Abstract: A method and system for anonymizing data to be stored in a destination computing device is disclosed. A first data store is provided in a first user computing device, the first data store including a file folder designated as a first sync folder. A destination data store is provided in a destination computing device, the destination data store including a file folder designated as a destination sync folder. A file stored in the first sync folder is also stored in the destination sync folder and the file stored in the destination sync folder is anonymized before transmission of the file to the destination computing device over a network for storage in the destination sync folder.

Abstract: A data storage system includes a column store and a row store. The data storage system may generate a query summary. The data storage system determines query summary fields comprised of a subset of fields from a schema used to store data in the row store. The data storage system searches the column store or the row store for query results in the query summary fields. A query summary field is generated from the query results in the query summary fields.

Abstract: A method and system for anonymizing data to be transmitted to a destination computing device is disclosed. Anonymization strategy for data anonymization is provided. Data to be transmitted is received from a user computer. Selective anonymization of the data is performed, based on the anonymization strategy, using an anonymization module. The data is anonymized using the anonymization module, to derive an anonymized data, using a data encryption key. The anonymized data is transmitted to the destination computer over a network. In some embodiments, the data encryption key is encrypted and decrypted prior to anonymization.

Abstract: A method and system for anonymizing data to be transmitted to a destination computing device is disclosed. Anonymization strategy for data anonymization is provided. Data to be transmitted is received from a user computer. Selective anonymization of the data is performed, based on the anonymization strategy, using an anonymization module. The data includes a plurality of characters. An initialization vector is generated using a seed value, the seed value having a corresponding seed value identifier. The data is anonymized using an anonymization module, to derive an anonymized data, using the generated initialization vector. The anonymized data and the seed value identifier is transmitted to the destination computer over a network.

Abstract: A method and system for anonymizing data to be transmitted to a destination computing device is disclosed. Anonymization strategy for data anonymization is provided. Data to be transmitted is received from a user computer. The data includes a plurality of fields. One or more fields are selectively extracted. A hash using the extracted fields is computed. The computed hash is stored. Anonymization of the data is performed, using an anonymization module. Anonymized data is transmitted to the destination computing device over a network.

Abstract: A method and system for anonymizing data to be transmitted to a destination computing device is disclosed. An anonymization strategy module is executed on a computing device to store anonymization strategy for data anonymization in a data store. A logic configured to receive data from a user computer, to be stored in the destination computing device. An anonymization module is executed on the computing device to selectively anonymize data to be stored in the destination computing device, based on the anonymization strategy for the data to be stored. Anonymized data is transmitted to the destination computing device for storage, over a network.

Abstract: A method and system for anonymizing data to be transmitted to a destination computing device is disclosed. Data to be transmitted is received from a user computer. The data includes one or more characters. The data is replaced with a token representative of the data. The token is transmitted to the destination computing device over a network.

Abstract: A method and system for anonymizing data to be transmitted to a destination computing device is disclosed. Data to be transmitted is received from a user computer. The data includes a plurality of fields of data. One or more fields of data are selected for anonymization. The selected one or more fields are anonymized. The data with one or more fields anonymized is transmitted to the destination computing device.

Abstract: Systems and methods for processing log data are provided. A set of data chunks is determined. Each data chunk is associated with a set of events, which are grouped according to a primary time dimension field of each event of the set of events. A metadata structure is determined for each of the data chunks. The metadata structure includes comprises a range of the primary time dimension field of all of the events in the data chunk and a range of a secondary time dimension field of all of the events in the data chunk. A subset of the data chunks is selected. A data chunk associated with at least one event of the plurality of events is generated according to the secondary time dimension field of the at least one event.

Abstract: A data storage system (122) includes a column store (281) and a row store (282). The data storage system (122) may generate a query summary. The data storage system (122) determines query summary fields comprised of a subset of fields from a schema used to store data in the row store (282). The data storage system (122) searches the column store (281) or the row store (282) for query results in the query summary fields. A query summary field is generated from the query results in the query summary fields.

