Abstract: A router-level computer security component validates multiple endpoint computer security components on multiple endpoint devices in a local area network, based on whether given endpoints each have a specific anti-malware scanning engine and set of signatures used by the router-level component. To validate a given endpoint, the router-level component transmits a code sample which will trigger scanning by the specific anti-malware scanning engine in conjunction with a specific signature of the set, resulting in a specific detection result. In response to receiving the specific, expected detection result in return, the router-component validates the endpoint.

Abstract: The disclosed computer-implemented method for performing security actions based on people's actual reactions to interactions may include (i) detecting an interaction (e.g., an interaction with a digital communication) of a monitored person (e.g., a child), (ii) estimating the monitored person's expected reaction to the interaction, (iii) using contemporaneous sensor data to estimate the monitored person's actual reaction to the interaction, and (iv) performing a security action based at least in part on a comparison of the monitored person's expected reaction and the monitored person's actual reaction. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Ongoing analytics streams are received over time from mobile computing devices. An analytics stream comprises data corresponding to monitored activity that occurred on the originating mobile computing device. Dynamic, personalized knowledge based authentication questions are generated from analytics stream data. In response to an authentication request from a user, the user is prompted to answer a given number of current dynamic, personalized knowledge based authentication questions.

Abstract: A computer-implemented method for digitally signing executables with reputation information is disclosed. This method may include (1) receiving a request for a reputation certificate for an executable file, (2) identifying reputation information associated with the executable file, (3) generating a digitally signed reputation certificate for the executable file that includes at least the reputation information associated with the executable file, and then (4) providing the reputation certificate in response to the request. Additional computer-implemented methods for evaluating the trustworthiness of executable files based at least in part on reputation information contained within such digitally signed reputation certificates, along with corresponding systems and computer-readable media, are also disclosed.

Abstract: The disclosed computer-implemented method for authenticating users may include (1) identifying at least one digital device with which a user interacts, (2) gathering information about how the user interacts with the digital device, (3) generating, based on the gathered information, an authentication protocol for authenticating the user, and (4) using the authentication protocol to authenticate the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Applications on a mobile device are sampled for detecting applications causing performance problems on the device. The method includes periodically logging performance information for a mobile device suspected to be having performance problems. The method further includes periodically logging identifying information about multiple applications on the mobile device. The method also includes periodically providing to a security server the logged performance information for the mobile device and the logged identifying information about the applications. In addition, the method includes, in response to a request from the security server for more information about one of the applications, providing a copy of the application to the security server for analysis of the impact by the application on performance of the mobile device. The method can further include receiving from the security server an indication that the application for which the copy was provided is causing a performance problem on the mobile device.

Abstract: The disclosed computer-implemented method for verifying user attributes may include (1) receiving a request to verify an attribute of a user who claims to be a particular person, (2) determining that the attribute can be verified using a trusted record that is associated with the particular person, (3) determining that the trusted record is associated with a vehicle to which the particular person has access rights, (4) confirming that the user has physical access to the vehicle by performing an access-validation check, and (5) in response to confirming that the user has physical access to the vehicle, using the trusted record to verify the attribute of the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Application authorization management is provided without installation of an agent at an operating system level. A component runs outside of the operating system, in an AMT environment. AMT is utilized to examine the operating system for applications. Identified applications are checked against a whitelist or a blacklist. Responsive to determining that an identified application is not authorized, AMT is used to redirect input/output requests targeting the application to an alternative image, which can, for example, warn the user that the application is not authorized.

Abstract: Computer security threats are increasing in customization and complexity of attacks, expanding the burden on security companies in addressing the wide-array of threats. Functional classification is used here to determine the likely role a client and its user play to personalize computer security according to client/user role. A security module analyzes the client to identify data or applications present on the client or activities performed using the client. Based on this analysis, the security module predicts the role of the client or a user of the client. The module further dynamically generates a security policy that is personalized to and optimized for the client or the user based on the role predicted and on computer security threats expected to affect the client or user based on the role. The module then applies the security policy generated to provide personalized security.

Abstract: A computer-implemented method for protecting sensitive data is described. In one embodiment, the method includes identifying data stored at a first storage system. The identified data is classified as sensitive data. The method includes copying at least a portion of the identified sensitive data from the first storage system, transferring the copied portion of the identified sensitive data from the first storage system to a file stored at a second storage system, and storing a virtual symbolic link at the first storage system. The virtual symbolic link includes information regarding the file stored at the second storage system.

