Abstract: Sanitizing passwords used in a shared, privileged account includes providing a password of a shared account to a user; identifying a first machine logged into using the password; determining when the first machine enters an inconsistent state; and modifying a memory area associated with the first machine to eliminate occurrences of the password in the memory area.

Abstract: A method for providing seamless access to a first account using authentication information associated with a second account includes receiving a first account identifier corresponding to the first account, the first account being a shared account on a computer system. The method also includes receiving submitted authentication information associated with the second account. The method also includes comparing the submitted authentication information with stored authentication information that is associated with a plurality of authorized accounts. The plurality of authorized accounts is associated with clients authorized to access the first account. The method also includes determining whether the second account is an authorized account based on comparing the submitted authentication information with the stored authentication information. The method also includes providing seamless access to the first account in response to determining that the second account is an authorized account.

Abstract: A computer system includes a security coordinator configured to be communicatively coupled to a plurality of managed machines deployed in a same computing environment and managed by an environment manager. The security coordinator is configured to detect a security condition with respect to a first one of the managed machines, and to automatically initiate modification of a second one of the managed machines in the same computing environment responsive to detection of the security condition. The security coordinator is configured to initiate the modification of the second one of the managed machines prior to occurrence of a security condition therein and prior to action by the environment manager with respect to the second one of the managed machines in response to the detected security condition.

Abstract: A virtual machine console is recorded. A method for monitoring a virtual machine may comprise monitoring a virtualization environment, detecting a new virtual machine and associated console, creating an additional instantiation of the console by generating a reflection of the console on a video capture device and recording a real time video of an image of the additional instantiation of the console on the video capture device. Prior to recording, the image may be analyzed to determine a change and the recording of the image can be triggered based upon the analysis.

Abstract: In one embodiment, a system includes a non-transitory computer readable medium comprising one or more rules associated with access to a first server. The system further includes a processor configured to receive, a first request from a client to access a first server, the first request comprising first access information associated with a user of the client. The processor is further configured to determine, based on the one or more rules and the first access information, that the client may access the first server and retrieve second access information associated with the first server in response to determining that the client may access the first server. The processor is also configured to receive data from the first server using the retrieved second access information and the first request and send the data from the first server to the client using the one or more rules.

Abstract: Sanitizing passwords used in a shared, privileged account includes providing a password of a shared account to a user; identifying a first machine logged into using the password; determining when the first machine enters an inconsistent state; and modifying a memory area associated with the first machine to eliminate occurrences of the password in the memory area.

Abstract: Sanitizing passwords used in a shared, privileged account includes providing a password of a shared account to a user; identifying a first machine logged into using the password; determining when the first machine enters an inconsistent state; and modifying a memory area associated with the first machine to eliminate occurrences of the password in the memory area.

Abstract: A network server verifies a requesting user's permission to use a password to access a shared account hosted on a network server. The requesting user may be the person to whom the password was assigned, or in some cases, permission to use the password may have been granted to the requesting user by the person to whom the password is assigned. Provided the requesting user has permission to use the password, the system authenticates the requesting user for access to the shared account, and maintains accountability of the password.

Abstract: Sanitizing passwords used in a shared, privileged account includes providing a password of a shared account to a user; identifying a first machine logged into using the password; determining when the first machine enters an inconsistent state; and modifying a memory area associated with the first machine to eliminate occurrences of the password in the memory area.

Abstract: Secure deletion of a storage device includes monitoring the storage device, determining whether a predetermined condition occurs, and accessing the storage device when it is determined that the predetermined condition occurs. Further, deleted information to be securely wiped is identified in accordance with a predetermined unified policy for a virtual environment comprising the storage device. Alternatively, information being deleted is intercepted when it is determined that the information being deleted satisfies a predetermined condition. The identified or intercepted deleted information is securely wiped from the storage device by filling a portion of the storage device associated with the deleted information with zero bytes before the deleted information is marked as deleted. The secured wiping of deleted information may occur in accordance with a predetermined enterprise-wide policy.

Abstract: In an example computer-implemented method, a password management (PM) server receives an access request message from a login computer at which a resource requiring vaulted credentials has been requested. The access request message identifies the requested resource and the login computer. A session identifier (ID) is generated that is linked to the login computer and to the requested resource, and is transmitted to the login computer. The PM server receives, from a mobile computing device, a user ID and a value indicative of the session ID. If the user ID is not authorized to access the requested resource, the PM server transmits the vaulted credentials to the login computer or the mobile computing device only if an approval message indicative of a confirmation code is received from a manager computing device authorizing release of the vaulted credentials for the user ID.

