Abstract: Described embodiments provide systems and methods for intelligent load balancing of hosted sessions. A processor can determine a plurality of metrics for each of a plurality of machines configured to connect client devices with hosted sessions. The processor can receive, from a client device, a request to establish a connection with one of the plurality of machines to access a hosted session. The processor can determine a score for each of the plurality of machines based at least on the plurality of metrics for each of the plurality of machines. The processor can select a machine from the plurality of machines as a function of the score and a resource cost of the machine. The processor can cause the client device to connect to the selected machine for the hosted session.

Abstract: A method and system for providing profile-based data and visualization access through a semantic domain layer is disclosed. In some embodiments, the method includes receiving a user request to access data. The method further includes determining a user profile from a plurality of user profiles associated with the user. The method further includes extracting a first access level from a first set of access levels associated with the user profile. The method further includes mapping the user profile with a domain object from a plurality of domain objects, based on a second access level from the first set of access levels associated with the domain object. The method further includes selectively rendering at least a portion of the data requested in the user request to the user, in response to mapping the user profile with the domain object.

Abstract: An aspect of the present disclosure protects users from malicious attacks propagated via emails. In one embodiment, a reputation server identifies a (first) set of recipients of an email who have opened the email, and then computes a reputation score for the email based on hygiene scores of the set of recipients. The hygiene score of a recipient is a measure of the infections caused due to the recipient's interactions with prior email communications, while the computed reputation score indicates a probability of malicious attacks being propagated via the email The reputation server then provides the reputation score for the email to another (second) set of recipients of the email. When the email contains a link or an attachment, the reputation server identifies the (first) set of recipients who have opened the email and accessed the link or the attachment contained in the email.

Abstract: The disclosed computer-implemented method for establishing a reputation for related program files may include (1) identifying a set of related program files, where each program file includes one or more common metadata field values and the values of the metadata fields are set by a program development tool, (2) identifying one or more of the set of related program files as malicious, (3) determining that a proportion of malicious files in the set of related program files is above a threshold, and (4) in response to determining that the proportion of malicious files is above the threshold, associating a negative reputation with the metadata field values. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for classifying and labeling data are disclosed. In one embodiment, the techniques may be realized as a system for classifying and labeling data comprising one or more processors. The one or more processors may be configured to distribute training data across a plurality of hosts. Each of the hosts may be assigned a random subset of the training data, and configured to cluster its own subset independently. The one or more processors may be further configured to label each cluster of the training data. The one or more processors may be further configured to receive new data, associate the new data with a plurality of the clusters of the training data, and assign the new data a label. The label may be chosen from labels of the plurality of the clusters. And the label may have a maximum associative factor of the new data.

Abstract: The disclosed computer-implemented method for automated generation of generic signatures used to detect polymorphic malware may include (1) clustering a set of polymorphic file samples that share a set of static attributes in common with one another, (2) computing a distance of the polymorphic file samples from a centroid that represents a reference data point with respect to the set of polymorphic file samples, (3) determining that the distance of the polymorphic file samples from the centroid is below a certain threshold, and then upon determining that the distance is below the certain threshold, (4) identifying, within the set of static attributes shared in common by the polymorphic file samples, a subset of static attributes whose values are identical across all of the polymorphic file samples and (5) generating a generic file-classification signature from the subset of static attributes. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for automated generation of generic signatures used to detect polymorphic malware may include (1) clustering a set of polymorphic file samples that share a set of static attributes in common with one another, (2) computing a distance of the polymorphic file samples from a centroid that represents a reference data point with respect to the set of polymorphic file samples, (3) determining that the distance of the polymorphic file samples from the centroid is below a certain threshold, and then upon determining that the distance is below the certain threshold, (4) identifying, within the set of static attributes shared in common by the polymorphic file samples, a subset of static attributes whose values are identical across all of the polymorphic file samples and (5) generating a generic file-classification signature from the subset of static attributes. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for identifying variants of samples based on similarity analysis may include (1) collecting, from security agents on endpoint computing systems, metadata attributes that describe samples identified by the security agents over an initial period of time, (2) collecting metadata attributes that describe a current sample identified after the initial period of time, (3) comparing at least two of the metadata attributes that describe the current sample with corresponding metadata attributes of the samples identified over the initial period of time, (4) designating the current sample as related to another sample from the samples identified over the initial period of time based on the comparison of the two metadata attributes, and (5) performing a security action to protect a user from malware based on the designation of the current sample as related to the other sample. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An exemplary computer-implemented method for generating reputation ratings for URLs may include (1) identifying a URL that identifies the location of at least one web resource, (2) identifying the computing health of at least one member of a computing community that has accessed the URL, (3) generating, based at least in part on the computing health of the member(s) that accessed the URL, a reputation rating for the URL that indicates whether the URL represents a potential security risk, and then (4) providing the reputation rating for the URL to at least one additional computing device to enable the additional computing device to evaluate whether the URL represents a potential security risk. In addition, a client-side, computer-implemented method for determining whether a URL represents a potential security risk may be based at least in part on such a reputation rating. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An exemplary computer-implemented method for generating reputation ratings for URLs may include (1) identifying a URL that identifies the location of at least one web resource, (2) identifying the computing health of at least one member of a computing community that has accessed the URL, (3) generating, based at least in part on the computing health of the member(s) that accessed the URL, a reputation rating for the URL that indicates whether the URL represents a potential security risk, and then (4) providing the reputation rating for the URL to at least one additional computing device to enable the additional computing device to evaluate whether the URL represents a potential security risk. In addition, a client-side, computer-implemented method for determining whether a URL represents a potential security risk may be based at least in part on such a reputation rating. Various other methods, systems, and computer-readable media are also disclosed.