Abstract: An automation and regression management method for testing software in a highly-complex cloud-based system with a plurality of nodes, through an automation and regression management system, includes receiving a plurality of requests for automated test runs on nodes in the highly-complex cloud-based system; managing the plurality of requests by either starting an automated test run on a node or queuing the automated test run if another automated test run is already operating on the node; determining details of each of the automated test runs subsequent to completion; storing the details of each of the automated test runs in a database; and providing the details of each of the automated test runs to a requesting user.

Abstract: A cloud configuration management method implemented in a cloud configuration management system communicatively coupled to one or more cloud nodes in a cloud system includes creating a plurality of golden configurations for each of a plurality of roles, wherein each of the one or more cloud nodes has one of the plurality of roles for operation in the cloud system; defining metadata rules for each of the plurality of golden configurations; performing a configuration analysis to audit the one or more cloud nodes using the metadata rules; and providing results of the configuration analysis to determine misconfiguration of any of the one or more cloud nodes.

Abstract: A cloud based security method includes authenticating a mobile device through a cloud based security system; associating the mobile device with a user of the cloud based security system based on the authenticating; monitoring user requests from the mobile device by the cloud based security system; detecting security threats based on the monitoring; and sending an out of band end user notification to the mobile device responsive to detecting a security threat, wherein the out of band end user notification comprises information for the user related to the security threat.

Abstract: A computer-implemented method and system for querying aggregates in a database include maintaining aggregates based on a dimension in the database with at least two grain sizes; receiving a query of the aggregates for a defined range of the dimension; finding a start and an end for a read operation for a larger grain size of the at least two grain sizes of the aggregates for the defined range; reading a first set from the start to the end in the database of the larger grain size of the at least two grain sizes of the aggregates; reading a second set comprising a smaller grain size of the at least two grain sizes of the aggregates based on the defined range and the start and the end; and adjusting the first set with the second set.

Abstract: A cloud-based method, system, and transparent proxy for user-level policy, reporting, and authentication over Domain Name System (DNS) include maintaining a local user Internet Protocol (IP) database identifying users in an enterprise; and acting as a transparent proxy for all DNS requests from the users performing the steps of: for a user already identified in the local user IP database, forwarding a DNS request to a cloud-based system with an identifier from the local user IP database of the user associated with the DNS request; and for the user not identified in the local user IP database, performing a series of redirects and hand offs in the cloud-based system to identify the user.

Abstract: A cloud-based method, a system, and a cloud-based security system include receiving a request from a user for a cloud application at a proxy server; determining whether the user is authenticated based on a presence of cookies in the request; if the cookies are present, un-transforming the cookies by the proxy server and forwarding the request with the un-transformed cookies to the cloud application; and, if the cookies are not present, forwarding the request to the cloud application by the proxy server for authentication and transforming the cookies subsequent to the authentication prior to sending the cookies to the user.

Abstract: A method in a cloud-based security system includes operating a Domain Name System (DNS) resolution service, proxy, or monitor in the cloud-based security system; receiving DNS records with time-to-live (TTL) parameters; checking the TTL parameters for indication of a fast flux technique; and detecting domains performing the fast flux technique based on the DNS records. A cloud-based security system includes a plurality of nodes communicatively coupled to one or more users; and a Domain Name System (DNS) service providing a resolution service, proxy, or monitor in the cloud-based security system; wherein the DNS service is configured to receive DNS records with time-to-live (TTL) parameters; check the TTL parameters for indication of a fast flux technique; and detect domains performing the fast flux technique based on the DNS records.

Abstract: A method includes connecting to a client at a Virtual Private Network (VPN) device in a cloud system; forwarding requests from the client for the Internet or public clouds accordingly; and, for requests for an enterprise associated with the client, contacting a topology controller to fetch a topology of the enterprise, causing a tunnel to be established from the enterprise to the VPN device, and forwarding the requests for the enterprise through the tunnel. A cloud system and VPN system are also described. Advantageously, connections between the cloud and on-premises proxy are dynamic, on-demand and orchestrated by the cloud. Security is provided at the edge—there is no need to punch any holes in the existing on-premises firewalls.

Abstract: An upgrade method for a Unix or Unix-like operating system, a server, and a cloud-based system include operating a server with an old operating system with a partition structure for media, wherein the partition structure includes a root partition and a usr partition; copying media to the root partition and the usr partition associated with a new operating system while the old operating system is operating; rebooting the server with the new operating system set to load; and subsequent to the rebooting, making the root partition persistent using memory and the usr partition persistent using a NULL file system.

Abstract: A cloud-based secure Web gateway, a cloud-based secure Web method, and a network deliver a secure Web gateway (SWG) as a cloud-based service to organizations and provide dynamic user identification and policy enforcement therein. As a cloud-based service, the SWG systems and methods provide scalability and capability of accommodating multiple organizations therein with proper isolation therebetween. There are two basic requirements for the cloud-based SWG: (i) Having some means of forwarding traffic from the organization or its users to the SWG nodes, and (ii) Being able to authenticate the organization and users for policy enforcement and access logging. The SWG systems and methods dynamically associate traffic to users regardless of the source (device, location, encryption, application type, etc.), and once traffic is tagged to a user/organization, various polices can be enforced and audit logs of user access can be maintained.

Abstract: Cloud based mobile device security and policy systems and methods use the “cloud” to pervasively enforce security and policy on mobile devices. The cloud based mobile device security and policy systems and methods provide uniformity in securing mobile devices for small to large organizations. The cloud based mobile device security and policy systems and methods may enforce one or more policies for users wherever and whenever the users are connected across a plurality of different devices including mobile devices. This solution ensures protection across different types, brands, operating systems, etc. for smartphones, tablets, netbooks, mobile computers, and the like.

