Abstract: Described is a system for cloud-based processing of backup data for storage onto various types of object storage systems. A specialized cloud-based component (e.g. proxy server) may act as an intermediary when backing up data from a client system to an object storage. For example, the cloud-based component may be provided as part of backup service that operates in conjunction with a client system. Accordingly, the system may allow different clients of a backup service to efficiently and seamlessly interact with the different third-party object storage providers via a single cloud-based component. To provide such object-storage-agnostic functionality, the cloud-based component may include a function library that includes object-storage-specific functions. For example, the cloud-based component may invoke a specific set of operations that interact with a storage API provided by a particular object storage provider.

Abstract: A method and system for providing profile-based data and visualization access through a semantic domain layer is disclosed. In some embodiments, the method includes receiving a user request to access data. The method further includes determining a user profile from a plurality of user profiles associated with the user. The method further includes extracting a first access level from a first set of access levels associated with the user profile. The method further includes mapping the user profile with a domain object from a plurality of domain objects, based on a second access level from the first set of access levels associated with the domain object. The method further includes selectively rendering at least a portion of the data requested in the user request to the user, in response to mapping the user profile with the domain object.

Abstract: A method and system for providing profile-based data and visualization access through a semantic domain layer is disclosed. In some embodiments, the method includes receiving a user request to access data. The method further includes determining a user profile from a plurality of user profiles associated with the user. The method further includes extracting a first access level from a first set of access levels associated with the user profile. The method further includes mapping the user profile with a domain object from a plurality of domain objects, based on a second access level from the first set of access levels associated with the domain object. The method further includes selectively rendering at least a portion of the data requested in the user request to the user, in response to mapping the user profile with the domain object.

Abstract: An aspect of the present disclosure protects users from malicious attacks propagated via emails. In one embodiment, a reputation server identifies a (first) set of recipients of an email who have opened the email, and then computes a reputation score for the email based on hygiene scores of the set of recipients. The hygiene score of a recipient is a measure of the infections caused due to the recipient's interactions with prior email communications, while the computed reputation score indicates a probability of malicious attacks being propagated via the email The reputation server then provides the reputation score for the email to another (second) set of recipients of the email. When the email contains a link or an attachment, the reputation server identifies the (first) set of recipients who have opened the email and accessed the link or the attachment contained in the email.

Abstract: The disclosed computer-implemented method for establishing a reputation for related program files may include (1) identifying a set of related program files, where each program file includes one or more common metadata field values and the values of the metadata fields are set by a program development tool, (2) identifying one or more of the set of related program files as malicious, (3) determining that a proportion of malicious files in the set of related program files is above a threshold, and (4) in response to determining that the proportion of malicious files is above the threshold, associating a negative reputation with the metadata field values. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for classifying and labeling data are disclosed. In one embodiment, the techniques may be realized as a system for classifying and labeling data comprising one or more processors. The one or more processors may be configured to distribute training data across a plurality of hosts. Each of the hosts may be assigned a random subset of the training data, and configured to cluster its own subset independently. The one or more processors may be further configured to label each cluster of the training data. The one or more processors may be further configured to receive new data, associate the new data with a plurality of the clusters of the training data, and assign the new data a label. The label may be chosen from labels of the plurality of the clusters. And the label may have a maximum associative factor of the new data.

Abstract: The disclosed computer-implemented method for automated generation of generic signatures used to detect polymorphic malware may include (1) clustering a set of polymorphic file samples that share a set of static attributes in common with one another, (2) computing a distance of the polymorphic file samples from a centroid that represents a reference data point with respect to the set of polymorphic file samples, (3) determining that the distance of the polymorphic file samples from the centroid is below a certain threshold, and then upon determining that the distance is below the certain threshold, (4) identifying, within the set of static attributes shared in common by the polymorphic file samples, a subset of static attributes whose values are identical across all of the polymorphic file samples and (5) generating a generic file-classification signature from the subset of static attributes. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for automated generation of generic signatures used to detect polymorphic malware may include (1) clustering a set of polymorphic file samples that share a set of static attributes in common with one another, (2) computing a distance of the polymorphic file samples from a centroid that represents a reference data point with respect to the set of polymorphic file samples, (3) determining that the distance of the polymorphic file samples from the centroid is below a certain threshold, and then upon determining that the distance is below the certain threshold, (4) identifying, within the set of static attributes shared in common by the polymorphic file samples, a subset of static attributes whose values are identical across all of the polymorphic file samples and (5) generating a generic file-classification signature from the subset of static attributes. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for identifying variants of samples based on similarity analysis may include (1) collecting, from security agents on endpoint computing systems, metadata attributes that describe samples identified by the security agents over an initial period of time, (2) collecting metadata attributes that describe a current sample identified after the initial period of time, (3) comparing at least two of the metadata attributes that describe the current sample with corresponding metadata attributes of the samples identified over the initial period of time, (4) designating the current sample as related to another sample from the samples identified over the initial period of time based on the comparison of the two metadata attributes, and (5) performing a security action to protect a user from malware based on the designation of the current sample as related to the other sample. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An exemplary computer-implemented method for generating reputation ratings for URLs may include (1) identifying a URL that identifies the location of at least one web resource, (2) identifying the computing health of at least one member of a computing community that has accessed the URL, (3) generating, based at least in part on the computing health of the member(s) that accessed the URL, a reputation rating for the URL that indicates whether the URL represents a potential security risk, and then (4) providing the reputation rating for the URL to at least one additional computing device to enable the additional computing device to evaluate whether the URL represents a potential security risk. In addition, a client-side, computer-implemented method for determining whether a URL represents a potential security risk may be based at least in part on such a reputation rating. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An exemplary computer-implemented method for generating reputation ratings for URLs may include (1) identifying a URL that identifies the location of at least one web resource, (2) identifying the computing health of at least one member of a computing community that has accessed the URL, (3) generating, based at least in part on the computing health of the member(s) that accessed the URL, a reputation rating for the URL that indicates whether the URL represents a potential security risk, and then (4) providing the reputation rating for the URL to at least one additional computing device to enable the additional computing device to evaluate whether the URL represents a potential security risk. In addition, a client-side, computer-implemented method for determining whether a URL represents a potential security risk may be based at least in part on such a reputation rating. Various other methods, systems, and computer-readable media are also disclosed.