Abstract: A method and system for anonymizing data to be transmitted to a destination computing device is disclosed. Anonymization strategy for data anonymization is provided. Data to be transmitted is received from a user computer. Selective anonymization of the data is performed, based on the anonymization strategy, using an anonymization module. Anonymized data is transmitted to the destination computing device over a network.

Abstract: A selected time interval of previously stored events generated by a number of computer network devices are replayed and cross-correlated according to rules. Meta-events are generated when the events satisfy conditions associated with one or more of the rules. The rules used during replay may differ from prior rules used at a time when the events occurred within a computer network that included the computer network devices. In this way, new rules can be tested against true event data streams to determine whether or not the rules should be used in a live environment (i.e., the efficacy of the rules can be tested and/or debugged against actual event data).

Abstract: Events are received from a plurality of security devices (which may be similar or different devices, e.g., intrusion detection systems configured to monitor network traffic) and divided into a plurality of event flows. Comparing the event flows (e.g., using statistical correlation methods) then generates one or more meta-events. The received events may be divided into different event flows on the basis of the security device which generated the events. The meta-events may be generated by evaluating a perimeter defense device through comparison of the different event flows. In some cases, various ones of the security devices may be inside or outside a perimeter defined by the perimeter defense device.

Abstract: First stage meta-events are generated based on analyzing time attributes of base events received from a network component. Second stage meta-events are generated based on a number of the first stage meta-events that have a time attribute falling within a time period. An amount of time that has passed since a most-recent second stage meta-event was generated is determined, and if a threshold time period does not exceed the amount of time that has passed since the most-recent second stage meta-event was detected, a third stage meta-event is determined.

Abstract: A rules engine with support for time-based rules is disclosed. A method performed by the rules engine, comprises receiving security events generated by a number of network devices. The security events are aggregated. One or more time-based rules are provided to a RETE engine. The aggregated security events are provided to the RETE engine at specific times associated with the time-based rules. The security events are cross-correlated with the one or more time-based rules; and one or more first stage meta-events are reported.

Abstract: A network system can have a plurality of distributed software agents configured to collect events from network devices. In one embodiment, the agents are configured to aggregate the events. In one embodiment of the present invention, an agent includes a device interface to receive an event from a network device, a plurality of aggregation profiles, and an agent aggregate module to select one of the plurality of aggregation profiles, and increment an event count of an aggregate event representing the received event using the selected aggregation profile.

Abstract: A selected time interval of previously stored events generated by a number of computer network devices are replayed and cross-correlated according to rules. Meta-events are generated when the events satisfy conditions associated with one or more of the rules. The rules used during replay may differ from prior rules used at a time when the events occurred within a computer network that included the computer network devices. In this way, new rules can be tested against true event data streams to determine whether or not the rules should be used in a live environment (i.e., the efficacy of the rules can be tested an tor debugged against actual event data).

Abstract: A selected time interval of previously stored security events generated by a number of computer network devices are replayed and cross-correlated according to rules defining security incidents. Meta-events are generated when the security events satisfy conditions associated with one or more of the rules. The rules used during replay may differ from prior rules used at a time when the security events occurred within a computer network that included the computer network devices. In this way, new rules can be tested against true security event data streams to determine whether or not the rules should be used in a live environment (i.e., the efficacy of the rules can be tested and/or debugged against actual security event data).

Abstract: A network security system is provided that receives information from various sensors and can analyze the received information. In one embodiment of the present invention, such a system receives a security event from a software agent. The received security event includes a target address and an event signature, as generated by the software agent. The event signature can be used to determine a set of vulnerabilities exploited by the received security event, and the target address can be used to identify a target asset within the network. By accessing a model of the target asset, a set of vulnerabilities exposed by the target asset can be retrieved. Then, a threat can be detected by comparing the set of vulnerabilities exploited by the security event to the set of vulnerabilities exposed by the target asset.

Abstract: A network security system can have a plurality of distributed software agents configured to collect security events from network devices. In one embodiment, the agents are configured to aggregate the security events. In one embodiment of the present invention, an agent includes a device interface to receive a security event from a network device, a plurality of aggregation profiles, and an agent aggregate module to select one of the plurality of aggregation profiles, and increment an event count of an aggregate event representing the received security event using the selected aggregation profile.