Abstract: Techniques are disclosed for facilitating analysis of cloud activity. A cloud activity analysis agent may run within a virtual machine in a cloud computing environment to collecting information regarding computing activity within the virtual machine. The cloud activity analysis agent may include, in network flow data records, cloud activity data based on the collected information. The cloud activity analysis agent may then transmit the network flow data records to a network device for flow analysis. In some embodiments, the network flow data records are transmitted to a network flow analyzer that is configured to receive the cloud activity data and is further configured to receive network flow data from one or more flow collectors within a network of the entity. The network flow analyzer may then perform a security analysis for the entity based on the network flow data and the cloud activity data.

Abstract: Techniques are disclosed for supplementing network flow analysis with data collected from endpoint computer systems in a network. An endpoint analysis agent may run on endpoints to collect information relating to computing activity internal to the endpoint, including system configuration information, event information, and network, user, process, and file activity. This information may be reported to a network flow analyzer using an extensible flow data record format. The flow analyzer may then correlate this information with network flow data records received from flow collectors in the network to perform a security analysis. In various embodiments, the endpoint analysis agent may cache the collected information when the endpoint is offline. The agent may also perform data reduction operations (such as compression) on the collected information before reporting; data may be further reduced by reporting data only during specified time periods. An analysis agent may also be deployed in a cloud environment.

Abstract: Techniques are disclosed relating to monitoring computer system activity. In some embodiments, a computing device receives information from observation instrumentation that monitors a plurality of observation points in a computer system. The information includes information identifying activities occurring in the computer system and observed by the observation instrumentation. The computing device determines, from the received information, a risk profile associated with the computer system and, based on the risk profile, adjusts how the observation instrumentation monitors the plurality of observation points. In some embodiments, the received information includes information about one or more user activity risk factors, system risk factors, application risk factors, contact risk factors and/or enterprise risk factors. In some embodiments, based on the risk profile, the computing device causes a control action to be taken with respect to one or more components in the computer system.

Abstract: Techniques are disclosed for facilitating analysis of cloud activity. A cloud activity analysis agent may run within a virtual machine in a cloud computing environment to collecting information regarding computing activity within the virtual machine. The cloud activity analysis agent may include, in network flow data records, cloud activity data based on the collected information. The cloud activity analysis agent may then transmit the network flow data records to a network device for flow analysis. In some embodiments, the network flow data records are transmitted to a network flow analyzer that is configured to receive the cloud activity data and is further configured to receive network flow data from one or more flow collectors within a network of the entity. The network flow analyzer may then perform a security analysis for the entity based on the network flow data and the cloud activity data.

Abstract: Techniques are disclosed for supplementing network flow analysis with data collected from endpoint computer systems in a network. An endpoint analysis agent may run on endpoints to collect information relating to computing activity internal to the endpoint, including system configuration information, event information, and network, user, process, and file activity. This information may be reported to a network flow analyzer using an extensible flow data record format. The flow analyzer may then correlate this information with network flow data records received from flow collectors in the network to perform a security analysis. In various embodiments, the endpoint analysis agent may cache the collected information when the endpoint is offline. The agent may also perform data reduction operations (such as compression) on the collected information before reporting; data may be further reduced by reporting data only during specified time periods. An analysis agent may also be deployed in a cloud environment.

Abstract: A central information processing system and method that issues receipts or tickets that can be securely validated at points of redemption. The method and system couple a client system with a server system and also couple at least one Radio Frequency IDentification (RFID) reader to the client system. The method and system read at least one identifier from a sheet with a RFID tag embedded therein with the RFID reader. The method and system also send the at least one identifier from the client system to the server system and receive from the server system at least one receipt image for printing on the paper with the RFID tag embedded therein. The method and system also print, at the client system, a receipt containing ticket information received from the server system.