Abstract: A method for determining if a user of a computer system is a human. A processor receives an indication that a computer security program is needed and acquires at least one image depicting a first string of characters including at least a first and second set of one or more characters. A processor assigns a substitute character to be used as input for each of the second set of one or more characters. A processor presents the at least one image and an indication of the substitute character and when to use the substitute character to the user. A processor receives a second string of characters from the user. A processor determines whether the second string of characters substantially matches the first string of characters based on the substitute character assigned to each of the second set of one or more characters and determines whether the user is a human.

Abstract: Monitoring across multiple-channels, used by multiple devices, to determine which email messages being sent to a user are solicited by the user. A broad spectrum of network and telephony access records are analyzed to determine whether an email message is likely being sent as a result of legitimate services access by the user.

Abstract: A method for determining if a user of a computer system is a human. A processor receives an indication that a computer security program is needed and acquires at least one image depicting a first string of characters including at least a first and second set of one or more characters. A processor assigns a substitute character to be used as input for each of the second set of one or more characters. A processor presents the at least one image and an indication of the substitute character and when to use the substitute character to the user. A processor receives a second string of characters from the user. A processor determines whether the second string of characters substantially matches the first string of characters based on the substitute character assigned to each of the second set of one or more characters and determines whether the user is a human.

Abstract: The method includes identifying an instance of software installed. The method further includes determining a fingerprint corresponding to the instance of software installed. The method further includes determining a security risk associated with the instance of software installed. The method further includes identifying a software management policy for the instance of software based upon the fingerprint, security risk, and designated purpose of the computing device. In one embodiment, the method further includes in response to identifying the software management policy, enforcing, by one or more computer processors, the software management policy on the instance of software installed on the computing device.

Abstract: A method for monitoring client information within a shared environment. The method includes identifying a first physical location of a server computer, the server computer providing computing resources to a client within a shared environment, and collecting information associated with the client, the information including computing resources of the server computer provided to the client. The method includes creating a map showing the first physical location of the server computer and the collected information associated with the client. The method includes identifying a current physical location of the server computer and determining whether the current location is different than the first location. The method then, in response to determining the current location is different than the first location, includes updating the map with the identified current physical location of the server computer.

Abstract: In a method for estimating a severity of a current security incident reported by a customer for the customer's computer system, a processor receives from one or more administrators for a plurality of prior security incidents reported by the customer, identifications of a respective plurality of actual severities for the plurality of prior security incidents. The processor estimates, based in part on the plurality of identified actual severities of the prior security incidents, a severity of the current security incident. The processor reports the estimated severity for the current security incident.

Abstract: A computer-implemented method, computer program product, and computer system for implementing coordinated management of network security controls. The computer system determines a plurality of managed network devices affected by coordinated security policies in a network. The computer system converts the coordinated security policies to firewall rule configuration for each of the managed network devices affected. The computer system adds the firewall rule configuration to a set of firewall rules for the each of the managed network devices affected.

Abstract: A distributed cloud environment system comprising: a repository; a plurality of cloud managed nodes with a client program interface; a plurality of service management components with a service management component interface; a central trusted computing platform service in communication with the repository, the plurality of cloud managed nodes and the plurality of service management components, comprising: a first interface for communication with the client program interface in each of the plurality of cloud managed nodes through a first single touch point; and a second interface for communication with the service management component interface for the plurality of service management components through a second single touch point. The central trusted computing platform service manages interaction of the plurality of service management components with the plurality of cloud managed nodes, and the interaction of the plurality of cloud managed nodes with the repository.

Abstract: A computing device receives requests for approval of a plurality of access entitlements, which includes respective identity accounts, each associated with security intelligence information. The computing device determines risk factors for each respective identity account and associated security intelligence information, and determines a risk level for each of the plurality of access entitlements based at least in part on the risk factors. The computing device groups the plurality of access entitlements based on the risk level determined for each of the plurality of access entitlements. The computing device determines if the risk level of a group is low-risk based on the risk level of the plurality of access entitlements of the group, and in response to determining the risk level of the group is low risk, the computing device enables approval of the plurality of access entitlements of the group.

Abstract: An inventory manager optimizes the security and maintenance of a plurality of virtual machines and their workloads in a cloud environment and has: an inventory database, a workload compliance history of scanning workloads database, and a workload category database including security rules and compliance policies relating to workload category in a repository. The inventory manager identifies changes to characteristics of the workload of the plurality of virtual machines; alters the inventory database stored in the repository and maintained by the inventory manager, based on the identified changes to the characteristics of the workload of the plurality of virtual machines; and initiates security rules and compliance policies of the workload category database based on the identified changes to the characteristics of the workload of the plurality of virtual machines through a security tools program.

