Abstract: Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include a source processor that is used to identify the source associated with a request for authentication or authorization. The source processor can maintain the initial source associated with the request through the use of an association token. The associate token can be transmitted with each subsequent request that includes authentication or authorization data. The source processor can use the associate token to verify that the source associated with the initial request is the same as the source associated with subsequent authentication and authorization requests.

Abstract: Cloud based social networking policy and compliance systems and methods use the “cloud” to pervasively enforce security and policy on websites such as Web 2.0 social networking sites. The cloud based systems and methods provide a cloud based social networking policy enforcement and compliance system that gives enterprises full control and visibility into what their employees are seeing and posting to various websites. In particular, the cloud based systems and methods provide an enterprise to have granular policy-based Web 2.0 control and detailed compliance reports. Unique, customized policies may be applied to groups and/or individuals. Polices may be customized based on application. Data leakage may be avoided by prevention of file uploads and the like. Additionally, the cloud based systems and methods may provide advanced policies requiring administrator approval for user generated content to be posted to Web 2.0 sites.

Abstract: A method in a cloud-based security system includes operating a Domain Name System (DNS) resolution service, proxy, or monitor in the cloud-based security system; receiving DNS records with time-to-live (TTL) parameters; checking the TTL parameters for indication of a fast flux technique; and detecting domains performing the fast flux technique based on the DNS records. A cloud-based security system includes a plurality of nodes communicatively coupled to one or more users; and a Domain Name System (DNS) service providing a resolution service, proxy, or monitor in the cloud-based security system; wherein the DNS service is configured to receive DNS records with time-to-live (TTL) parameters; check the TTL parameters for indication of a fast flux technique; and detect domains performing the fast flux technique based on the DNS records.

Abstract: A method includes connecting to a client at a Virtual Private Network (VPN) device in a cloud system; forwarding requests from the client for the Internet or public clouds accordingly; and, for requests for an enterprise associated with the client, contacting a topology controller to fetch a topology of the enterprise, causing a tunnel to be established from the enterprise to the VPN device, and forwarding the requests for the enterprise through the tunnel. A cloud system and VPN system are also described. Advantageously, connections between the cloud and on-premises proxy are dynamic, on-demand and orchestrated by the cloud. Security is provided at the edge—there is no need to punch any holes in the existing on-premises firewalls.

Abstract: A method implemented by an agent operating on a mobile device communicating to a cloud-based system includes opening up local listening sockets on the mobile device; redirecting outgoing traffic from all application on the mobile device except the agent to the local listening sockets; and forwarding the outgoing traffic from the local listening sockets to the cloud-based system with additional information included therein for the cloud-based system.

Abstract: Methods, systems, and apparatus, including computer program products, for generating or using augmentation queries. In one aspect, subject phrases for detection in content are identified. Each phrase has a corresponding cardinality of terms. First hash sets for each of the subject phrases are generated, each first hash set including first hashes of bigram term subsets for each of the phrases. Sub-phrase scores for each of the hashes based on the cardinality of each phrase are assigned. The sub-phrase scores a used to detect the subject phrases in hashes of portions of received content. Other implementations of this aspect include corresponding systems, apparatus, and computer program products.

Abstract: An automation and regression management method for testing software in a highly-complex cloud-based system with a plurality of nodes, through an automation and regression management system, includes receiving a plurality of requests for automated test runs on nodes in the highly-complex cloud-based system; managing the plurality of requests by either starting an automated test run on a node or queuing the automated test run if another automated test run is already operating on the node; determining details of each of the automated test runs subsequent to completion; storing the details of each of the automated test runs in a database; and providing the details of each of the automated test runs to a requesting user.

Abstract: A cloud configuration management method implemented in a cloud configuration management system communicatively coupled to one or more cloud nodes in a cloud system includes creating a plurality of golden configurations for each of a plurality of roles, wherein each of the one or more cloud nodes has one of the plurality of roles for operation in the cloud system; defining metadata rules for each of the plurality of golden configurations; performing a configuration analysis to audit the one or more cloud nodes using the metadata rules; and providing results of the configuration analysis to determine misconfiguration of any of the one or more cloud nodes.

Abstract: A computer-implemented method and system for querying aggregates in a database include maintaining aggregates based on a dimension in the database with at least two grain sizes; receiving a query of the aggregates for a defined range of the dimension; finding a start and an end for a read operation for a larger grain size of the at least two grain sizes of the aggregates for the defined range; reading a first set from the start to the end in the database of the larger grain size of the at least two grain sizes of the aggregates; reading a second set comprising a smaller grain size of the at least two grain sizes of the aggregates based on the defined range and the start and the end; and adjusting the first set with the second set.

Abstract: A cloud based security method includes authenticating a mobile device through a cloud based security system; associating the mobile device with a user of the cloud based security system based on the authenticating; monitoring user requests from the mobile device by the cloud based security system; detecting security threats based on the monitoring; and sending an out of band end user notification to the mobile device responsive to detecting a security threat, wherein the out of band end user notification comprises information for the user related to the security threat.

