presence (PoP) can last as short or as long as desired by the user. When a PoP is no longer needed, the user can destroy the tunnel. In some such embodiments, deleting the tunnel includes deleting key material, de-spawning compute instances, and releasing IP address(s) back to the provider that owns them so that the IP addresses can be used by other users.

Abstract: A method is provided for protecting a computer system, comprising: attaching a security descriptor to a process running on a processor of the computer system; associating with the security descriptor an isolation indicator that indicates the process runs in an isolation mode; calling a system routine by the isolated process that is also callable by a process that is not running in isolation mode; attempting to write to an object of a disk or a registry by the system routine called by the isolated process; determining whether the system routine is requesting the write on behalf of the isolated process or not; if the write is requested on behalf of the isolated process, then performing the write in a pseudo storage area; and if the write is requested on behalf of the non-isolated process, then performing the write in an actual storage area in which the disk or registry resides.

Abstract: Methods and systems for defining and distributing information alerts include presenting a user with a series of templates that allows the user to define security events, information alerts to be triggered by the events, and intended recipients for the alerts. Intended recipients for the alerts are presented with templates that allow the individuals to input contact and schedule information for receiving the information alerts. A knowledge switch uses the event definitions and the contact and schedule information to detect events and distribute the information alerts to the intended recipients when an event occurs. The information alerts include directives that instruct intended recipients regarding action to be taken in response to a security event.