Abstract: Techniques are disclosed for facilitating analysis of cloud activity. A cloud activity analysis agent may run within a virtual machine in a cloud computing environment to collecting information regarding computing activity within the virtual machine. The cloud activity analysis agent may include, in network flow data records, cloud activity data based on the collected information. The cloud activity analysis agent may then transmit the network flow data records to a network device for flow analysis. In some embodiments, the network flow data records are transmitted to a network flow analyzer that is configured to receive the cloud activity data and is further configured to receive network flow data from one or more flow collectors within a network of the entity. The network flow analyzer may then perform a security analysis for the entity based on the network flow data and the cloud activity data.

Abstract: Techniques are disclosed for supplementing network flow analysis with data collected from endpoint computer systems in a network. An endpoint analysis agent may run on endpoints to collect information relating to computing activity internal to the endpoint, including system configuration information, event information, and network, user, process, and file activity. This information may be reported to a network flow analyzer using an extensible flow data record format. The flow analyzer may then correlate this information with network flow data records received from flow collectors in the network to perform a security analysis. In various embodiments, the endpoint analysis agent may cache the collected information when the endpoint is offline. The agent may also perform data reduction operations (such as compression) on the collected information before reporting; data may be further reduced by reporting data only during specified time periods. An analysis agent may also be deployed in a cloud environment.

Abstract: Techniques are disclosed relating to monitoring computer system activity. In some embodiments, a computing device receives information from observation instrumentation that monitors a plurality of observation points in a computer system. The information includes information identifying activities occurring in the computer system and observed by the observation instrumentation. The computing device determines, from the received information, a risk profile associated with the computer system and, based on the risk profile, adjusts how the observation instrumentation monitors the plurality of observation points. In some embodiments, the received information includes information about one or more user activity risk factors, system risk factors, application risk factors, contact risk factors and/or enterprise risk factors. In some embodiments, based on the risk profile, the computing device causes a control action to be taken with respect to one or more components in the computer system.

Abstract: Techniques are disclosed for facilitating analysis of cloud activity. A cloud activity analysis agent may run within a virtual machine in a cloud computing environment to collecting information regarding computing activity within the virtual machine. The cloud activity analysis agent may include, in network flow data records, cloud activity data based on the collected information. The cloud activity analysis agent may then transmit the network flow data records to a network device for flow analysis. In some embodiments, the network flow data records are transmitted to a network flow analyzer that is configured to receive the cloud activity data and is further configured to receive network flow data from one or more flow collectors within a network of the entity. The network flow analyzer may then perform a security analysis for the entity based on the network flow data and the cloud activity data.

Abstract: Techniques are disclosed for supplementing network flow analysis with data collected from endpoint computer systems in a network. An endpoint analysis agent may run on endpoints to collect information relating to computing activity internal to the endpoint, including system configuration information, event information, and network, user, process, and file activity. This information may be reported to a network flow analyzer using an extensible flow data record format. The flow analyzer may then correlate this information with network flow data records received from flow collectors in the network to perform a security analysis. In various embodiments, the endpoint analysis agent may cache the collected information when the endpoint is offline. The agent may also perform data reduction operations (such as compression) on the collected information before reporting; data may be further reduced by reporting data only during specified time periods. An analysis agent may also be deployed in a cloud environment.

Abstract: A spam classification manager uses a dynamically adaptive decision threshold for detecting spam email messages. For each of a plurality of time periods, the spam classification manager calculates an adaptive decision threshold to use to adjudicate whether or not received email messages comprise spam. The threshold is based on ratios between clean and spam emails received in previous time periods, as well as a misclassification cost ratio. The spam classification manager determines a likelihood of each incoming email message received during the time period being spam, and adjudicates whether each message in fact comprises spam by comparing the determined likelihood to the threshold. The spam classification manager keeps track of incoming email messages received during the time period adjudicated to be spam and adjudicated to be clean, and uses that information in the calculation of adaptive thresholds for future time periods.

