Abstract: A system includes a network gateway in communication with a plurality of servers, a household behavior model processor which models a household behavior model based at least on expected usage of each of a plurality of network appliances, wherein each one appliance of the plurality of network appliances is associated with one of the plurality of servers, and behavior of users associated with the network gateway, an anomaly detector which determines, on the basis of the household behavior model, if an anomalous control message which has been sent to one of the plurality of network appliances from one of the servers has been received at the network gateway, and a notification server which sends a notification to an application on an administrator's device upon receipt of the anomalous control message at the network gateway. Related systems, apparatus, and methods are also described.

Abstract: Various systems and methods for determining whether to allow or continue to allow access to a protected data asset are disclosed herein. For example, one method involves receiving a request to access a protected data asset, wherein the request is received from a first user device; determining whether to grant access to the protected data asset, wherein the determining comprises evaluating one or more criteria associated with the first user device, and the criteria comprises first information associated with a first policy constraint; and in response to a determination that access to the protected data asset is to be granted, granting access to the protected data asset.

Abstract: In one embodiment, a method for protecting a file is implemented on a computing device and includes: intercepting a file-access request from an application-process for the file; searching a whitelist for a whitelist entry associated with the application-process and a file-type for the file, where the whitelist entry indicates that the application-process is allowed to access files of the file-type, and upon determining according to the searching that the application-process is allowed to perform the file-access request, allowing the application-process to access the file according to the file-access request.

Abstract: In one embodiment, a system includes a central processing unit (CPU) to identify a ransomware process which encrypted a plurality of files yielding a plurality of encrypted files, in response to identifying the ransomware process, dump a memory space and a state of the CPU yielding a memory dump, and search the memory dump for a plurality of candidate encryption keys, and a decryption engine to attempt to decrypt at least one encrypted file of the plurality of encrypted files with different candidate encryption keys of the plurality of candidate encryption keys until the at least one encrypted file is successfully decrypted with one candidate encryption key of the different candidate encryption keys, and decrypt the plurality of encrypted files using the one candidate encryption key. Related apparatus and methods are also described.

Abstract: A system includes a network gateway in communication with a plurality of servers, a household behavior model processor which models a household behavior model based at least on expected usage of each of a plurality of network appliances, wherein each one appliance of the plurality of network appliances is associated with one of the plurality of servers, and behavior of users associated with the network gateway, an anomaly detector which determines, on the basis of the household behavior model, if an anomalous control message which has been sent to one of the plurality of network appliances from one of the servers has been received at the network gateway, and a notification server which sends a notification to an application on an administrator's device upon receipt of the anomalous control message at the network gateway. Related systems, apparatus, and methods are also described.

Abstract: In one embodiment, a system is described, the system including a network gateway in communication with a plurality of original equipment manufacturer (OEM) servers, a household behavior model processor which models a household behavior model based at least on expected usage of each of a plurality of OEM network appliances, wherein each one appliance of the plurality of OEM network appliances is associated with one of the plurality of OEM servers, and behavior of users associated with the network gateway, an anomaly detector which determines, on the basis of the household behavior model, if an anomalous control message which has been sent to one of the plurality of OEM network appliances from one of the OEM servers has been received at the network gateway, and a notification server which sends a notification to an application on an administrator's device upon receipt of the anomalous control message at the network gateway. Related systems, apparatus, and methods are also described.

Abstract: In one embodiment, a method for protecting a file is implemented on a computing device and includes: intercepting a file-access request from an application-process for the file; searching a whitelist for a whitelist entry associated with the application-process and a file-type for the file, where the whitelist entry indicates that the application-process is allowed to access files of the file-type, and upon determining according to the searching that the application-process is allowed to perform the file-access request, allowing the application-process to access the file according to the file-access request.

Abstract: In one embodiment, a system includes a central processing unit (CPU) to identify a ransomware process which encrypted a plurality of files yielding a plurality of encrypted files, in response to identifying the ransomware process, dump a memory space and a state of the CPU yielding a memory dump, and search the memory dump for a plurality of candidate encryption keys, and a decryption engine to attempt to decrypt at least one encrypted file of the plurality of encrypted files with different candidate encryption keys of the plurality of candidate encryption keys until the at least one encrypted file is successfully decrypted with one candidate encryption key of the different candidate encryption keys, and decrypt the plurality of encrypted files using the one candidate encryption key. Related apparatus and methods are also described.

Abstract: In one embodiment, a system is described, the system including a network gateway in communication with a plurality of original equipment manufacturer (OEM) servers, a household behavior model processor which models a household behavior model based at least on expected usage of each of a plurality of OEM network appliances, wherein each one appliance of the plurality of OEM network appliances is associated with one of the plurality of OEM servers, and behavior of users associated with the network gateway, an anomaly detector which determines, on the basis of the household behavior model, if an anomalous control message which has been sent to one of the plurality of OEM network appliances from one of the OEM servers has been received at the network gateway, and a notification server which sends a notification to an application on an administrator's device upon receipt of the anomalous control message at the network gateway. Related systems, apparatus, and methods are also described.

Abstract: Various systems and methods for determining whether to allow or continue to allow access to a protected data asset are disclosed herein. For example, one method involves receiving a request to access a protected data asset, wherein the request is received from a first user device; determining whether to grant access to the protected data asset, wherein the determining comprises evaluating one or more criteria associated with the first user device, and the criteria comprises first information associated with a first policy constraint; and in response to a determination that access to the protected data asset is to be granted, granting access to the protected data asset.

Abstract: Systems, methods, and computer readable media for collecting run-time error information for an executing script through the use of a double code-injection technique are described. A first native code injection into a user's client-side application (e.g., a browser application) is made. The second injection is thereafter made by the user's client-side application itself (when the first injected program code is executed) into the application's associated scripting engine and only when a script error has been detected. The second injected program code or scripts collect detailed run-time script error information within the context of the application's scripting engine. The second injected program code can then return the collected error information to the user application's context where it may be provided to a debug tool or recorded for later review (by the first injected program code).

Abstract: Systems, methods, and computer readable media for collecting run-time error information for an executing script through the use of a double code-injection technique are described. A first native code injection into a user's client-side application (e.g., a browser application) is made. The second injection is thereafter made by the user's client-side application itself (when the first injected program code is executed) into the application's associated scripting engine and only when a script error has been detected. The second injected program code or scripts collect detailed run-time script error information within the context of the application's scripting engine. The second injected program code can then return the collected error information to the user application's context where it may be provided to a debug tool or recorded for later review (by the first injected program code).

Abstract: A tracing system that provides automated tuning of execution tracing by adjusting the collection of trace data is described. In one embodiment, the user sets an initial tracing profile for a tracing program. In addition, the user sets an upper limit for the tracing performance penalty. The auto-tuning system monitors the performance penalty induced by tracing and, when the performance impact is excessive, removes trace points that are causing the most impact on performance. Auto tuning is especially useful for performing software recording in mission-critical and/or time-critical applications, such as servers, real-time applications, etc. The system typically adjusts relatively quickly such that most users do not feel the influence of the tracer.