Abstract: A method and system for anonymizing data to be transmitted to a destination computing device is disclosed. Anonymization strategy for data anonymization is provided. Data to be transmitted is received from a user computer. Selective anonymization of the data is performed, based on the anonymization strategy, using an anonymization module. The data includes a plurality of characters. A portion of the anonymized data is selected as a search ID. A cross reference between a search key indicative of a portion of the received data and the corresponding search ID is stored.

Abstract: A method and system for network endpoint identification through network fingerprint based entity resolution. Particularly, embodiments disclosed herein may entail receiving a network fingerprint descriptive of at least a network endpoint; obtaining at least two network endpoint label sets each inferred from the network fingerprint by a different network fingerprint parser; reducing, through entity resolution and heuristics, the at least two network endpoint label sets into a de-duplicated network endpoint label set; and resolving, through a voting algorithm, the de-duplicated network endpoint label set to obtain a unified network endpoint label that best identifies the network endpoint.

Abstract: Embodiments of the present disclosure include techniques for generating hybrid network activity records. A stream of packet data is received. A flow in the stream of packet data is identified. Deep packet inspection operations are performed on a first subset of packets in the flow to extract a first set of data. Flow stat operations are performed on a second subset of packets in the flow to extract a second set of data. Based on the first and second sets of data, a set of network activity records are generated.

Abstract: A method and system for anonymizing data to be transmitted to a destination computing device is disclosed. Anonymization strategy for data anonymization is provided. Data to be transmitted is received from a user computer. Selective anonymization of the data is performed, based on the anonymization strategy, using an anonymization module. The data includes a plurality of characters. An order indicator data indicative of the order of the received data is generated. The received data is anonymized to derive an anonymized data. The anonymized data and the order indicator data is transmitted to the destination computer over a network. In one embodiment, a portion of the anonymized data is selected as a search ID. A cross reference between a search key indicative of a portion of the received data and the corresponding search ID is stored.

Abstract: System and method to identify a security entity in a computing environment is disclosed. Communication between a user computer and at least one destination computer by a security appliance is monitored by a security appliance. A virtual identifier is assigned to a subset of the communication within a defined time period. At least one security entity is identified based on a subset of the selective information. The assigned virtual identifier associated with at least one security entity.

Abstract: A data storage system includes a column store and a row store. The data storage system may generate a query summary. The data storage system determines query summary fields comprised of a subset of fields from a schema used to store data in the row store. The data storage system searches the column store or the row store for query results in the query summary fields. A query summary field is generated from the query results in the query summary fields.

Abstract: A system and method for content messaging includes observing, by the server, synchronization of a database cluster accessible to the server with a first local database at a first client, the database cluster including a message after the synchronization, the message including content and instructions for processing the content, and processing, by the server, the content of the message according to the instructions for processing the content, in response to observing the synchronization.

Abstract: System and method to evaluate a plurality of security entities in a network environment is disclosed. Communication between a user computer and a destination computer is monitored by a security appliance. Selective information from the communication is extracted by the security appliance. The selective information is indicative of a value for one or more attributes of the plurality of security entities. A first value indicative of occurrence of each of the values for each of the attributes is generated. A second value indicative of occurrence of each of the values for each of the attributes for each of the security entity is generated. A third value is calculated based on the first value and the second value for each of the attribute value for each of the security entity, wherein the third value is indicative of significance of the value of the attribute for the security entity.

Abstract: System and method for detecting a likely threat from a malicious attack is disclosed. Communication between a user computer and a destination computer is monitored by a security appliance. Selective information from the communication is extracted. One or more weak signals of a threat is detected based on the selective information. One or more weak signals are evaluated for a likely threat based on a threshold value. A corrective action is initiated for the likely threat, based on the evaluation.

Abstract: System and method for detecting a likely threat from a malicious attack is disclosed. Communication between a user computer and a destination computer is monitored by a security appliance. Selective information from the communication is extracted. Selective information is associated to one or more attributes of a security entity. A knowledge graph is generated for a plurality of security entities based on the associated selective information.

Abstract: System and method for evaluating communication between a plurality of computing devices is disclosed. A plurality of communication between a user computer and at least one a destination computer is monitored by a security appliance. Selective information from the plurality of communication is extracted by the security appliance. Extracted selective information between a pair of communication is compared for a match. An activity record is generated for the user computer and at least one destination computer, based on the match.

