Abstract: Apparatus, systems, and methods may operate to receive multiple security event data streams from a plurality of hardware processing nodes, the multiple security event data streams comprising multiple security events. Additional operations may include extracting multiple security events from multiple security event data streams, and classifying the extracted multiple security events to form domain-specific, categorized data streams. A hierarchy of statistical data streams may then be generated from the domain-specific, categorized data streams. Additional apparatus, systems, and methods are disclosed.

Abstract: Apparatus, systems, and methods may operate to include transforming subsequent unmarked contexts into additional tainted contexts in response to identifying a tainted event as a link between a prior tainted context and the subsequent unmarked contexts. Further operations may include publishing an event horizon to a display. The event horizon may include the tainted event and all other events associated with a linked chain of contexts that include the prior tainted context and the additional tainted contexts, where the tainted event and the other events share the taint in common. In this way, a taint associated with malicious behavior can be propagated and tracked as it moves between contexts. Additional apparatus, systems, and methods are disclosed.

Abstract: Apparatus, systems, and methods may operate to generate a reference statistical model of an operating system, such as a computer system, and display the reference statistical model as a hierarchical, segmented time series event stream graph, along with a graph representing current behavior of the system. The event stream graph may be derived from one or more streams of security events. Additional operations may include receiving requests to display further detail respecting discrepancies between the reference statistical model and the current behavior. Other apparatus, systems, and methods are disclosed.

Abstract: A toner formulation is disclosed comprising a binder and an IR absorbing black pigment at a concentration of 0.25-2.0% by weight, including one or more infrared transmissive pigments, wherein the infrared transmissive pigments are configured to provide a black color. Such toner formulation may provide a response to a toner patch sensor to indicate a mass per unit area of 0.1-1.5 mg/cm2 or a reflectance relative to a substrate to define a reflectance ratio that varies relative to L* values for the toner over the range L*=0-50 or a bulk reflectivity of greater than 6.0% for a portion of the wavelength range of 850-2000 nanometers.

Abstract: A method of identifying a software vulnerability on a computer system is disclosed in which the computer system has software stored thereon and is connected to a management system over a computer network. The method comprises the steps of: applying an interrogation program to the software, the interrogation program being capable of exploiting a known software vulnerability if it is present in the software to which the interrogation program is applied; in the event that the software vulnerability is exploited by the interrogation program, operating the interrogation program to generate a set of management information from which can be derived the identification of the computer system; and sending the management information to the management system.

Abstract: A system for pluggable event correlation may include an input manager that receives a plurality of events and converts the events into a format compatible with one or more of a plurality of correlation engines. The correlation engines may then evaluate the converted events using various rules and generate correlated events when the evaluated events trigger at least one of the rules. An action manager may execute remedial actions when the correlation engines generate the correlated events. Moreover, extensibility may be provided by enabling a user to define rules to be triggered when events occur in a predetermined pattern, and actions to be executed when a predetermined rule triggers a correlated event. Further, to plug a new correlation engine into the system, adapters may be deployed to handle input and output, while the user-defined rules may be validating according to semantic requirements of the new correlation engine.

Abstract: Methods and apparatus teach defining an access policy to digital data available on one or more computing devices, including identifying one or more semantic attributes of at least one first digital data set and using the identified attributes to define policy dictating user access privileges. On receipt of a user request to access at least one second digital data set, semantic attributes are compared to the at least one first digital data set and access is allowed or not allowed based on the policy. Semantic attributes are selected from at least one of a closeness attribute, a relatedness attribute, and a semantic vector attribute. Also is taught configuring a policy enforcement agent on the one or more computing devices to undertake the comparing and to allow or not allow access. In turn, computer program products and computing systems for accomplishing the foregoing are provided.

Abstract: A computer-implemented device provides security events from publishers to subscribers. There is provided a message bus, configured to contain a plurality of security events. Also provided is a receiver unit, responsive to a plurality of publishers, to receive the plurality of security events from the publishers. There is also a queue unit, responsive to receipt of the security events, to queue the plurality of security events in the message bus. Also, there is a transport unit, responsive to the security events in the message bus, to transport the plurality of security events in the message bus to a plurality of subscribers.

Abstract: A computer-implemented device provides security events from publishers to subscribers. There is provided a message bus, configured to contain a plurality of security events. Also provided is a receiver unit, responsive to a plurality of publishers, to receive the plurality of security events from the publishers. There is also a queue unit, responsive to receipt of the security events, to queue the plurality of security events in the message bus. Also, there is a transport unit, responsive to the security events in the message bus, to transport the plurality of security events in the message bus to a plurality of subscribers.

Abstract: Described herein is a system and method for auditing governance, risk, and compliance using an event correlation architecture. In particular, the event correlation architecture may include a solution designer for defining a solution pack that enforces one or more specific governance, risk, or compliance controls, and a solution manager for deploying the solution pack within the event correlation architecture to configure the architecture for enforcement of the one or more controls. Thus, a collection of content defined in the solution pack may be used to enrich one or more events received at the event correlation architecture, and a correlation engine may then correlate the events using the content in the solution pack to enforce the one or more governance, risk, or compliance controls.

