Abstract: Continuous user authentication includes receiving authentication event information including (1) transaction information describing authentication transactions, the transaction information received from authentication providers and including identification of users and instances of authentication of the users by the authentication providers, and (2) user identification and activity information describing presence and state (e.g. location) of the users, this information received from (a) mobile sensing devices in physical proximity of users independent of user location, and (b) stationary sensing devices at fixed locations of the users.

Abstract: A method for detecting malware includes the steps of identifying a one or more open network connections of an electronic device, associating one or more executable objects on the electronic device with the one or more open network connections of the electronic device, determining the address of a first network destination that is connected to the open network connections of the electronic device, receiving an evaluation of the first network destination, and identifying one or more of the executable objects as malware executable objects. The evaluation includes an indication that the first network destination is associated with malware. The malware executable objects includes the executable objects that are associated with the open network connections that are connected to the first network destination.

Abstract: A system for securing an electronic device includes a non-volatile memory, a processor coupled to the non-volatile memory, a resource of the electronic device, firmware residing in the non-volatile memory and executed by the processor, and a firmware security agent residing in the firmware. The firmware is communicatively coupled to the resource of an electronic device. The firmware security agent is configured to, at a level below all of the operating systems of the electronic device accessing the resource, intercept a request for the resource and determine whether the request is indicative of malware.

Abstract: A method for using a drilling fluid test device including a test cell including a perforated plate disposed proximate a first end of the test cell, a piston disposed within the cell, a first chamber formed between the perforated plate and the piston, the first chamber configured to receive lost circulation material (LCM), a second chamber formed between the piston and a second end of the test cell, the piston providing a seal between the first and second chambers, a fluid inlet disposed proximate the second end of the test cell configured to introduce fluid into a second chamber of the test cell, a filtrate outlet disposed proximate the first end of the test cell to discharge filtrate, and a pump in communication with the fluid inlet.

Abstract: A method for detecting memory modifications includes allocating a contiguous block of a memory of an electronic device, and loading instructions for detecting memory modifications into the contiguous block of memory. The electronic device includes a plurality of processing entities. The method also includes disabling all but one of a plurality of processing entities of the electronic device, scanning the memory of the electronic device for modifications performed by malware, and, if a memory modification is detected, repairing the memory modification. The method also includes enabling the processing entities that were disabled. The remaining processing entity executes the instructions for detecting memory modifications.

Abstract: A method for analyzing a computing system includes the steps of at a first moment in time, scanning the resources of the computing system for indications of malware, at a second moment in time scanning the resources of the computing system for indications of malware and determining the system executable objects loaded on the computing system, determining malware system changes, identifying a relationship between the malware system changes and the system executable objects loaded on the computing system, and identifying as suspected malware the system executable objects loaded on the computing system which have a relationship with the malware system changes. The malware system changes include differences between the results of scanning the resources of the computing system for indications of malware at the second and first moment of time.

Abstract: A method for detecting memory modifications includes allocating a contiguous block of a memory of an electronic device, and loading instructions for detecting memory modifications into the contiguous block of memory. The electronic device includes a plurality of processing entities. The method also includes disabling all but one of a plurality of processing entities of the electronic device, scanning the memory of the electronic device for modifications performed by malware, and, if a memory modification is detected, repairing the memory modification. The method also includes enabling the processing entities that were disabled. The remaining processing entity executes the instructions for detecting memory modifications.

Abstract: A method for detecting malware includes the steps of identifying a one or more open network connections of an electronic device, associating one or more executable objects on the electronic device with the one or more open network connections of the electronic device, determining the address of a first network destination that is connected to the open network connections of the electronic device, receiving an evaluation of the first network destination, and identifying one or more of the executable objects as malware executable objects. The evaluation includes an indication that the first network destination is associated with malware. The malware executable objects includes the executable objects that are associated with the open network connections that are connected to the first network destination.

Abstract: A method for detecting memory modifications includes allocating a contiguous block of a memory of an electronic device, and loading instructions for detecting memory modifications into the contiguous block of memory. The electronic device includes a plurality of processing entities. The method also includes disabling all but one of a plurality of processing entities of the electronic device, scanning the memory of the electronic device for modifications performed by malware, and, if a memory modification is detected, repairing the memory modification. The method also includes enabling the processing entities that were disabled. The remaining processing entity executes the instructions for detecting memory modifications.

Abstract: A system for protecting an electronic device against malware includes a memory, an operating system configured to execute on the electronic device, and a below-operating-system security agent. The below-operating-system security agent is configured to trap an attempted access of a resource of the electronic device, access one or more security rules to determine whether the attempted access is indicative of malware, and operate at a level below all of the operating systems of the electronic device accessing the memory. The attempted access includes attempting to write instructions to the memory and attempting to execute the instructions.