Abstract: In the method of the present invention, spam is detected by extracting generalized Ngrams from a section of an e-mail (104). A spam manager (101) extracts (502) a sequence of characters from a section of an email. The spam manager (101) iterates (504) subsequences within the sequence. The spam manager (101) compares (506) subsequences to collections of spam-distinguishing subsequences to identify spam e-mail (104) messages.

Abstract: A scan-on-read manager efficiently scans received data. The scan-on-read manager detects attempts by applications to read received data. The scan-on-read manager scans received data only responsive to an application attempting to read it. The scan-on-read manager only allows the application to read received data that has been scanned.

Abstract: A scan-on-read manager efficiently scans received data. The scan-on-read manager detects attempts by applications to read received data. The scan-on-read manager scans received data only responsive to an application attempting to read it. The scan-on-read manager only allows the application to read received data that has been scanned.

Abstract: A scan-on-read manager efficiently scans received data. The scan-on-read manager detects attempts by applications to read received data. The scan-on-read manager scans received data only responsive to an application attempting to read it. The scan-on-read manager only allows the application to read received data that has been scanned.

Abstract: A method and a system to meter and control the usage of a telephone. The metering and control functions are applicable for specific outgoing or incoming destination, the specific user of the telephone, the time of the day when an outgoing call is made or an incoming call is received, and the calling time allowed either collectively or per the specific outgoing or incoming destination. At least one list of a plurality of lists is stored. Each of the stored lists includes at least one entry, and each entry includes at least one of a plurality of fields. The fields within an entry contain information that is used by the metering circuitry to execute the control functions. The outgoing or incoming phone number is received and encoded using a codec unit and compared with all the entries stored within the lists. The result of the comparison is used to determine if a match exists between the encoded phone number and one of the entries stored within the lists.

Abstract: An electrical receptacle that provides dual-mode electric power through two separate sockets. The electrical receptacle includes a first socket configured to supply AC electric current at a high voltage (such as 120V or 240V AC) and a second socket configured to supply DC current at a low voltage current (such as 4V, 6V, or 12V DC). In one embodiment, the receptacle receives the high-voltage AC from electrical wiring in a building and generates the low-voltage DC. This embodiment of the receptacle has input terminals for receiving AC, mounting hardware, an AC-to-DC converter, and one or more DC output sockets. The receptacle may also have a standard AC output socket. The receptacle may be used to provide direct current at several different voltage levels. The different voltages may be accessed simultaneously through several different DC sockets. Alternatively or in combination, one or more switches may be used to select the voltage level delivered by individual sockets or groups of sockets.

Abstract: The present invention comprises an improved telephone system and method for terminating a telephone call after simulating a telephone connection failure. After establishing a telephone connection, a user can terminate the telephone call by depressing a switch on the telephone. The telephone then receives a signal that the switch has been depressed, generates a sound in the telephone line, and then terminates the telephone call. In one embodiment, the user terminates the telephone call because the user no longer wishes to continue conversing with the caller. In another embodiment, the caller terminates the telephone call before the user answers the telephone call after the user determines the identity of the caller. The generated sound simulates a failure in the telephone connection. For example, the sound could be noise to attempt to persuade the caller that the telephone connection is unusable.

Abstract: A communication system which includes more efficient packet conversion and routing for improved performance and simplified operation. The communication system includes one or more inputs for receiving packet data and one or more outputs for providing packet data. In one embodiment, the present invention comprises a "traffic circle" architecture for routing packet data and converting between different packet formats. In this embodiment, the system includes a data bus configured in a ring or circle. A plurality of port adapters or protocol processors are coupled to the ring data bus or communication circle. Each of the port adapters are configurable for converting between different types of communication packet formats. In the preferred embodiment, each of the port adapters are operable to convert between one or more communication packet formats to/from a generic packet format.