Abstract: A computer-implemented method includes detecting occurrence of an event in a cloud environment, obtaining an indication of an identity associated with the event, obtaining an indication of a usage time stamp representing usage time of a privilege in association with the identity for the event, and classifying the privilege into a classification group selected from a plurality of predefined classification groups. Each respective classification group groups a respective set of privileges defined in the cloud environment. The method includes obtaining a grant time stamp representing a grant time of at least one privilege, in the respective set of privileges in the classification group, to the identity and, based on the usage time stamp and the grant time stamp, generating an excessive privilege determination that indicates the classification group includes at least one excessive privilege. The method includes performing a computing action based on the excessive privilege determination.

Abstract: The technology disclosed relates to detection of data traffic in computing environments, such as cloud environments. Example systems and methods detect a plurality of workloads in a virtual network in a computing environment and deploy a plurality of probe agents to the plurality of workloads. Each respective probe agent detects network traffic on a respective workload of the plurality of workloads, scans a data packet that is at least one of sent or received by the respective workload, generates a data classification relative to the data packet, and generates a scan result that includes packet payload information and an indication of the data classification. The scan results are received from the plurality of probe agents and a computing action is performed based on scan results.

Abstract: A computer-implemented method includes detecting occurrence of an event in a cloud environment, obtaining an indication of an identity associated with the event, obtaining an indication of a usage time stamp representing usage time of a privilege in association with the identity for the event, and classifying the privilege into a classification group selected from a plurality of predefined classification groups. Each respective classification group groups a respective set of privileges defined in the cloud environment. The method includes obtaining a grant time stamp representing a grant time of at least one privilege, in the respective set of privileges in the classification group, to the identity and, based on the usage time stamp and the grant time stamp, generating an excessive privilege determination that indicates the classification group includes at least one excessive privilege. The method includes performing a computing action based on the excessive privilege determination.

Abstract: The disclosed technology receives a control input identifying a sampling criterion for classifying a data store storing a set of data objects in a computing environment as corresponding to a target data type and deploys one or more scanners configured to select a representative subset of data objects, from the set of data objects, based on the sampling criterion. A scanner result generated by the one or more scanners is received that represents detected instances, in the representative subset of data objects, of one or more pre-defined data patterns of the target data type. A classification result is generated based on a comparison of the number of detected instances of the one or more pre-defined data patterns to a threshold. The classification result represents a classification of the data store as having correspondence to the target data type. A computing action is performed based on the classification result.

Abstract: The technology disclosed relates to analysis of security posture of a cloud environment. A computing system is configured to automatically discover a plurality of databases in the cloud environment and configure an orchestration engine to deploy a plurality of log analyzer microservices on the plurality of databases. Each log analyzer microservice, of the plurality of log analyzer microservices, is configured to scan a respective database log that represents database activities on a respective database of the plurality of databases. Analysis results are received from the plurality of log analyzer microservices. The analysis results represent detection of at least one of a performance criterion or a security criterion in one or more databases of the plurality of databases. An action signal representing the analysis results is generated.

Abstract: The technology disclosed relates to analysis of security posture of a cloud environment. A computing system is configured to automatically discover a plurality of databases in the cloud environment and configure an orchestration engine to deploy a plurality of log analyzer microservices on the plurality of databases. Each log analyzer microservice, of the plurality of log analyzer microservices, is configured to scan a respective database log that represents database activities on a respective database of the plurality of databases. Analysis results are received from the plurality of log analyzer microservices. The analysis results represent detection of at least one of a performance criterion or a security criterion in one or more databases of the plurality of databases. An action signal representing the analysis results is generated.

Abstract: The technology disclosed relates to resource activity management in a cloud environment. A computer-implemented method includes detecting a plurality of virtual networks in the cloud environment and deploying a plurality of sensors in the plurality of virtual networks using an orchestration engine of the cloud environment. Each sensor, of the plurality of sensors, includes an executable package configured to execute in a respective virtual network, of the plurality of virtual networks, independent of other sensors, of the plurality of sensors, to manage activities in the respective virtual network. The method includes identifying an activity management task to be performed in a particular virtual network of the plurality of virtual networks, sending a task command representing the activity management task to the sensor deployed in the particular virtual network, and receiving an execution result representing execution of the activity management task by the sensor deployed in the particular virtual network.

Abstract: The technology disclosed relates to endpoint data loss prevention (DLP). In particular, the technology disclosed relates to enforcing data loss prevention policies at an endpoint without needing to perform content sensitivity scan at the endpoint.

Abstract: The technology disclosed relates to endpoint data loss prevention (DLP). In particular, the technology disclosed relates to enforcing data loss prevention policies at an endpoint without needing to perform content sensitivity scan at the endpoint.