Abstract: A system and method for geofencing includes sending, by the location management server, location data collection criteria and location data reporting criteria to a first location-aware client; and receiving, by the location management server, location data from the first location-aware client, the location data collected by the first location-aware client according to the location data collection criteria, the location data received from the first location-aware client according to the location data reporting criteria.

Abstract: Systems and methods for processing log data are provided. A set of data chunks is determined. Each data chunk is associated with a set of events, which are grouped according to a primary time dimension field of each event of the set of events. A metadata structure is determined for each of the data chunks. The metadata structure includes comprises a range of the primary time dimension field of all of the events in the data chunk and a range of a secondary time dimension field of all of the events in the data chunk. A subset of the data chunks is selected. A data chunk associated with at least one event of the plurality of events is generated according to the secondary time dimension field of the at least one event.

Abstract: A method and system for anonymizing data to be transmitted to a destination computing device is disclosed. Anonymization strategy for data anonymization is provided. Data to be transmitted is received from a user computer. Selective anonymization of the data is performed, based on the anonymization strategy, using an anonymization module. The data includes a plurality of characters and defines a clear data. A modified clear data with number of characters greater than the clear data is formed using the clear data, a delimiter data and a pad data. The modified clear data is anonymized to derive an anonymized data. The anonymized data is transmitted to the destination computer over a network. In one embodiment, a portion of the pad data is selected as a seed value to generate an initialization vector to anonymize the clear data.

Abstract: A method and system for a distributed anonymization system is disclosed. A master anonymization system is provided. A slave anonymization system is configured to communicate with the master anonymization system, wherein the master anonymization system permits the slave anonymization system to perform one or more functions. The slave anonymization system is configured receives a request from a user computer that requires slave anonymization system to perform a function. The performance of the function requires either storage of data to a data store in a destination computing device or retrieval of data from the data store in the destination computing device, wherein the data is stored or retrieved in an anonymized form. The slave anonymization system verifies if the function to be performed is a permitted function. If it is a permitted function, the function is performed.

Abstract: A method and system for anonymizing data to be transmitted to a destination computing device is disclosed. Anonymization strategy for data anonymization is provided. Data to be transmitted is received from a user computer. The data includes a plurality of numbers and defines a clear data in a first base encoding scheme, with one or more predefined characteristics. The clear data is converted to a modified clear data in a second base encoding scheme. The modified clear data is anonymized using an anonymization module, to derive an interim anonymized data in the second base encoding scheme. A converted interim anoymized data in the first base encoding scheme is designated as the anonymized data, if the converted interim anonymized data meets the predefined characteristics of the clear data. The anonymized data is transmitted to the destination computer over a network.

Abstract: A method and system for anonymizing data to be transmitted to a destination computing device is disclosed. Anonymization strategy for data anonymization is provided. Data to be transmitted is received from a user computer. A context sensing word is appended to the anonymized data. The anonymized data and the context sensing word are transmitted to the destination computing device. In one embodiment, the data includes a plurality of normal words and a plurality of stop words. A compacted stop word representative of each of the stop word and their relative position in the data is created. Anonymized normal words and anonymized compacted stop word is transmitted to the destination computing device.

Abstract: A system and method for content messaging includes observing, by the server, synchronization of a database cluster accessible to the server with a first local database at a first client, the database cluster including a message after the synchronization, the message including content and instructions for processing the content, and processing, by the server, the content of the message according to the instructions for processing the content, in response to observing the synchronization.

Abstract: A system and method for geofencing includes sending, by the location management server, location data collection criteria and location data reporting criteria to a first location-aware client; and receiving, by the location management server, location data from the first location-aware client, the location data collected by the first location-aware client according to the location data collection criteria, the location data received from the first location-aware client according to the location data reporting criteria.

Abstract: A data storage system includes a column store and a row store. The data storage system may generate a query summary. The data storage system determines query summary fields comprised of a subset of fields from a schema used to store data in the row store. The data storage system searches the column store or the row store for query results in the query summary fields. A query summary field is generated from the query results in the query summary fields.