Abstract: According to one embodiment, a computerized method comprises three operations. First, an exploit is determined to have been activated on a client device to transition a state of the client device from a non-infected state to an infected state. Second, a software image is determined prior to the client device receiving the object including the exploit. Lastly, an operating state of the client device is restored by at least reinstalling the software image on the client device so that the client device reverts to an operating state of the client device prior to activation of the exploit.

Abstract: In one embodiment, a method for detecting one or more behaviors by software under test that indicate a presence of malware is described. First, an analysis of operations conducted by the software being processed by a virtual machine is performed. The analysis includes monitoring one or more behaviors conducted by the software during processing within the virtual machine. Next, a video corresponding to at least the one or more monitored behaviors, which are conducted by the software during processing of the software within the virtual machine, is generated. Also, text information associated with each of the one or more monitored behaviors is generated, where the text information being displayed on an electronic device contemporaneously with the video corresponding to the one or more monitored behaviors.

Abstract: According to one embodiment, a computerized method comprises detecting a malicious attack on an enterprise network, where the enterprise network comprises a plurality of network devices. Upon detection of a malicious attack, information (metadata) associated with the malicious attack is gathered. Examples of the information may include at least a geographic location associated with each of the plurality of network devices. Thereafter, an interactive display of a propagation of malware associated the malicious attack is generated. The interactive display includes a plurality of display items representative of the plurality of network devices, each of the plurality of display items is selectable to provide information as to at least one of (i) an origin of the malware, (ii) an entry point of the malware into an enterprise network, or (iii) a targeted destination of the malware.

Abstract: According to one embodiment, a computerized method comprises three operations. First, an incoming object is analyzed to determine if the incoming object is suspicious by having characteristics that suggest the object is an exploit. Next, a virtual machine is dynamically configured with a software image representing a current operating state of a targeted client device. The software image represents content and structure of a storage volume for the targeted client device at a time of configuring the virtual machine. Lastly, the object is processed by the virtual machine in order to detect any anomalous behaviors that may cause the object to be classified as an exploit.

Abstract: Systems, methods and programs for updating a visualization are provided. A visualization is updated dynamically based on new or modified data or schema in at least one data store. For example, a computing device may poll a data store for changes, determine whether a change has occurred, update aggregations of the data, generate at least one new aggregation of the data, determine whether a visualization change is needed, determine the visualization change for a display of attributes, send the visualization change to a display device; and send a notification to a user indicating the visualization change. The visualization change includes at least one of position on a display, size of a graphic and type of the graphic for an attribute.

Abstract: An apparatus is described for detecting anomalous behavior by an application software under test that suggests a presence of malware. The apparatus features a hardware processor and a storage device. The storage device stores logic that, when executed by the hardware processor, conducts an analysis of operations of the software for an occurrence of one or more events, generates a video of a display output produced by the operations of the software, and generates, for display contemporaneously with the video, a textual log including information associated with the one or more events, the textual log provides information as to when each event of the one or more events occurs within an execution flow of the operations of the software.

Abstract: According to one embodiment, a method comprises conducting an analysis for anomalous behavior on application software and generating a video of a display output produced by the application software. The video is to be displayed on an electronic device contemporaneously with display of one or more events detected by the analysis being performed on the application software.