Abstract: A method, system, and computer-implemented method to manage threats to a protected network having a plurality of internal production systems is provided. The method includes monitoring network traffic from the plurality of internal production systems of a protected network for domain names. For each internal production system, a first collection of each unique domain name that is output by the internal production system is determined over the course of a long time interval. For each internal production system, a second collection of each unique domain name that is output by the internal production system is determined over the course of a short time interval. Domain names in the first and second collections associated with the plurality of internal production systems are compared to determine suspicious domain names that meet a predetermined condition. A request is output to treat the suspicious the suspicious domain names as being suspicious.

Abstract: A method and system for detecting impersonated network traffic by a protected computing device and a network protection system. The method includes the computing device receiving installation of a browser application, the browser application configured to generate requests to communicate with other computers via the World Wide Web and receiving a configuration for the browser application. The browser application is configured to obtain a short-lived password (SLP) in coordination with generating a request and insert the short-lived password into the generated request before transmitting the request. The SLP is synchronized with an expected value generated by the network protection system. The transmitted request is passed to the network protection system and treated as legitimate network traffic by the network protection system only if the network protection system detects and verifies the SLP.

Abstract: A method and system for detecting impersonated network traffic by a protected computing device and a network protection system. The method includes the computing device receiving installation of a browser application, the browser application configured to generate requests to communicate with other computers via the World Wide Web and receiving a configuration for the browser application. The browser application is configured to obtain a short-lived password (SLP) in coordination with generating a request and insert the short-lived password into the generated request before transmitting the request. The SLP is synchronized with an expected value generated by the network protection system. The transmitted request is passed to the network protection system and treated as legitimate network traffic by the network protection system only if the network protection system detects and verifies the SLP.

Abstract: A method, system, and computer-implemented method to manage threats to a protected network having a plurality of internal production systems is provided. The method includes monitoring network traffic from the plurality of internal production systems of a protected network for domain names. For each internal production system, a first collection of each unique domain name that is output by the internal production system is determined over the course of a long time interval. For each internal production system, a second collection of each unique domain name that is output by the internal production system is determined over the course of a short time interval. Domain names in the first and second collections associated with the plurality of internal production systems are compared to determine suspicious domain names that meet a predetermined condition. A request is output to treat the suspicious the suspicious domain names as being suspicious.

Abstract: Method and apparatus for monitoring source data that is a target of a backup service is described. In one example, backup data produced by the backup service is analyzed to identify changes in the source data. At least one trend related to the changes is identified. At least one deviation in the changes from the at least one trend is identified. At least one notification may then be generated that includes information indicative of the at least one deviation. The notification(s) may be sent to a network management system as an indication of user error or malicious attacks.