Abstract: A computer-implemented method of conducting online meetings includes gathering sensed environment information from a set of intelligent sensor devices in physical user environments, along with meeting information describing online meetings in which the users participate while located in the respective environments. The sensed environment information and meeting information are stored in an event database, intelligent environment-control devices in the physical user environments are configured for subsequent online meetings. The configuring includes operating a stateful behavioral engine using the sensed environment information and meeting information from the event database to identify patterns of user behavior and to configure the intelligent environment-control devices according to the identified patterns of user behavior.

Abstract: A computer-implemented method of conducting an online meeting includes maintaining, by processing circuitry, an enterprise content management system storing metadata describing computer-renderable stored content items. The method further includes continually recognizing and analyzing, by the processing circuitry, speech of one or more participants in the online meeting to extract participant speech content. The method further includes continually searching the enterprise content management system using extracted participant speech content and the metadata to identify matching stored content items, and dynamically providing links or other controls to the participant during the online meeting to enable the participant to view and selectively share the matching stored content items in the online meeting.

Abstract: Continuous user authentication includes receiving authentication event information including (1) transaction information describing authentication transactions, the transaction information received from authentication providers and including identification of users and instances of authentication of the users by the authentication providers, and (2) user identification and activity information describing presence and state (e.g. location) of the users, this information received from (a) mobile sensing devices in physical proximity of users independent of user location, and (b) stationary sensing devices at fixed locations of the users.

Abstract: A method for detecting malware includes the steps of identifying a one or more open network connections of an electronic device, associating one or more executable objects on the electronic device with the one or more open network connections of the electronic device, determining the address of a first network destination that is connected to the open network connections of the electronic device, receiving an evaluation of the first network destination, and identifying one or more of the executable objects as malware executable objects. The evaluation includes an indication that the first network destination is associated with malware. The malware executable objects includes the executable objects that are associated with the open network connections that are connected to the first network destination.

Abstract: A computer-implemented technique conducts an online meeting. The technique involves collecting, by processing circuitry, configuration data for a plurality of user I/O devices available to a particular user. The technique further involves generating, by the processing circuitry, a user behavior model for the particular user based on the configuration data. The user behavior model includes, for each user I/O device of the plurality of user I/O devices, a set of device settings to customize operation of that user I/O device for the particular user. The technique further involves customizing, by the processing circuitry, the plurality of user I/O devices based on the user behavior model to communicate user I/O between the particular user and other users during a current online meeting.

Abstract: Techniques for conducting online meetings involve expanding the scope of devices beyond basic peripheral devices, such as built-in cameras or displays, that are part of user computing devices serving as clients in online meeting sessions. A disclosed technique includes gathering device information for an augmented set of peripheral IO devices accessible to users, the augmented set of peripheral IO devices being separate from such basic peripheral devices. Gathered device information is stored in an augmented environment database, and the peripheral IO devices of the augmented set of peripheral devices are configured for use in the online meeting using the device information obtained from the augmented environment database, peripheral IO devices either replacing or supplementing corresponding peripheral devices of the basic set of peripheral devices for use in the online meeting.

Abstract: A system for securing an electronic device includes a non-volatile memory, a processor coupled to the non-volatile memory, a resource of the electronic device, firmware residing in the non-volatile memory and executed by the processor, and a firmware security agent residing in the firmware. The firmware is communicatively coupled to the resource of an electronic device. The firmware security agent is configured to, at a level below all of the operating systems of the electronic device accessing the resource, intercept a request for the resource and determine whether the request is indicative of malware.

Abstract: A system for securing an electronic device may include a memory, a processor; one or more operating systems residing in the memory for execution by the processor; and a security agent configured to execute on the electronic device at a level below all of the operating systems of the electronic device accessing the memory. The security agent may be further configured to: (i) trap attempted accesses to the memory, wherein each of such attempted accesses may, individually or in the aggregate, indicate the presence of self-modifying malware; (ii) in response to trapping each attempted access to the memory, record information associated with the attempted access in a history; and (iii) in response to a triggering attempted access associated with a particular memory location, analyze information in the history associated with the particular memory location to determine if suspicious behavior has occurred with respect to the particular memory location.

Abstract: A method for analyzing a computing system includes the steps of at a first moment in time, scanning the resources of the computing system for indications of malware, at a second moment in time scanning the resources of the computing system for indications of malware and determining the system executable objects loaded on the computing system, determining malware system changes, identifying a relationship between the malware system changes and the system executable objects loaded on the computing system, and identifying as suspected malware the system executable objects loaded on the computing system which have a relationship with the malware system changes. The malware system changes include differences between the results of scanning the resources of the computing system for indications of malware at the second and first moment of time.

Abstract: A system for securing an electronic device includes a non-volatile memory, a processor coupled to the non-volatile memory, a resource of the electronic device, firmware residing in the non-volatile memory and executed by the processor, and a firmware security agent residing in the firmware. The firmware is communicatively coupled to the resource of an electronic device. The firmware security agent is configured to, at a level below all of the operating systems of the electronic device accessing the resource, intercept a request for the resource and determine whether the request is indicative of malware.