Abstract: The technology disclosed relates to analysis of security posture of a cloud environment. In particular, the disclosed technology relates to a system and method that detects a triggering criterion and, in response to the triggering criterion, automatically discovers a plurality of databases in the cloud environment. An orchestration engine is configured to deploy a plurality of log analyzer microservices on the plurality of databases, each log analyzer microservice, of the plurality of log analyzer microservices, being configured to scan a respective database log that represents database activities on a respective database of the plurality of databases. Analysis results are received from the plurality of log analyzer microservices, the analysis results represent detection of at least one of a performance criterion or a security criterion in one or more databases of the plurality of databases. An action signal representing the analysis results is generated.

Abstract: The technology disclosed presents an improved endpoint data loss prevention (DLP) solution, referred to herein as “small-footprint endpoint DLP (sf-EDLP),” which enforces security policies at endpoints by relying on previously generated sensitivity metadata, rather than by performing content sensitivity scans at the endpoints. Since content sensitivity scans are computationally intensive and time consuming, sf-EDLP leads to a significantly simpler implementation, reduced runtime computation, and a smaller memory footprint; making it suitable for computationally constrained environments such as modern mobile devices.

Abstract: The technology disclosed relates to endpoint data loss prevention (DLP). In particular, the technology disclosed relates to enforcing data loss prevention policies at an endpoint without needing to perform content sensitivity scan at the endpoint.

Abstract: The technology disclosed presents an improved endpoint data loss prevention (DLP) solution, referred to herein as “small-footprint endpoint DLP (sf-EDLP),” which enforces security policies at endpoints by relying on previously generated sensitivity metadata, rather than by performing content sensitivity scans at the endpoints. Since content sensitivity scans are computationally intensive and time consuming, sf-EDLP leads to a significantly simpler implementation, reduced runtime computation, and a smaller memory footprint; making it suitable for computationally constrained environments such as modern mobile devices.

Abstract: A method (200) for configuring a workflow is described. The method (200) comprises initiating (202), by a workflow engine (122), a task in the workflow and identifying (210), by a rule engine (124), at least one upcoming task in the workflow based on data associated with at least one parameter of the task. The method (200) further comprises determining (212), by a task engine (126), at least one additional parameter of the identified at least one upcoming task and obtaining (214), by the task engine (126), data associated with the at least one additional parameter. The method (200) further comprises completing (216), by the task engine (126), the task based on the data associated with the at least one additional parameter.

Abstract: The technology disclosed presents an improved endpoint data loss prevention (DLP) solution, referred to herein as “small-footprint endpoint DLP (sf-EDLP),” which enforces security policies at endpoints by relying on previously generated sensitivity metadata, rather than by performing content sensitivity scans at the endpoints. Since content sensitivity scans are computationally intensive and time consuming, sf-EDLP leads to a significantly simpler implementation, reduced runtime computation, and a smaller memory footprint; making it suitable for computationally constrained environments such as modern mobile devices.

Abstract: The technology disclosed presents an improved endpoint data loss prevention (DLP) solution, referred to herein as “small-footprint endpoint DLP (sf-EDLP),” which enforces security policies at endpoints by relying on previously generated sensitivity metadata, rather than by performing content sensitivity scans at the endpoints. Since content sensitivity scans are computationally intensive and time consuming, sf-EDLP leads to a significantly simpler implementation, reduced runtime computation, and a smaller memory footprint; making it suitable for computationally constrained environments such as modern mobile devices.

Abstract: Multimedia gateway for use in a networked home environment is disclosed. In one embodiment, in a method for delivering broadcast multimedia content in a networked home environment, a radio frequency (RF) signal is received. The RF signal is then converted into an IP stream. It is determined whether the IP stream is an IP data stream or an IP video stream and based on the outcome of the determination, the IP stream is sent to one or more televisions, one or more computing devices, and/or one or more telephones.

Abstract: A method and system to protect users against potentially fraudulent activities associated with spoof web sites are described. According to one aspect of the present invention, the URL of a document downloaded via a web browser client is compared to the URLs in a list of URLs for known spoof sites. If the URL for the downloaded document is found in the list of URLs for known spoof sites, a security indicator is displayed to the user to indicate to the user that the downloaded document is associated with a known spoof site. According to another aspect of the invention, a security server maintains a master black list and periodically communicates updates of the master black list to the local list of a client security application.

Abstract: A method and system to protect users against potentially fraudulent activities associated with spoof web sites are described. According to one aspect of the present invention, the URL of a document downloaded via a web browser client is compared to the URLs in a list of URLs for known spoof sites. If the URL for the downloaded document is found in the list of URLs for known spoof sites, a security indicator is displayed to the user to indicate to the user that the downloaded document is associated with a known spoof site. According to another aspect of the invention, a security server maintains a master black list and periodically communicates updates of the master black list to the local list of a client security application.

Abstract: A method and system to protect users against potentially fraudulent activities associated with spoof web sites are described. According to one aspect of the present invention, the URL of a document downloaded via a web browser client is compared to the URLs in a list of URLs for known spoof sites. If the URL for the downloaded document is found in the list of URLs for known spoof sites, a security indicator is displayed to the user to indicate to the user that the downloaded document is associated with a known spoof site. According to another aspect of the invention, a security server maintains a master black list and periodically communicates updates of the master black list to the local list of a client security application.