Abstract: The present disclosure relates to cloud based mobile device management (MDM) systems and methods to use the “cloud” to pervasively manage mobile devices. The cloud based MDM systems and methods provide an ability to manage mobile devices with or without MDM clients while no requiring an MDM appliance or service at the enterprise. This provides a “no hardware, no software” deployment. In an exemplary embodiment, a client-less implementation leverages the ActiveSync protocol proxied through distributed cloud nodes to enforce mobile policies. In another exemplary embodiment, a client-based implementation uses a platform specific application and associated application programming interfaces (API) to connect managed mobile devices and provide MDM features through the cloud. Advantageously, the cloud based MDM systems and methods provide reliability and resiliency, elasticity, lower cost, mobility, integration of management and security, and agility over conventional MDM based solutions.

Abstract: A cloud based security method and processing node includes monitoring data traffic between a user and an external network, wherein the monitoring is performed by a processing node comprising a first server in a cloud based system, detecting a security incident, if an archiving rule exists based on the security incident, providing a notification to a second server within an organization's domain, wherein the user is part of the organization, and wherein the notification includes private data associated with the security incident based on the archiving rule, and storing non-private data in the cloud based system based on the archiving rule.

Abstract: The present disclosure relates to cloud based mobile device security and policy systems and methods to use the “cloud” to pervasively enforce security and policy on mobile devices. The cloud based mobile device security and policy systems and methods provide uniformity in securing mobile devices for small to large organizations. The cloud based mobile device security and policy systems and methods may enforce one or more policies for users wherever and whenever the users are connected across a plurality of different devices including mobile devices. This solution ensures protection across different types, brands, operating systems, etc. for smartphones, tablets, netbooks, mobile computers, and the like.

Abstract: The present disclosure provides phishing heuristic systems and methods that detect phishing sites. The present invention may be implemented via a server connected to the Internet, via a distributed security system, and the like. Phishing sites may be detected in a single transaction, i.e. client request plus server reply, while knowing as little as possible about the site being masqueraded. In an exemplary embodiment, a phishing site detection system and method utilized three steps—whitelisting, blacklisting, and scoring. For example, if a particular page meets all requirements of blacklisting without any elements of whitelisting and has a score over a particular threshold, that particular site may be designated as a phishing page.

Abstract: A cloud-based secure Web gateway, a cloud-based secure Web method, and a network deliver a secure Web gateway (SWG) as a cloud-based service to organizations and provide dynamic user identification and policy enforcement therein. As a cloud-based service, the SWG systems and methods provide scalability and capability of accommodating multiple organizations therein with proper isolation therebetween. There are two basic requirements for the cloud-based SWG: (i) Having some means of forwarding traffic from the organization or its users to the SWG nodes, and (ii) Being able to authenticate the organization and users for policy enforcement and access logging. The SWG systems and methods dynamically associate traffic to users regardless of the source (device, location, encryption, application type, etc.), and once traffic is tagged to a user/organization, various polices can be enforced and audit logs of user access can be maintained.

Abstract: The present disclosure relates to cloud based mobile device management (MDM) systems and methods to use the “cloud” to pervasively manage mobile devices. The cloud based MDM systems and methods provide an ability to manage mobile devices with or without MDM clients while no requiring an MDM appliance or service at the enterprise. This provides a “no hardware, no software” deployment. In an exemplary embodiment, a client-less implementation leverages the ActiveSync protocol proxied through distributed cloud nodes to enforce mobile policies. In another exemplary embodiment, a client-based implementation uses a platform specific application and associated application programming interfaces (API) to connect managed mobile devices and provide MDM features through the cloud. Advantageously, the cloud based MDM systems and methods provide reliability and resiliency, elasticity, lower cost, mobility, integration of management and security, and agility over conventional MDM based solutions.

Abstract: Systems and methods of integrating log data from a cloud system with an internal management system are described, wherein the cloud system is located externally from a secure network which contains the internal management system. The systems and methods include receiving log data from a cloud system through a secure connection between the secure network and the cloud system; buffering the received log data; filtering the buffered, received log data; and transmitting the filtered, buffered, received log data to the internal management system in a format associated with the internal management system.

Abstract: A method implemented by an agent operating on a mobile device communicating to a cloud-based system includes opening up local listening sockets on the mobile device; redirecting outgoing traffic from all application on the mobile device except the agent to the local listening sockets; and forwarding the outgoing traffic from the local listening sockets to the cloud-based system with additional information included therein for the cloud-based system.

Abstract: A computer implemented method, a cloud system, and a log system provide interactive analytics providing various intuitive mechanisms for interaction with data visualizations of Internet traffic, email, etc. The methods and systems utilize a cloud based monitoring system where all traffic from an organization may be monitored in a location and platform independent manner. The methods and systems include context-aware drilldown with progressively applied filtering and grouping while maintaining workflow history such that a user can go back to any point in the flow and proceed down a new path of investigation.