Abstract: A method includes receiving at a similarity arbitrator information about a security policy of a candidate virtual machine that is proposed to be included in a cluster of virtual machines, comparing the security policy of the candidate virtual machine to the security policies of a plurality of virtual machines in the cluster, and in response to the comparison, recommending that a virtualization environment manager exclude the candidate virtual machine from the cluster or include the candidate virtual machine in the cluster. Related systems and computer program products are also disclosed.

Abstract: A method of operating a virtual computing system includes receiving at a security controller security data corresponding to a candidate virtual machine that is proposed to be included in a virtualization environment managed by a virtualization environment manager, comparing the security data of the candidate virtual machine to security data of other virtual machines in the virtualization environment, and in response to the comparison, recommending that the virtualization environment manager exclude the candidate virtual machine from the virtualization environment. Related systems and computer program products are disclosed.

Abstract: Access to virtual machine inputs and outputs are controlled. Controlling access to virtual machine inputs and outputs may comprise locking inputs and outputs of a virtual machine from within the virtual machine, other than a predefined limited access input, detecting a request to unlock the inputs and outputs of the virtual machine; determining if a requester is authorized to unlock the inputs and outputs of the virtual machine and unlocking, temporarily, the inputs and outputs of the virtual machine if the requester is authorized. The predefined limited access input is configured to receive an input device with a private secret for unlocking the inputs and outputs of the virtual machine. The inputs and outputs are unlocked when an input device having a shared password is attached.

Abstract: According to an example computer-implemented method, a password management server receives an access request message from a login computer at which a resource requiring vaulted credentials has been requested. The access request message identifies the requested resource and the login computer. A session identifier (ID) is generated for enabling release of the vaulted credentials. The session ID is linked to the login computer and to the requested resource. The session ID is transmitted to the login computer. Responsive to receiving a value indicative of the session ID from a mobile computing device, the password management server transmits the vaulted credentials to the login computer or to the mobile computing device.

Abstract: According to an example computer-implemented method, a password management server receives an access request message from a login computer at which a resource requiring vaulted credentials has been requested. The access request message identifies the requested resource and the login computer. A session identifier (ID) is generated for enabling release of the vaulted credentials. The session ID is linked to the login computer and to the requested resource. The session ID is transmitted to the login computer. Responsive to receiving a value indicative of the session ID from a mobile computing device, the password management server transmits the vaulted credentials to the login computer or to the mobile computing device.

Abstract: Secure deletion of a storage device includes monitoring the storage device, determining whether a predetermined condition occurs, and accessing the storage device when it is determined that the predetermined condition occurs. Further, deleted information to be securely wiped is identified in accordance with a predetermined unified policy for a virtual environment comprising the storage device. Alternatively, information being deleted is intercepted when it is determined that the information being deleted satisfies a predetermined condition. The identified or intercepted deleted information is securely wiped from the storage device by filling a portion of the storage device associated with the deleted information with zero bytes before the deleted information is marked as deleted. The secured wiping of deleted information may occur in accordance with a predetermined enterprise-wide policy.

Abstract: A method includes receiving at a similarity arbitrator information about a security policy of a candidate virtual machine that is proposed to be included in a cluster of virtual machines, comparing the security policy of the candidate virtual machine to the security policies of a plurality of virtual machines in the cluster, and in response to the comparison, recommending that a virtualization environment manager exclude the candidate virtual machine from the cluster or include the candidate virtual machine in the cluster. Related systems and computer program products are also disclosed.

Abstract: A computer system includes a security coordinator configured to be communicatively coupled to a plurality of managed machines deployed in a same computing environment and managed by an environment manager. The security coordinator is configured to detect a security condition with respect to a first one of the managed machines, and to automatically initiate modification of a second one of the managed machines in the same computing environment responsive to detection of the security condition. The security coordinator is configured to initiate the modification of the second one of the managed machines prior to occurrence of a security condition therein and prior to action by the environment manager with respect to the second one of the managed machines in response to the detected security condition.

Abstract: A method of operating a virtual computing system includes receiving at a security controller security data corresponding to a candidate virtual machine that is proposed to be included in a virtualization environment managed by a virtualization environment manager, comparing the security data of the candidate virtual machine to security data of other virtual machines in the virtualization environment, and in response to the comparison, recommending that the virtualization environment manager exclude the candidate virtual machine from the virtualization environment. Related systems and computer program products are disclosed.