Abstract: Methods, systems, and products are provided for user session management for web applications. Embodiments include identifying, by a web application, a user session directive and sending, from the web application to a proxy web security component, an instruction to implement the user session directive. Typical embodiments also include receiving, by the proxy web security component, the instruction to implement the user session directive and implementing, by the proxy web security component, the user session directive.

Abstract: A computing device receives requests for approval of a plurality of access entitlements, which includes respective identity accounts, each associated with security intelligence information. The computing device determines risk factors for each respective identity account and associated security intelligence information, and determines a risk level for each of the plurality of access entitlements based at least in part on the risk factors. The computing device groups the plurality of access entitlements based on the risk level determined for each of the plurality of access entitlements. The computing device determines if the risk level of a group is low-risk based on the risk level of the plurality of access entitlements of the group, and in response to determining the risk level of the group is low risk, the computing device enables approval of the plurality of access entitlements of the group.

Abstract: A computer-implemented method, computer program product, and computer system for implementing coordinated management of network security controls. The computer system determines a plurality of managed network devices affected by coordinated security policies in a network. The computer system converts the coordinated security policies to firewall rule configuration for each of the managed network devices affected. The computer system adds the firewall rule configuration to a set of firewall rules for the each of the managed network devices affected.

Abstract: A method for monitoring client information within a shared environment. The method includes identifying a first physical location of a server computer, the server computer providing computing resources to a client within a shared environment, and collecting information associated with the client, the information including computing resources of the server computer provided to the client. The method includes creating a map showing the first physical location of the server computer and the collected information associated with the client. The method includes identifying a current physical location of the server computer and determining whether the current location is different than the first location. The method then, in response to determining the current location is different than the first location, includes updating the map with the identified current physical location of the server computer.

Abstract: Special interest subgroups are formed by a group of participants by establishing a profile for each participant. The profile defines contribution attributes dealing with contributions the profiled participant might make to a subgroup and attribution attributes dealing with benefits the profile participant might receive from participating in the subgroup. For each possible pairing of participants in the group, an overall contribution score and an overall benefit score is calculated for each participant. A mutual benefit score is calculated by combining the benefit scores for both participants in the pair. Participants are assigned to subgroups as a function of participant contribution and mutual benefit scores.

Abstract: A user provisioning system is extended to enable account reconciliation to occur in conjunction with a provisioning request. In response to a user provisioning request, a determination is made whether the user provisioning request is to be extended by including a reconciliation request. If so, the reconciliation request is piggy-backed on top of the provisioning request. This approach enables the reconciliation operation to be scoped to just the particular user account that is the subject to the provisioning operation, and it enables reconciliation to be carried out much more frequently as compared to the periodic, batch-oriented approach of prior techniques.

Abstract: Mechanisms for correlating reported problem data from a plurality of sources of information are provided. A report of a problem in a computer system is received to thereby generate a reported problem in a problem management system. Data is collected from a plurality of sources of information in accordance with data collection rules. Content classification is performed on the collected data to classify the collected data into pre-determined classes of collected data in accordance with classification rules. Correlation of the classified data into sets of correlated data in accordance with correlation rules is performed. Each set of correlated data corresponds to a different reported problem in the problem management system. A representation of the reported problem in the problem management system is updated based on a set of correlated data corresponding to the reported problem and classifications of data within the set of correlated data.

Abstract: A method, system and computer-usable medium are disclosed for validating user credentials submitted to a data source by an untrusted intermediary. An untrusted intermediary attempts to access a data source on behalf of a user. The untrusted intermediary challenges the user to provide credentials of the type and format required to access the data provided by the data source. The user's trust client connects to an authentication service and identification credentials of the required type and format are generated. The identification credentials are conveyed to the user's trust client, which then provides them to the user's client, which in turn conveys them to the untrusted intermediary. The untrusted intermediary then presents the identification credentials to an authentication plug-in of the data source. The authentication plug-in validates the authenticity of the provided credentials with their associated authentication service.

Abstract: An identity management (“IdM”) system can change the credentials at certain intervals. If credentials change, there is no way for an application that uses the credentials to know that the credentials have changed because the application dependency relationships are unknown. When service account credentials change, credentials are typically manually updated for each dependent application. Some embodiments of the inventive subject matter allow IdM systems to track application dependencies for service accounts. The IdM systems can detect when service account credentials change and automatically notify dependent applications of the new service account credentials.

Abstract: Mechanisms for correlating reported problem data from a plurality of sources of information are provided. A report of a problem in a computer system is received to thereby generate a reported problem in a problem management system. Data is collected from a plurality of sources of information in accordance with data collection rules. Content classification is performed on the collected data to classify the collected data into pre-determined classes of collected data in accordance with classification rules. Correlation of the classified data into sets of correlated data in accordance with correlation rules is performed. Each set of correlated data corresponds to a different reported problem in the problem management system. A representation of the reported problem in the problem management system is updated based on a set of correlated data corresponding to the reported problem and classifications of data within the set of correlated data.