Abstract: Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include an epoch manager that is used to generate authentication and authorization data that remain valid only for an epoch. The epoch manager can generate an epoch key pair that can be used to encrypt and decrypt the authentication and authorization data during the epoch that the key is valid. The epoch manager can also associate the contents of the data with the epoch in which it was created, so that at decrypting the epoch that the data was generated in can be identified.

Abstract: A system includes an enterprise network including an internal management system communicatively coupled thereon, the enterprise network includes security and the internal management system is disposed behind the security; a cloud system external to the enterprise network and communicatively coupled to the enterprise network, at least one user associated with the enterprise network is configured to communicate through the cloud system for cloud-based services, and the cloud system is configured to log data associated with the at least one user for the cloud-based services; and an external service bridge located in the enterprise network behind the security, the external service bridge is configured to securely communicate with the cloud system to receive the log data and to communicate with the internal management system to provide the log data thereto.

Abstract: Guard tables including absence information are used in a security system to protect a network service from a denial of service attack. A login key corresponding to a login request is hashed and the output of the hash is a bit position in a guard table. The bit value at the bit position in the guard table can be checked to determine if login information corresponding to the key is present. Further processing of the login request can be based on the indicated presence or absence of the information.

Abstract: A cloud based system that facilitates inspection of secure content and inexpensively detects the presence of a Man-in-the-Middle attack in a client-server communication is disclosed. Through inspection of the server certificate, no Man-in-the-Middle attack between server and the system is ensured; through inspection and designation of the client certificate, absence of a Man-in-the-Middle attack between the cloud based system and the client is ensured. In this way, the cloud based system can perform its usual policy enforcement functions with respect to secure content while avoiding Man-in-the-Middle attacks.

Abstract: Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include an epoch processor that is used to validate authentication and authorization data that is valid only for an epoch. The epoch processor can maintain a public key that can be used to decrypt the authentication and authorization data during the epoch that the key is valid. The epoch processor can receive a new public key during each epoch. The epoch processor can also determine if the authentication or authorization data was fraudulently generated based on the contents of the data, and verifying whether the data is valid for the epoch in which it was decrypted.

Abstract: Guest accounts arise in a variety of ways. Hotels, Coffee Shops, internet cafes, internet kiosks, etc provide internet access to its guests, aka customers. Cloud based security services can serve as a platform for supporting efficient and safe guest account management. Guest accounts are managed by the cloud service and are associated and disassociated with individuals as needed by the guest account provider. The cloud service can also provide a guest account provider with greater control over guest account usage and accountability.

Abstract: Systems, methods and apparatus for a distributed security that detects embedded resource request identifiers. The system can identify requests, such as HTTP requests, and can identify encoded prefix data corresponding to URI prefixes, such as Base64 or Base16 encoded URI prefixes “www.” and “http:”.

Abstract: A cloud-based method, a behavioral analysis system, and a cloud-based security system can include a plurality of nodes communicatively coupled to one or more users, wherein the plurality of nodes each perform inline monitoring for one of the one or more users for security comprising malware detection and preclusion; and a behavioral analysis system communicatively coupled to the plurality of nodes, wherein the behavioral analysis system performs offline analysis for any suspicious content from the one or more users which is flagged by the plurality of nodes; wherein the plurality of nodes each comprise a set of known malware signatures for the inline monitoring that is periodically updated by the behavioral analysis system based on the offline analysis for the suspicious content.

Abstract: Systems, methods and apparatus for detecting malicious requests. In one aspect, a browser request is received from a client device. It is determined whether the request includes tracer data in a first parameter type. If the request is determined to include the tracer data in the first parameter type, then the request is allowed. If the request is determined to include the tracer data in a parameter type other than the first parameter type, then a security process is initiated.

Abstract: The present disclosure provides systems and methods for mobile application security classification and enforcement. In particular, the present invention includes a method, a mobile device, and a distributed security system (e.g., a “cloud”) that is utilized to enforce security on mobile devices communicatively coupled to external networks (i.e., the Internet). Advantageously, the present invention is platform independent allowing it to operate with any current or emerging mobile device. Specifically, preventing malicious applications from running on an end user's mobile device is challenging with potentially millions of applications and billions of user devices; the only effective way to enforce application security is through the network that applications use to communicate.

Abstract: Cloud based security is the common core of any cloud based service offering and includes in-line inspection of transaction for its customers, meaning that transactions are analyzed in real-time and a decision is made on the spot whether to allow or block the transaction based on a variety of criteria. In depth content analysis for illicit activities does not scale well to in-line transaction review. The present application discloses systems, methods and computer programs to conduct content analysis based upon a fixed time periods worth of in-line transactions, where the results of the content analysis can identify malicious sites and incorporate the identified sites into subsequent in-transaction review.