Abstract: A method in a cloud-based security system includes operating a Domain Name System (DNS) resolution service, proxy, or monitor in the cloud-based security system; receiving DNS records with time-to-live (TTL) parameters; checking the TTL parameters for indication of a fast flux technique; and detecting domains performing the fast flux technique based on the DNS records. A cloud-based security system includes a plurality of nodes communicatively coupled to one or more users; and a Domain Name System (DNS) service providing a resolution service, proxy, or monitor in the cloud-based security system; wherein the DNS service is configured to receive DNS records with time-to-live (TTL) parameters; check the TTL parameters for indication of a fast flux technique; and detect domains performing the fast flux technique based on the DNS records.

Abstract: A cloud-based method, system, and transparent proxy for user-level policy, reporting, and authentication over Domain Name System (DNS) include maintaining a local user Internet Protocol (IP) database identifying users in an enterprise; and acting as a transparent proxy for all DNS requests from the users performing the steps of: for a user already identified in the local user IP database, forwarding a DNS request to a cloud-based system with an identifier from the local user IP database of the user associated with the DNS request; and for the user not identified in the local user IP database, performing a series of redirects and hand offs in the cloud-based system to identify the user.

Abstract: A cloud-based method, a system, and a cloud-based security system include receiving a request from a user for a cloud application at a proxy server; determining whether the user is authenticated based on a presence of cookies in the request; if the cookies are present, un-transforming the cookies by the proxy server and forwarding the request with the un-transformed cookies to the cloud application; and, if the cookies are not present, forwarding the request to the cloud application by the proxy server for authentication and transforming the cookies subsequent to the authentication prior to sending the cookies to the user.

Abstract: A method includes connecting to a client at a Virtual Private Network (VPN) device in a cloud system; forwarding requests from the client for the Internet or public clouds accordingly; and, for requests for an enterprise associated with the client, contacting a topology controller to fetch a topology of the enterprise, causing a tunnel to be established from the enterprise to the VPN device, and forwarding the requests for the enterprise through the tunnel. A cloud system and VPN system are also described. Advantageously, connections between the cloud and on-premises proxy are dynamic, on-demand and orchestrated by the cloud. Security is provided at the edge—there is no need to punch any holes in the existing on-premises firewalls.

Abstract: An upgrade method for a Unix or Unix-like operating system, a server, and a cloud-based system include operating a server with an old operating system with a partition structure for media, wherein the partition structure includes a root partition and a usr partition; copying media to the root partition and the usr partition associated with a new operating system while the old operating system is operating; rebooting the server with the new operating system set to load; and subsequent to the rebooting, making the root partition persistent using memory and the usr partition persistent using a NULL file system.

Abstract: A cloud-based secure Web gateway, a cloud-based secure Web method, and a network deliver a secure Web gateway (SWG) as a cloud-based service to organizations and provide dynamic user identification and policy enforcement therein. As a cloud-based service, the SWG systems and methods provide scalability and capability of accommodating multiple organizations therein with proper isolation therebetween. There are two basic requirements for the cloud-based SWG: (i) Having some means of forwarding traffic from the organization or its users to the SWG nodes, and (ii) Being able to authenticate the organization and users for policy enforcement and access logging. The SWG systems and methods dynamically associate traffic to users regardless of the source (device, location, encryption, application type, etc.), and once traffic is tagged to a user/organization, various polices can be enforced and audit logs of user access can be maintained.

Abstract: Cloud based mobile device security and policy systems and methods use the “cloud” to pervasively enforce security and policy on mobile devices. The cloud based mobile device security and policy systems and methods provide uniformity in securing mobile devices for small to large organizations. The cloud based mobile device security and policy systems and methods may enforce one or more policies for users wherever and whenever the users are connected across a plurality of different devices including mobile devices. This solution ensures protection across different types, brands, operating systems, etc. for smartphones, tablets, netbooks, mobile computers, and the like.

Abstract: A cloud-based method, a behavioral analysis system, and a cloud-based security system can include a plurality of nodes communicatively coupled to one or more users, wherein the plurality of nodes each perform inline monitoring for one of the one or more users for security comprising malware detection and preclusion; and a behavioral analysis system communicatively coupled to the plurality of nodes, wherein the behavioral analysis system performs offline analysis for any suspicious content from the one or more users which is flagged by the plurality of nodes; wherein the plurality of nodes each comprise a set of known malware signatures for the inline monitoring that is periodically updated by the behavioral analysis system based on the offline analysis for the suspicious content.

Abstract: A cloud-based method, a behavioral analysis system, and a cloud-based security system can include a plurality of nodes communicatively coupled to one or more users, wherein the plurality of nodes each perform inline monitoring for one of the one or more users for security comprising malware detection and preclusion; and a behavioral analysis system communicatively coupled to the plurality of nodes, wherein the behavioral analysis system performs offline analysis for any suspicious content from the one or more users which is flagged by the plurality of nodes; wherein the plurality of nodes each comprise a set of known malware signatures for the inline monitoring that is periodically updated by the behavioral analysis system based on the offline analysis for the suspicious content.

Abstract: Methods, systems, and apparatus, including computer program products, for distributed security system authorization. Client device authentication instructions are executed on a client device to determine if authentication data accessible by the client device authentication instructions are stored at the client device. If the authentication data are stored at the client device, the client device authentication instructions generate authenticated user data and store the authenticated user data at the client device. If the authentication data are not stored at the client device, the client device authentication instructions generate a login environment that allows a user of the client device to input login data. The login data are provided to a verification process that in response to verification provide the authentication data to the client device.