Abstract: An incident manager application (IM) for responding to data security incidents in enterprise networks is disclosed. An IM tracks the incidents in an enterprise network by storing incident objects and incident artifact (IA) metadata created for the incidents, where the incident objects and IAs include information concerning the incidents. Incident response team (IRT) personnel of the enterprise networks can define action conditions within the IM that are associated with the incident objects. When the information within the incident objects and/or IAs meets the defined action conditions, the IM includes the objects that cause the action conditions to be satisfied in messages. Devices such as user account databases and configuration servers within the enterprise network can then download the messages and execute actions that reference the objects extracted from the downloaded messages to implement a response to the incidents.

Abstract: An incident manager application (IM) for responding to data security incidents in enterprise networks is disclosed. An IM tracks the incidents in an enterprise network by storing incident objects and incident artifact (IA) metadata created for the incidents, where the incident objects and IAs include information concerning the incidents. Incident response team (IRT) personnel of the enterprise networks can define action conditions within the IM that are associated with the incident objects. When the information within the incident objects and/or IAs meets the defined action conditions, the IM includes the objects that cause the action conditions to be satisfied in messages. Devices such as user account databases and configuration servers within the enterprise network can then download the messages and execute actions that reference the objects extracted from the downloaded messages to implement a response to the incidents.

Abstract: A weightlifting belt includes a flexible strap portion with a first major surface (e.g., a front), a second major surface (e.g., a back), a first longitudinal end, a second longitudinal end, a first lateral side, and a second lateral side. An anchor assembly is in contact with the first major surface of the flexible strap portion near the first longitudinal end of the flexible strap portion. A lever-actuated hook assembly is in contact with the first major surface of the flexible strap portion near the second longitudinal end of the flexible strap portion. The lever-actuated hook assembly is configured to engage the anchor assembly so as to hold the first longitudinal end of the strap portion close to, or in physical contact with, the second longitudinal end of the strap portion so as to form a loop that can fit around a waist of a human.

Abstract: An incident manager application (IM) for responding to data security incidents in enterprise networks is disclosed. An IM tracks the incidents in an enterprise network by storing incident objects and incident artifact (IA) metadata created for the incidents, where the incident objects and IAs include information concerning the incidents. Incident response team (IRT) personnel of the enterprise networks can define action conditions within the IM that are associated with the incident objects. When the information within the incident objects and/or IAs meets the defined action conditions, the IM includes the objects that cause the action conditions to be satisfied in messages. Devices such as user account databases and configuration servers within the enterprise network can then download the messages and execute actions that reference the objects extracted from the downloaded messages to implement a response to the incidents.

Abstract: A belt is disclosed that includes a strap and a buckle. A first row of holes extends in a longitudinal direction, and a second parallel row of holes extends in the longitudinal direction, both near a first end of the strap. The holes in the first row are offset in the longitudinal direction from the holes in the second row. The belt buckle has a frame and a prong and is coupled to the second end of the strap. The buckle is configured such that when the first end of the belt is passed through the frame of the buckle, the prong of the buckle can be moved into either a first position to physically engage a hole in the first row of holes or a second position to physically engage a hole in the second row of holes.

Abstract: A system and method for responding to data security incidents in enterprise networks using an incident response bus (IR bus) within an incident management system is disclosed. An Incident Manager (IM) application of the system stores objects that include information concerning data security incidents that occur in enterprise networks managed by the incident management system. Users configure action conditions on the IM, the satisfaction of which cause the IM to send messages that include the information concerning the incidents to message queues, or destinations. Correspondingly, the IR bus includes plugins associated with the devices in each client's enterprise network, where each plugin can access the message destinations for the messages. The plugins, in one embodiment, also configure one or more chains of plugins that process the messages. The plugins then execute the chains of plugins to specify actions for the devices to execute to provide a response to the incidents.

Abstract: An incident manager application (IM) for responding to data security incidents in enterprise networks is disclosed. An IM tracks the incidents in an enterprise network by storing incident objects and incident artifact (IA) metadata created for the incidents, where the incident objects and IAs include information concerning the incidents. Incident response team (IRT) personnel of the enterprise networks can define action conditions within the IM that are associated with the incident objects. When the information within the incident objects and/or IAs meets the defined action conditions, the IM includes the objects that cause the action conditions to be satisfied in messages. Devices such as user account databases and configuration servers within the enterprise network can then download the messages and execute actions that reference the objects extracted from the downloaded messages to implement a response to the incidents.

Abstract: A data security incident correlation and dissemination system and method is disclosed. In an exemplary implementation of the system, a service provider of a managed security service receives incident information regarding data security incidents at different business organizations of the security service. One or more incident managers operated by different organizations send incident information, and a server system within the service provider's network creates aggregated data from the incident information received from the incident managers. The server system analyzes the aggregated data to create correlated incident records that include incident information from related data security incidents at the different organizations, and provides threat intelligence data based on the correlated incident records for the organizations. In embodiments, the server system can “push” threat intelligence data to the organizations, or the organizations can request the threat intelligence data from the server system.

Abstract: An incident response system and method for tracking data security incidents in enterprise networks is disclosed. An Incident Manager application (IM) stores incident objects and incident artifacts (IAs) created in response to the incidents, where the incident objects include the information for the incident and the IAs are associated with data resources (e.g. IP addresses and malware hashes) identified within the incident objects. In response to creation of the IAs, the IM issues queries against one or more external threat intelligence sources (TISs) to obtain information associated with the IAs and augments the IAs with the obtained information. In examples, the IM can identify known threats by comparing the contents of IAs against TIS(s) of known threats, and can identify potential trends by correlating the created incident objects and augmented IAs for an incident with incident objects and IAs stored for other incidents.