Abstract: A system for pluggable event correlation may include an input manager that receives a plurality of events and converts the events into a format compatible with one or more of a plurality of correlation engines. The correlation engines may then evaluate the converted events using various rules and generate correlated events when the evaluated events trigger at least one of the rules. An action manager may execute remedial actions when the correlation engines generate the correlated events. Moreover, extensibility may be provided by enabling a user to define rules to be triggered when events occur in a predetermined pattern, and actions to be executed when a predetermined rule triggers a correlated event. Further, to plug a new correlation engine into the system, adapters may be deployed to handle input and output, while the user-defined rules may be validating according to semantic requirements of the new correlation engine.

Abstract: A toner formulation is disclosed comprising a binder and an IR absorbing black pigment at a concentration of 0.25-2.0% by weight, including one or more infrared transmissive pigments, wherein the infrared transmissive pigments are configured to provide a black color. Such toner formulation may provide a response to a toner patch sensor to indicate a mass per unit area of 0.1-1.5 mg/cm2 or a reflectance relative to a substrate to define a reflectance ratio that varies relative to L* values for the toner over the range L*=0-50 or a bulk reflectivity of greater than 6.0% for a portion of the wavelength range of 850-2000 nanometers.

Abstract: Chemically prepared toner is manufactured by aggregation in which the binder resin is a latex copolymer having a methacrylic acid ester of long chain, saturated alkyl, which may be lauryl methacrylate. This binder resin has a small amount by weight of acrylic acid component and has other nonionic components, which may be styrene and butyl acrylate moieties. Aggregation is carried out in an aqueous medium, which may have organic solvent components. The aggregation is then heated, and because of the selection of the binder resin to have the long chain ester, the heating step has minimal effect on particle size.

Abstract: The present disclosure relates to chemically processed toner, wherein fuser release agent (wax) may be dispersed in a fluid containing a dispersant. Introduced to the wax dispersion are one or more polymerizable monomers which may be polymerized to form a latex of polymer particles. The polymer particles may then serve as a binder for the formation of toner for use in an electrophotographic printer. The polymerizable monomers may utilize acrylic esters that include relatively long chain hydrocarbon type substitution.

Abstract: A circuit for controlling at least two power switches that are series connected between a source of electrical power and an electrical load, for energizing the load in response to a signal at a control input. The circuit includes a programmed controller having an input as the control input and a voltage sensor circuit connected to sense the voltage between the power switches and apply a voltage signal to a controller input. It may also have a sensor for sensing the current through the switches and applying a current signal to the controller. The controller inputs the voltage between the switches or the current through the switches to provide a sensed first value. It compares the sensed first value to an expected first value that exists if both switches are turned off. One of the two switches is turned on if the sensed first value is equal to the expected first value.

Abstract: A method of creating a discontiguous address plan for an enterprise is provided which includes determining a hierarchy of routing optimization for an enterprise, determining a number of route advertisement aggregation points at each level of the hierarchy, determining a number of network security policy areas for the enterprise, and determining a number of addresses for each of the network security policy areas. The number of addresses is rounded up to a power of the address scheme base number to produce a plurality of rounded addresses. The method further includes allocating an address range for each of the plurality of rounded addresses so that a starting address of the address range begins on a power of the base number and determining a size of the plurality of address ranges. The size of the plurality of address ranges is rounded up to a power of the base number to produce the size of a repeating policy pattern.

Abstract: A method of creating a structured access list template, which includes dividing an access list template into a plurality of sections, creating an inbound local rule group for the bubble, creating an outbound local rule group for the bubble, creating an inbound remote rule group for the bubble, and creating an outbound remote rule group for the bubble. A method of creating an access list for each of the plurality of bubble boundary devices, which includes creating an address table that includes a plurality of addresses corresponding to devices in a bubble partition, creating a protocol table that includes a list of network services and whether each of the network services are granted or denied access to the bubble partition, creating an access list template using the address table and the protocol table, generating an access list from the access list template, and providing the access list to one of the plurality of bubble boundary devices.

Abstract: The present invention relates to the combination of a chemically processed toner with extra particulate additive in a conical mixer. The toner may include polymer resins having a glass transition temperature (Tg) wherein the mixer and/or toner may be maintained below the glass transition temperature during mixing. Prior to mixing the toner particles may also be de-agglomerated or mechanically agitated.

Abstract: The present invention relates to a method for combining extra particulate additive with toner. The method includes mixing toner and extra particulate additive in a conical mixer having temperature control. The toner may contain polymeric material having a glass transition temperature (Tg) and the mixing may be carried out wherein the temperature of the mixture is maintained at a temperature less than Tg. The above method may also be applied to a toner formulation that has first undergone a rounding operation.

Abstract: A method of identifying a software vulnerability in computer systems in a computer network includes a multiple level scanning process controlled from a management system connected to the network. The management system runs a root scanner which applies an interrogation program to remote systems having network addresses in a predefined address range. When a software vulnerability is detected, the interrogation program causes the respective remote system to scan topologically local systems, the remote system itself applying a second interrogation program to the local systems to detect and mitigate the vulnerability using an associated mitigation payload. Whilst that local scanning process is in progress, the root scanner can be applied to remote systems in other predefined address ranges.