Abstract: An identity and access management IAM system is augmented to provide for supervised, iterative machine learning (ML), preferably with a user-generated training set for classification. The training set may include various types of data, including characteristics or attributes of the account types, the users, or the like. A goal of the initial ML training, which may include one or multiple passes, is to enable the machine to identify specific characteristics or attributes that provide a good classification result, with the resulting classifications then applied within the IAM system. In particular, the output of the ML system may be used by the IAM system for enforcing rights associated with the identified accounts, managing accounts, and so forth.

Abstract: An identity and access management (IAM) system is associated with a set of data sources from which data is collected. A set of vulnerabilities that the IAM system should attempt to detect is identified. For each vulnerability to be detected, a prioritized list of strategies used to detect that vulnerability is generated. Preferably, each strategy specifies the type(s) of data required to detect that vulnerability. An algorithm to determine a best strategy to be used for detecting each vulnerability, preferably based on the data available from the data sources, is then identified. The IAM system then collects data in an optimized manner. In particular, during the collection process, the IAM system preferably collects only what is necessary based on the configuration, even if the data source is capable of providing additional data. The collected data is then processed to detect security vulnerabilities associated with the IAM accounts.

Abstract: An identity and access management (IAM) system is associated with a set of data sources from which data is collected. A set of vulnerabilities that the IAM system should attempt to detect is identified. For each vulnerability to be detected, a prioritized list of strategies used to detect that vulnerability is generated. Preferably, each strategy specifies the type(s) of data required to detect that vulnerability. An algorithm to determine a best strategy to be used for detecting each vulnerability, preferably based on the data available from the data sources, is then identified. The IAM system then collects data in an optimized manner. In particular, during the collection process, the IAM system preferably collects only what is necessary based on the configuration, even if the data source is capable of providing additional data. The collected data is then processed to detect security vulnerabilities associated with the IAM accounts.

Abstract: An identity and access management IAM system is augmented to provide for supervised, iterative machine learning (ML), preferably with a user-generated training set for classification. The training set may include various types of data, including characteristics or attributes of the account types, the users, or the like. A goal of the initial ML training, which may include one or multiple passes, is to enable the machine to identify specific characteristics or attributes that provide a good classification result, with the resulting classifications then applied within the IAM system. In particular, the output of the ML system may be used by the IAM system for enforcing rights associated with the identified accounts, managing accounts, and so forth.

Abstract: An identity and access management (IAM) system is associated with a set of data sources from which data is collected. A set of vulnerabilities that the IAM system should attempt to detect is identified. For each vulnerability to be detected, a prioritized list of strategies used to detect that vulnerability is generated. Preferably, each strategy specifies the type(s) of data required to detect that vulnerability. An algorithm to determine a best strategy to be used for detecting each vulnerability, preferably based on the data available from the data sources, is then identified. The IAM system then collects data in an optimized manner. In particular, during the collection process, the IAM system preferably collects only what is necessary based on the configuration, even if the data source is capable of providing additional data. The collected data is then processed to detect security vulnerabilities associated with the IAM accounts.

Abstract: An identity management system is augmented to enable a manager to associate “risk” metadata with different types of access requests representing computer system accounts that can be requested by authorized users. When an authorized user then requests access to a particular account, any “risk” associated with that access is shown to the user, typically in the form of a visual “badge” or other such indicator. The badge includes an appropriate informational display (e.g., “High Risk” or “Regulated”) that provides an appropriate risk warning. The risk metadata badge information preferably also is displayed for risk-based access request approval routing; in such context, the risk metadata may also determine the risk approval workflow itself. Thus, for example, if the risk metadata is present when the authorized user requests access, an approval workflow may be modified so that the request approval is routed appropriately.

Abstract: An identity management system is augmented to enable a manager to associate “risk” metadata with different types of access requests representing computer system accounts that can be requested by authorized users. When an authorized user then requests access to a particular account, any “risk” associated with that access is shown to the user, typically in the form of a visual “badge” or other such indicator. The badge includes an appropriate informational display (e.g., “High Risk” or “Regulated”) that provides an appropriate risk warning. The risk metadata badge information preferably also is displayed for risk-based access request approval routing; in such context, the risk metadata may also determine the risk approval workflow itself. Thus, for example, if the risk metadata is present when the authorized user requests access, an approval workflow may be modified so that the request approval is routed appropriately.

Abstract: A server and method allocates access to a digital video movie to clients for viewing upon demand. The server receives requests to view the movie and in response, compares a number of requests to concurrently view the movie to a threshold. If the number is less than the threshold, the server allocates access for a current request to an existing copy of the movie stored on one or more disks, using bandwidth previously reserved from the one or more disks for the movie. However, if the number exceeds the threshold, the server automatically reserves additional bandwidth for future viewers if available from the one or more disks for the movie. But, if the number exceeds the threshold but such additional bandwidth is not available, the server makes another copy of the movie on another disk provided the copy can be made before the most advanced viewer completes its viewing.