Abstract: An incident response system and method for tracking data security incidents in enterprise networks is disclosed. An Incident Manager application (IM) stores incident objects and incident artifacts (IAs) created in response to the incidents, where the incident objects include the information for the incident and the IAs are associated with data resources (e.g. IP addresses and malware hashes) identified within the incident objects. In response to creation of the IAs, the IM issues queries against one or more external threat intelligence sources (TISs) to obtain information associated with the IAs and augments the IAs with the obtained information. In examples, the IM can identify known threats by comparing the contents of IAs against TIS(s) of known threats, and can identify potential trends by correlating the created incident objects and augmented IAs for an incident with incident objects and IAs stored for other incidents.

Abstract: An incident response system and method for tracking data security incidents in enterprise networks is disclosed. An Incident Manager application (IM) stores incident objects and incident artifacts (IAs) created in response to the incidents, where the incident objects include the information for the incident and the IAs are associated with data resources (e.g. IP addresses and malware hashes) identified within the incident objects. In response to creation of the IAs, the IM issues queries against one or more external threat intelligence sources (TISs) to obtain information associated with the IAs and augments the IAs with the obtained information. In examples, the IM can identify known threats by comparing the contents of IAs against TIS(s) of known threats, and can identify potential trends by correlating the created incident objects and augmented IAs for an incident with incident objects and IAs stored for other incidents.

Abstract: A data security incident correlation and dissemination system and method is disclosed. In an exemplary implementation of the system, a service provider of a managed security service receives incident information regarding data security incidents at different business organizations of the security service. One or more incident managers operated by different organizations send incident information, and a server system within the service provider's network creates aggregated data from the incident information received from the incident managers. The server system analyzes the aggregated data to create correlated incident records that include incident information from related data security incidents at the different organizations, and provides threat intelligence data based on the correlated incident records for the organizations. In embodiments, the server system can “push” threat intelligence data to the organizations, or the organizations can request the threat intelligence data from the server system.

Abstract: A system and method for responding to data security incidents in enterprise networks using an incident response bus (IR bus) within an incident management system is disclosed. An Incident Manager (IM) application of the system stores objects that include information concerning data security incidents that occur in enterprise networks managed by the incident management system. Users configure action conditions on the IM, the satisfaction of which cause the IM to send messages that include the information concerning the incidents to message queues, or destinations. Correspondingly, the IR bus includes plugins associated with the devices in each client's enterprise network, where each plugin can access the message destinations for the messages. The plugins, in one embodiment, also configure one or more chains of plugins that process the messages. The plugins then execute the chains of plugins to specify actions for the devices to execute to provide a response to the incidents.

Abstract: An incident manager application (IM) for responding to data security incidents in enterprise networks is disclosed. An IM tracks the incidents in an enterprise network by storing incident objects and incident artifact (IA) metadata created for the incidents, where the incident objects and IAs include information concerning the incidents. Incident response team (IRT) personnel of the enterprise networks can define action conditions within the IM that are associated with the incident objects. When the information within the incident objects and/or IAs meets the defined action conditions, the IM includes the objects that cause the action conditions to be satisfied in messages. Devices such as user account databases and configuration servers within the enterprise network can then download the messages and execute actions that reference the objects extracted from the downloaded messages to implement a response to the incidents.

Abstract: An incident response system and method for tracking data security incidents in enterprise networks is disclosed. An Incident Manager application (IM) stores incident objects and incident artifacts (IAs) created in response to the incidents, where the incident objects include the information for the incident and the IAs are associated with data resources (e.g. IP addresses and malware hashes) identified within the incident objects. In response to creation of the IAs, the IM issues queries against one or more external threat intelligence sources (TISs) to obtain information associated with the IAs and augments the IAs with the obtained information. In examples, the IM can identify known threats by comparing the contents of IAs against TIS(s) of known threats, and can identify potential trends by correlating the created incident objects and augmented IAs for an incident with incident objects and IAs stored for other incidents.

Abstract: A dynamic watermarking capability is implemented in an enterprise rights management (ERM) or similar system that comprises a central server to which end user client machines are connectable. The central server has a database in which watermark definitions created by authorized entities are centrally stored. An end user client machine is provided with a client component that typically includes wrapper code, and watermarking rendering code. The wrapper and rendering code are instantiated when a given calling application is started, or when the application initiates a given rendering function such as a print or display operation. When the calling application begins the rendering operation, the wrapper code intercepts a given rendering function call, connects to the central server and then retrieves a watermark definition. Alternatively, the watermark definition is retrieved when a document to be rendered is first accessed on the client machine.

Abstract: A system and method of controlling distribution of electronic information to a device through a non-bidirectional protocol is disclosed. At a user device, a segment of encrypted electronic information is retrieved. Identification data is sent from the user device using the non-bidirectional communications protocol, where the identification information includes at least one of information associated with a user, information associated with the user device, or information associated with the segment of encrypted electronic information. A copy of an encryption key for the segment is retrieved. A voucher is forwarded to the user device using the non-bidirectional communications protocol, the voucher including at least the encryption key associated with the segment. At the user device, the segment is decrypted using the encryption key for the segment.