Abstract: A computer-implemented method for remotely configuring applications may include (1) identifying a centrally administered application that includes a configuration specification that defines at least one setting available for the centrally administered application and that is prepared to provide the configuration specification, (2) identifying, by extracting the configuration specification for the centrally administered application, a settings field of the configuration specification, (3) creating a settings configuration policy that specifies a value for the settings field, (4) detecting an instance of the centrally administered application that includes the configuration specification, and (5) pushing the value for the settings field to the instance of the centrally administered application in accordance with the settings configuration policy. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: IoT devices are secured on multiple local area networks. Each local network contains a router which monitors activities of IoT devices, and transmits corresponding information to a backend server. The backend amalgamates this information, calculates dynamic reputation scores, and determines expected authorized activities for specific IoT devices. Based thereon, the backend creates a constraint profile for each IoT device, and transits the constraint profiles to the routers for enforcement. Enforcing a constraint profile can include creating multiples VLANs with varying levels of restricted privileges on a given local area network, and isolating various IoT devices in specific VLANs based on their reputation scores. Constraint profiles can specify to enforce specific firewall rules, and/or to limit an IoT device's communication to specific domains and ports, and/or to specific content.

Abstract: IoT devices are secured on multiple local area networks. Each local network contains a router which monitors activities of IoT devices, and transmits corresponding information to a backend server. The backend amalgamates this information, calculates dynamic reputation scores, and determines expected authorized activities for specific IoT devices. Based thereon, the backend creates a constraint profile for each IoT device, and transits the constraint profiles to the routers for enforcement. Enforcing a constraint profile can include creating multiples VLANs with varying levels of restricted privileges on a given local area network, and isolating various IoT devices in specific VLANs based on their reputation scores. Constraint profiles can specify to enforce specific firewall rules, and/or to limit an IoT device's communication to specific domains and ports, and/or to specific content.

Abstract: A computer-implemented method for providing secure access to local network devices may include (1) identifying a local area network that provides Internet connectivity to at least one device within the local area network, (2) obtaining, from an identity assertion provider, (i) a shared secret for authenticating the identity of a guest user of the device and (ii) a permission for the guest user to access the device from outside the local area network, (3) storing the shared secret and the permission within the local area network, (4) receiving, via the Internet connectivity, a request by the guest user from outside the local area network to access the device, and (5) providing access to the device in response to validating the request based on the shared secret and the permission. Various other methods and systems are also disclosed.

Abstract: Security software on a client observes a request for a resource from an application on the client and then determines the application's reputation. The application's reputation may be measured by a reputation score obtained from a remote reputation server. The security software determines an access policy from a graduated set of possible access policies for the application based on the application's reputation. The security software applies the access policy to the application's request for the resource. In this way, the reputation-based system uses a graduated trust scale and a policy enforcement mechanism that restricts or grants application functionality for resource interactivity along a graduated scale.

Abstract: A method includes creating a virtual machine including a remote file system, a file system service, and a security application. Access to the remote file system is restricted with the security application upon an unknown malicious code outbreak. The more that is known about the threat, the more precise are the restrictions placed upon the file system thus reducing the impact on users of the file system to an absolute minimum.

Abstract: A computer-implemented method may include facilitating registration for a service capable of determining whether strangers who come in contact with one another share one or more characteristics in common. The computer-implemented method may also include obtaining, as part of the registration for the service, permission for the service to access at least a portion of one or more social-networking accounts associated with each of the strangers. The computer-implemented method may further include determining, subsequent to the registration for the service, that the strangers registered for the service have come in contact with one another and then providing the service to the strangers in response to this determination. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Locations of animate and inanimate items are tracked over time. Tracking policies concerning the items are enforced, based on detected spatiotemporal events. Multiple routers each maintain a captive network to which mobile computing devices automatically connect. Users register mobile computing devices, which are associated with items to be tracked. A backend server maintains records concerning registered mobile computing devices. Records contain identifiers of registered mobile computing devices and their associated items, as well as categorization information and tracking policies concerning the items. Over time, registered mobile computing devices are moved around, causing them to connect to and disconnect from different captive networks. These connection events are reported to the backend, which uses this data to track locations of items over time.

Abstract: Anomalous access activity is detected and managed. Access of enterprise data on multiple client computers is monitored and logged. The resulting log information identifies accessed units of enterprise data and corresponding access context. Log information concerning access of specific units of data on multiple client computers is received over a period of time and amalgamated. Statistical analysis is performed on amalgamated log information, thereby determining access baselines for data over the time period. Received log information concerning access of a specific unit of data on a specific client computer is compared to corresponding access baseline(s). Responsive to the comparison indicating that the access deviates from a baseline in excess of a threshold, the access is classified as being anomalous. Alerts are automatically output in response to detecting anomalous data access.

Abstract: Multiple apps of an ecosystem on a computer securely exchange encrypted data according to an information control policy of an enterprise, without allowing unauthorized access from outside of the ecosystem. An ecosystem agent creates an ecosystem directory, which contains policy information and identification information concerning each specific app in the ecosystem, including the ecosystem agent. Each ecosystem app generates an asymmetric key pair, the public key of which it shares only with apps in the ecosystem through the directory. The ecosystem agent's private key is used to encrypt the directory. Data is securely communicated between apps in the ecosystem, by encrypting and decrypting messages and data objects with the appropriate ecosystem app keys. Each specific app in the ecosystem complies with enterprise information control policy. Ecosystem apps can read a policy from the directory, and receive policy updates from the enterprise.