Abstract: A cloud-based method, a behavioral analysis system, and a cloud-based security system can include a plurality of nodes communicatively coupled to one or more users, wherein the plurality of nodes each perform inline monitoring for one of the one or more users for security comprising malware detection and preclusion; and a behavioral analysis system communicatively coupled to the plurality of nodes, wherein the behavioral analysis system performs offline analysis for any suspicious content from the one or more users which is flagged by the plurality of nodes; wherein the plurality of nodes each comprise a set of known malware signatures for the inline monitoring that is periodically updated by the behavioral analysis system based on the offline analysis for the suspicious content.

Abstract: Methods, systems, and apparatus, including computer program products, for distributed security system authorization. Client device authentication instructions are executed on a client device to determine if authentication data accessible by the client device authentication instructions are stored at the client device. If the authentication data are stored at the client device, the client device authentication instructions generate authenticated user data and store the authenticated user data at the client device. If the authentication data are not stored at the client device, the client device authentication instructions generate a login environment that allows a user of the client device to input login data. The login data are provided to a verification process that in response to verification provide the authentication data to the client device.

Abstract: A cloud-based method, a behavioral analysis system, and a cloud-based security system can include a plurality of nodes communicatively coupled to one or more users, wherein the plurality of nodes each perform inline monitoring for one of the one or more users for security comprising malware detection and preclusion; and a behavioral analysis system communicatively coupled to the plurality of nodes, wherein the behavioral analysis system performs offline analysis for any suspicious content from the one or more users which is flagged by the plurality of nodes; wherein the plurality of nodes each comprise a set of known malware signatures for the inline monitoring that is periodically updated by the behavioral analysis system based on the offline analysis for the suspicious content.

Abstract: The present disclosure relates to cloud based mobile device management (MDM) systems and methods to use the “cloud” to pervasively manage mobile devices. The cloud based MDM systems and methods provide an ability to manage mobile devices with or without MDM clients while no requiring an MDM appliance or service at the enterprise. This provides a “no hardware, no software” deployment. In an exemplary embodiment, a client-less implementation leverages the ActiveSync protocol proxied through distributed cloud nodes to enforce mobile policies. In another exemplary embodiment, a client-based implementation uses a platform specific application and associated application programming interfaces (API) to connect managed mobile devices and provide MDM features through the cloud. Advantageously, the cloud based MDM systems and methods provide reliability and resiliency, elasticity, lower cost, mobility, integration of management and security, and agility over conventional MDM based solutions.

Abstract: A cloud based security method and processing node includes monitoring data traffic between a user and an external network, wherein the monitoring is performed by a processing node comprising a first server in a cloud based system, detecting a security incident, if an archiving rule exists based on the security incident, providing a notification to a second server within an organization's domain, wherein the user is part of the organization, and wherein the notification includes private data associated with the security incident based on the archiving rule, and storing non-private data in the cloud based system based on the archiving rule.

Abstract: The present disclosure relates to cloud based mobile device security and policy systems and methods to use the “cloud” to pervasively enforce security and policy on mobile devices. The cloud based mobile device security and policy systems and methods provide uniformity in securing mobile devices for small to large organizations. The cloud based mobile device security and policy systems and methods may enforce one or more policies for users wherever and whenever the users are connected across a plurality of different devices including mobile devices. This solution ensures protection across different types, brands, operating systems, etc. for smartphones, tablets, netbooks, mobile computers, and the like.

Abstract: The present disclosure provides phishing heuristic systems and methods that detect phishing sites. The present invention may be implemented via a server connected to the Internet, via a distributed security system, and the like. Phishing sites may be detected in a single transaction, i.e. client request plus server reply, while knowing as little as possible about the site being masqueraded. In an exemplary embodiment, a phishing site detection system and method utilized three steps—whitelisting, blacklisting, and scoring. For example, if a particular page meets all requirements of blacklisting without any elements of whitelisting and has a score over a particular threshold, that particular site may be designated as a phishing page.

Abstract: A cloud-based secure Web gateway, a cloud-based secure Web method, and a network deliver a secure Web gateway (SWG) as a cloud-based service to organizations and provide dynamic user identification and policy enforcement therein. As a cloud-based service, the SWG systems and methods provide scalability and capability of accommodating multiple organizations therein with proper isolation therebetween. There are two basic requirements for the cloud-based SWG: (i) Having some means of forwarding traffic from the organization or its users to the SWG nodes, and (ii) Being able to authenticate the organization and users for policy enforcement and access logging. The SWG systems and methods dynamically associate traffic to users regardless of the source (device, location, encryption, application type, etc.), and once traffic is tagged to a user/organization, various polices can be enforced and audit logs of user access can be maintained.

Abstract: The present disclosure relates to cloud based mobile device management (MDM) systems and methods to use the “cloud” to pervasively manage mobile devices. The cloud based MDM systems and methods provide an ability to manage mobile devices with or without MDM clients while no requiring an MDM appliance or service at the enterprise. This provides a “no hardware, no software” deployment. In an exemplary embodiment, a client-less implementation leverages the ActiveSync protocol proxied through distributed cloud nodes to enforce mobile policies. In another exemplary embodiment, a client-based implementation uses a platform specific application and associated application programming interfaces (API) to connect managed mobile devices and provide MDM features through the cloud. Advantageously, the cloud based MDM systems and methods provide reliability and resiliency, elasticity, lower cost, mobility, integration of management and security, and agility over conventional MDM based solutions.